Ichigo

Ichigo的小站

A computer-blogger from SXU
HomeArchives

DNS Related

#互联网冲浪指北75
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
**What is DNS?** When accessing a website (like example.com), we don't connect directly to the server but instead query a DNS server for the corresponding IP address. The DNS server responds with the IP address, allowing our device to connect to it. This process is known as DNS resolution. However, this communication is unencrypted, meaning internet service providers can easily see which websites you are visiting. **Encrypted DNS:** Encrypted DNS works similarly but uses protocols to encrypt the queries sent to the DNS server. While ISPs can still see that a query is made, they only see encrypted data, which can only be decrypted by the DNS server and the client. **Advantages:** - Faster access to certain sites - Improved privacy and security **Disadvantages:** - Potentially increased latency **Recommended DNS Protocols:** - DoT (DNS over TLS) is more suited for mobile devices. - DoH (DNS over HTTPS) is better for computers. **DNS Providers in China:** - **Tencent Cloud**: Offers DNS services with BGP Anycast technology and supports DoH and DoT protocols. - **Aliyun**: Supports multiple networks and provides intelligent resolution with DoH/DoT for privacy protection. **Choosing DNS for Privacy:** - Prefer DoH or DoT for encrypted queries to protect against monitoring. - Use DoH for better compatibility across different networks. - For sensitive industries, consider using national encryption standards. **Enhancing Privacy:** - Use a VPN to encrypt all traffic and hide your IP address. - Use the Tor browser for anonymous browsing. **DNS Issues:** If you face DNS errors, you can flush the DNS cache using commands in the command prompt. **References:** Various resources are available for setting up secure DNS and public DNS servers.

What is DNS#

When we visit a website/domain (like example.com), we are not directly accessing the server of example. Instead, we need to query the DNS server for the IP address corresponding to that domain. The DNS will answer this question. The IP address corresponding to this domain is x.x.x.x. Then the device will access x.x.x.x. This completes a DNS resolution. However, there is a flaw because when querying the DNS server, both the question and the answer from the server are transmitted in plaintext (TCP/UDP information exchange method). This means that network providers, such as China Telecom, China Mobile, China Unicom, and campus network providers, can easily know which website you are currently visiting.

image

Although the principle of encrypted DNS is still the same as above, it still asks the DNS server a question.

But!

Now these questions are encrypted through certain protocols before communicating with the DNS server.

Although network providers can still see your information, they can only see a string of encrypted garbled text.

This information can only be decrypted by the public key on the DNS server and the private key of the client to know what the content is.

Advantages#

Faster access speed for some sites
Privacy and security

Disadvantages#

May increase access latency

Recommended DNS#

DoT protocol is more suitable for mobile phones.

DoH protocol is more suitable for computers.

Domestic#

Tencent Cloud#

Tencent DNS is based on BGP Anycast technology, allowing users to access services nearby regardless of their location. It supports Google ECS protocol and, in conjunction with DNSPod authoritative resolution, can provide users with the most accurate resolution results, promising not to hijack resolution results.
IPV4

1. IPv4: 119.29.29.29

DOH-DNS over HTTPS
DNS resolution requests are made using encrypted HTTPS protocol to prevent original DNS requests from being eavesdropped, enhancing security.

1. DoH: https://doh.pub/dns-query
2. DoH: https://1.12.12.12/dns-query
3. DoH: https://120.53.53.53/dns-query
4. DoH: https://sm2.doh.pub/dns-query (National Secret)

DNS over TLS
DNS resolution requests are made using encrypted TLS protocol to prevent original DNS requests from being eavesdropped, enhancing security.

1. DoT: dot.pub
2. DoT: 1.12.12.12
3. DoT: 120.53.53.53

image

Alibaba Cloud#

Alibaba DNS supports lines including Telecom, Mobile, Unicom, Peng Bo Shi, Guangdian Network, Education Network, and 150 countries or regions overseas, supports user ECS expansion technology, and intelligent resolution; supports DoT/DoH protocols to protect user privacy and secure against hijacking.

1. IPv4: 223.5.5.5
2. IPv4: 223.6.6.6
3. DoH: https://223.5.5.5/dns-query
4. DoH: https://223.6.6.6/dns-query
5. DoH: https://dns.alidns.com/dns-query
6. DoT: dns.alidns.com

Others#

DNS Selection Recommendations#

  1. Privacy Protection:

    • Priority Choice: DoH or DoT. Both can encrypt DNS queries, protect user privacy, and prevent man-in-the-middle attacks and DNS leaks. If you are concerned about DNS requests being monitored, choosing DoH or DoT is a wise choice.
    • Specific Choice: DoH is suitable for users who need higher concealment, as it mixes with HTTPS traffic on port 443; DoT is suitable for use in network environments that support this protocol.

  2. Network Environment Compatibility:

    • Priority Choice: DoH. If you move between different network environments and are unsure whether the network administrator will block specific ports, DoH may be a better choice because the port 443 it uses is difficult to block.

  3. Specific Industry Needs:

    • Priority Choice: National Secret. If you work in fields involving highly sensitive information, especially in government, finance, or other specific industries, and need to comply with national security standards, using national secret algorithms is necessary.

How to Enhance Privacy Protection#

  1. Use VPN:

    • Encrypt All Traffic: A VPN (Virtual Private Network) encrypts all your network traffic, making it so that network administrators can only see the encrypted communication between you and the VPN server, and cannot see the actual websites you are visiting.
    • Hide IP Address: Using a VPN replaces your IP address with the IP address of the VPN server, further hiding your destination.

  2. Use Tor Browser:

    • Anonymous Network: Tor makes your network traffic path difficult to trace through multi-layer encryption and relay nodes, protecting your privacy.
    • Hide Access Destination: The Tor network prevents network administrators from seeing the actual websites you visit; they can only see that you are connected to the Tor network.

Devices Do Not Support DNS Modification#

Generally, the default DNS provider is your network provider. For example, if you are using a China Mobile SIM card, it will default to using China Mobile's DNS server.

Although the DNS provided by the network provider is not encrypted, it has an advantage that other DNS providers cannot match.

That is extremely low latency, with a single DNS resolution time generally at 5ms or even lower, much faster than using public DNS providers.

DNS Errors#

Right-click cmd to open administrator mode. Enter and press Enter to execute the command 【ipconfig /flushdns】. If successful, it will prompt: Successfully flushed DNS resolver cache; After clearing the DNS cache information, enter the command again to check;

  ipconfig /displaydns displays the contents of the DNS resolver cache.

  ipconfig /flushdns clears the DNS resolver cache.

  ipconfig /renew updates the IPv4 address of the specified adapter.

  ipconfig /registerdns refreshes all DHCP leases and re-registers DNS names.

Reference URLs#

Want to have a guaranteed internet experience, how to set a more secure DNS? - Minority (sspai.com)
Public DNS+——DNSPod's domain recursive resolution service
Available IPv4 Public Encrypted DNS in China: DoH/DoT/DoQ - CCCiTU Play Machine University
DoT/DoH Encrypted DNS Free Public Server Address Collection Public DoT/DoH DNS Server - DNS.iCoA.CN
Well-known Free Public DoT/DoH Encrypted DNS Servers (including IPV6) - Zhihu (zhihu.com)
Enable DOH to avoid DNS leaks! - Software Sharing - LINUX DO
One-click copy and paste, Clash practical guide to prevent DNS leaks, both free and secure! - Software Sharing - LINUX DO
How to fix DNS anomalies in Win11? Three methods to fix DNS anomalies in Win11 - System Home (xitongzhijia.net)

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.