What is Private DNS and How to Use a DNS Server?
Every single time we type in a web address in our browser’s address bar the request is sent to a domain name server (DNS) – be it a private or public one – with the universal resource locator (URL) attached as an argument. The URL is then “translated” into machine-understandable IP addresses that make it easier to locate the target host and, therefore, render us the website served by it.
Well, most of us don’t think about this process because it takes seconds and is seamless to the user – if the DNS is configured correctly, that is.
In this post, we will have a look at what is private DNS and how a DNS server is used. We are sure that you will start to appreciate how useful this technology is to our day-to-day browsing.
What is DNS?
Simply put, a DNS is a part of the Internet’s architecture, and also a protocol in its own rights, that translates domain names to IP addresses.
A domain name is a human-friendly URL that usually identifies a website or an Internet resource. Thanks to DNS, we can type “google.com” instead of having to remember the search engine’s IP address – which, in this case, is a range of IP addresses from 172.217.00 to 172.217.255.255.
There are 13 DNS root name servers on the internet whose sole purpose is to translate URLs into IP addresses so queries for Internet resources can be easily routed to the correct destinations.
Types of DNS exposures
There are two types of DNS exposures: public DNS and private DNS. We will have a look at each one individually.
What is public DNS?
When a user signs up for the Internet, their Internet Service Provider (ISP) assigns them a default DNS server. Nearly every ISP has its own DNS servers. And generally speaking, the new users don’t have to bother with the configuration of those servers.
However, there may be instances when the ISP’s DNS servers are slow and the user might want to use DNS servers from a third-party service provider.
The solution is to use public DNS servers. There are some free servers that are faster than the average DNS including the most popular ones that are provided by Google – with primary and secondary IP addresses 8.8.8.8 and 8.8.4.4 (IPv4) or 2001:4860:4860::8888 and 2001:4860:4860::8844 (IPv6).
Here are the IP addresses of some of the best and free public DNS servers that can be used by anyone:
Now, although these public DNS servers may be faster than the alternatives, they come with one weakness: the address queries are sent out in plain text format. This means anyone can listen in on the packets as they are leaving the DNS and know which sites the user is visiting which could, in turn, lead to privacy breaches and even identity theft.
What is private DNS?
With private DNS, a network owner – it could be a business or any other entity with a private network – uses their own private DNS domain names. They have full control of the associated zones and records to provide URL resolution to their internal applications and even between their LAN and their cloud network.
Both TLS and HTTPS are protocols used to encrypt DNS queries that are sent out – meaning eavesdroppers and hackers are unable to see what is being transmitted between the network and the DNS server.
DNS that use these protocols are known as DNS over HTTPS (DoH) and DNS over TLS (DoT) – both of which are the actual terminologies for private DNS.
Therefore, we can say that a private DNS uses TLS and HTTPS protocols to encrypt the queries that are sent between a private network and its DNS server.
Why and How to use a Private DNS Server
The primary concern of any business is keeping its data safe. This is especially true in today’s world of hacks, breaches, and exploits that make it to the headlines almost every single day – and that’s just the reported tip of the iceberg.
One of the preferred tools that help in securing a network is a private DNS server.
Internet traffic leaves a track – known as a “digital footprint” – behind that can be used to extract data and information about a business’ technology setup. This includes tracking user behavior to build profiles of the employees in the business which can be extracted from packets going back and forth between an unprotected DNS server and a user’s computer.
But there are more reasons why businesses should adopt a private DNS server now:
- A DNS server keeps the IP addresses inside a business’ company network private – while the users in the network can communicate with one another (ping, traceroute, etc.), they won’t be visible from outside the network, since their IP addresses are hidden from the rest of the world.
- It also helps to improve the business’ network speeds – as we have mentioned above, although public DNS – like the ones offered by Google – may be faster than the ones that are offered by default by an ISP provider they aren’t faster than well-configured and maintained private DNS.
- It offers content filtering to stop users from landing on malicious websites which could infect their devices and then spread the infection to the whole network.
- It also offers malware filtering to stop malware from latching to a single IP address – and exploiting it to get into the network – by floating the domain’s IP addresses and confusing the probes looking for information about the network.
- Then, there’s ads-blocking by blacklisting the IP addresses of domains that are notorious for pushing out unsolicited ads – read “spam” ads – and not letting anything get through.
Split-horizon DNS – the concept
One concept that can be implemented using a private DNS is split-horizon. This allows the business to use the same domain name for both public and private zones. But, depending on the origin of the query, a local or private IP address is used to identify it.
This way, the business can cater to both local and remote users and even serve resources to them separately.
The setup can be:
- Multiple DNS servers for segments that need to connect with the Internet.
- Multiple DNS services one a single server that caters to the whole network but splits requests as they come in and guides them to the right service.
- A single DNS server configured to enable the split-horizon feature on a DNS application or solution.
The choice of implementation depends on the network setup, unique requirements, and the budget available to invest in buying solutions and expertise for the deployment, configuration, and management of the private DNS.
Every business gains from using a private DNS Server
We have just seen that a business would indeed gain from implementing a private DNS. Its staff remains safe, the network is protected, and malicious entities won’t be able to “probe” or scope out their network or the traffic coming from it.
Overall, a private DNS contributes towards achieving security. That’s why every business should look into adopting this technology. They should then hire professionals to setup a DNS server – and then configure their private DNS for them. The good thing here is that once configured correctly, a private DNS can run with little to no management required.
