Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
DNS allows computer networks to associate numerous pieces of information with each web domain. To put it another way, all Domain Name Servers serve as the core internet address book.
Therefore, even if individuals may readily remember a domain name, computers require numbers to comprehend it. That’s why the DNS system converts each domain name into an IP address and assigns it, along with additional information.
Some of the Most Reliable Free and Public DNS Servers
| IPv4 | IPv6 | |||
|---|---|---|---|---|
| Provider | Primary DNS | Secondary DNS | Primary DNS | Secondary DNS |
| 8.8.8.8 | 8.8.4.4 | 2001:4860:4860::8888 | 2001:4860:4860::8844 | |
| Quad9 | 9.9.9.9 | 149.112.112.112 | 2620:fe::fe | 2620:fe::9 |
| OpenDNS | 208.67.222.222 | 208.67.220.220 | 2620:119:35::35 | 2620:119:53::53 |
| Cloudflare | 1.1.1.1 | 1.0.0.1 | 2606:4700:4700::1111 | 2606:4700:4700::1001 |
| Alternate DNS | 76.76.19.19 | 76.223.122.150 | 2602:fcbc::ad | 2602:fcbc:2::ad |
| AdGuard DNS | 94.140.14.14 | 94.140.15.15 | 2a10:50c0::ad1:ff | 2a10:50c0::ad2:ff |
| DNS.WATCH | 84.200.69.80 | 84.200.70.40 | 2001:1608:10:25::1c04:b12f | 2001:1608:10:25::9249:d69b |
| Comodo Secure DNS | 8.26.56.26 | 8.20.247.20 | n/a | n/a |
| CenturyLink | 205.171.3.66 | 205.171.202.166 | n/a | n/a |
| SafeDNS | 195.46.39.39 | 195.46.39.40 | 2001:67c:2778::3939 | 2001:67c:2778::3940 |
| CleanBrowsing | 185.228.168.9 | 185.228.169.9 | n/a | n/a |
Why Should I Use an Alternative DNS?
If you suspect there’s an issue with the ones you’re using currently, you might feel the need to change the DNS servers provided by your ISP.
An easy approach to test for a DNS server problem is by entering a website’s IP address into the browser. If you can access a website using its IP address but not its name, the DNS server is most likely down.
Another reason to switch DNS servers is if you want your service to function better. Many users claim that their ISP’s DNS servers are slow, resulting in a slower surfing experience overall.
Another popular purpose for using DNS servers from a third party is to avoid logging of your web activity and to get around website banning.
Keep in mind though, that not all DNS servers refrain from monitoring traffic. If you’re interested in that, make sure you read the FAQs on the DNS provider’s website to be sure it will do (or not do) what you want.
If, on the other hand, you wish to utilize the DNS servers that your ISP has decided to use, don’t configure DNS server addresses manually, just let them auto-assign.
DNS security is an extremely important topic, as the threat actors are constantly finding new ways to attack. Find out more about the threats that the companies faced in 2021 in our annually Threat Report.
How to Setup Your DNS Server?
To start with, you should find the primary and secondary nameservers for the DNS service you’d like to use.
These IP addresses are usually plainly posted on the service website.
For residential users, the simplest solution is to upgrade their router to utilize the new addresses. Most other devices will immediately take up the updated DNS settings, so there’s no need to do anything else.
To do so, go to your router’s settings and look for the current DNS main and secondary nameservers (the default password may be posted on the router’s base). Make a note of the existing settings in case there are any issues, and then change them with the nameservers you want to use.
How to Configure DNS Servers on Your Windows OS?
Go to the Control Panel > Click Network and Internet > Network and Sharing Center > Change adapter settings > Select the connection for which you want to configure Google Public DNS.
Select Networking > Click Advanced and select the DNS tab > Select Use the following DNS server addresses.
How to Configure DNS Servers on Your Router?
In most cases, DHCP-enabled devices in your network will retrieve DNS settings automatically from your router; by configuring your router to use Internet Guide, these devices will use Internet Guide as well.
The exact method of configuring static DNS settings varies widely from router to router but usually appears under the DHCP configuration section.
How to Check Your DNS Address?
You can check your DNS address in two ways.
Online Tools
Click on Windows, click on Start, then All Programs, then Accessories, and finally on Command prompt.
Type “ipconfig /all” followed by Enter. You’ll get a lot of information.
How Can Heimdal Improve Your DNS Security?
In order to enjoy not having any digital boundaries, you should be able to prevent, detect, and block threats as you proactively hunt for DNS-based threats.
Securing your network is closely related to having proper endpoint threat prevention.
The Heimdal Threat Prevention – Endpoint module is meant to properly filter traffic on endpoints at the level of the DNS, HTTP, and HTTPS.
You can stay protected against DNS attacks and other threats like ransomware, data breaches, exploits, and more with a solution that allows you to perform category-based blocking of web pages, making sure that your private data is safe.
When the DarkLayer Guard – Endpoint module is enabled, it creates a local DNS Server that will work as a filtering engine before resolving the DNS Query performed by the user. The DarkLayer Guard DNS Server highjacks the DNS IP Address on the active Network Adapter(s) to scan for infected websites and other web locations (servers, online ads, etc) that can potentially install malware or be used as gateways for cyber-attacks.
The DarkLayer Guard – Endpoint module will change the DNS (Domain Name System) IP Addresses on IPv4 and IPv6.
Once the DNS IP Address is set, every web location you access via the Internet will be processed through a database that is set locally in the HEIMDAL Agent installation path. This database is about 15 MB in size and 95% of the websites blocked are located here.
If the website is not blocked after being processed through the local database it will pass but there is a second step. The website will be parsed through another database, in the cloud (about 6GB in size) where it will be checked again. If it’s found to be malicious, DarkLayer Guard – Endpoint will block it. If it’s safe, you’ll just be able to access the website normally.
Heimdal® Network DNS Security
- No need to deploy it on your endpoints;
- Protects any entry point into the organization, including BYODs;
- Stops even hidden threats using AI and your network traffic log;
- Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
The entire filtering process happens in milliseconds and will not affect your internet connection speed.
Did you enjoy this article? Follow us on LinkedIn, Twitter, Facebook, Youtube, or Instagram to keep up to date with everything we post!
Dora is a digital marketing specialist within Heimdal™ Security. She is a content creator at heart - always curious about technology and passionate about finding out everything there is to know about cybersecurity.
