Secure DNS
If you’ve been on the internet long enough (or just watched a TV show about hacking) you’ve probably heard of an IP address. And, if you’ve had a look around the Safe Surfer apps or website you may have seen these related acronyms pop up quite a lot: DNS, DOH, and DOT. While we make our user experience as smooth as possible so that you don’t really need to know about these things, they can be handy to know about. Or, you may just be curious.
What is an IP Address?
If all you knew about IP addresses came from TV shows or the ads for VPNs that are suddenly everywhere, you’d think that you need to hide yours at any cost. Won’t I get hacked?
An IP address is just a number that uniquely identifies where your computer is on the internet. Any site that you connect to also has one; and whenever you visit a site, your computer trades IP addresses with it. You can get to google.com by typing the IP address 216.239.38.120 into your browser directly. Equally, google.com knows your IP address when you connect to it. Just try typing “my ip” into google to get your IP address.
Your IP address can reveal some information about yourself, such as your approximate location. This only works down to the regional level, and even here isn’t very accurate.
Safe Surfer uses your IP address to know which currency to use if you sign up to a paid plan, for example, but there would be no way for us to know your address or even suburb. An IP address can also be used to deliver targeted ads. Oh, 121.99.191.81 searched for vacuum cleaners 20 minutes ago? I’m going to show them ads for those until they buy one.
Although IP addresses are commonly used this way, this doesn’t mean that communication isn’t secure. If a site is secured with https, there’s no way for an outside observer to view the traffic itself, even if they know the IP addresses involved in the communication.
How does DNS work?
If we only used IP addresses on the internet, the internet would be pretty hard to use. Imagine if you had to remember the address for each site you want to visit!
Ok, last I checked safesurfer.co.nz was 130.211.44.88. Let’s try entering that…
It would be like using your phone without the contacts app – incredibly frustrating. Luckily, there’s a system to give names to IP addresses. That system is called DNS, which stands for Domain Name System. Every time you navigate to a new site, there are actually two steps involved. Let’s say we’re going to safesurfer.co.nz:
- First, use DNS to find the IP address for safesurfer.co.nz
- Connect to the IP address and load the site.
DNS allows us to connect to sites based on their name, instead of an IP address, which is much easier to remember. DNS is usually provided by your ISP, e.g. Vodafone or Spark. However, you can switch to any provider you like, such as Safe Surfer!
Safe Surfer is a DNS provider, and it’s how we filter out the nasty side of the internet. In step 1 in the example above, we do something a little differently. Instead of always handing out the IP address of a site, we first look up what we know about it, and depending on your settings, we may block access to it. This means we give you the IP address for our block page instead, or depending on your settings, give nothing at all, which gives a blank page in your browser.
There’s just one problem with regular DNS. It’s totally unencrypted! If you’re using normal DNS, anyone on the same network may be able to view the sites you’re visiting. This doesn’t mean that they can view the content of the site, however. An observer could see that you’re visiting bnz.co.nz, but as long as you’re using an https connection, wouldn’t be able to view what you’re doing.
Secure DNS
Although the content of sites you visit remains secure, it’s still a privacy concern that someone could see which sites you’re visiting. That’s why secure DNS is becoming ever more popular. There are three main types of secure DNS available today, and we’re happy to announce that we now support all of them. They are:
- DoH (DNS over HTTPS).
- DoT (DNS over TLS).
- DNSCrypt.
They’re all equally secure, and from a user perspective, all do the same job. Deciding which to use comes down to what your particular platform supports. We’ve made that easy by automatically detecting which platform you’re on and offering easy setup instructions for all of them. Just check out Safe Surfer device setup (requires login).
There are more benefits to secure DNS on Safe Surfer than just security. It also means that your custom site blocking rules and usage are much more reliable. If you aren’t using secure DNS, we have to guess who you are via your source IP address. That’s why you’ll see a prompt to give us your IP address:
IP addresses can change. That means that if you don’t sync your IP in time, you may lose your custom settings until you sync again. Encrypted DNS solves this problem by giving each device a unique URL to use. This way, it’s very easy for us to know which settings to apply and attribute the usage to the right device.
If you’re using the Safe Surfer app on iOS or a newer-generation Lifeguard Router, you’re already using secure DNS. There are other ways to set it up here, and it’s coming soon to the Android app. Get started today for a more reliable and secure experience!
Contribution by Safe Surfer Developer, Mathias
You must be logged in to post a comment.