We tend to take it for granted, but you need to treat the Internet Domain Name System (DNS) with the respect that it deserves. And if you have some time to investigate alternatives, you could really enhance your network’s performance and security.
Before I tell you how to do this, let’s have a brief explanation of what DNS is. Think of what a phone book does – it allows you if you to look up someone’s phone number by referencing their name. The DNS does something similar, except for computers: if you type in “google.com” it translates that name into a sequence of four numbers, called an IP address. In this case, the IP address of google.com is 22.214.171.124.
The overall Internet infrastructure has a series of master phone books, or DNS root servers, located at strategic places around the world and maintained by a collection of public, semi-public, and private providers. They talk to each other on a regular basis; it’s important to make sure that they stay in synch as new domains are added. As you can imagine, if someone wants to “poison” one of the entries, or misdirect Internet traffic to a phony domain, it can be done with the right amount of subterfuge. A famous example of this occurred in2008. In an attempt to prevent YouTube viewers in Pakistan from watching a single offensive video, a Pakistani Internet provider managed to block access to all of YouTube all around the world. A more comprehensive list of the various DNS attacks can be found here on Google’s site.
When you set up your network, typically you don’t give your DNS settings any further thought. If you have a cable or DSL modem, you hook it up and it automatically gets its DNS settings from the cable or phone company’s DNS servers. If you are running a large enterprise network, typically you have your own internal DNS server to provide this service.
There are several alternative providers, including OpenDNS and Google’s Public DNS, among many others that you can see listed here. Why bother? Two good reasons: 1.) they offer better browsing performance, and 2.) they provide better security to stay away from known phishing and malware-infected domains.
Before you pick an alternative DNS provider, you can use this Java program to test the speed of your own DNS vs Google and OpenDNS. Or you can read up on a couple of performance comparisons from Manu-j and Habitually Good here.
You can change your DNS settings for your individual computer or for your overall network. This is typically done at your DHCP server or cable modem or router. Any of the alternative providers offer their services free, and some, such as OpenDNS, offer a lot more than just the mapping of IP addresses too.
Here are the instructions for changing the DNS settings. The whole process shouldn’t take you more than a couple of minutes to read through them and implement the changes:
These free services are just the beginning of a new series of other improvements called secure DNS protocol extensions and products, and you can check out these products and read more on this site to understand what is involved to deploy them.