Improve Network Security for Free with Malware-Protected DNS Services

cloud vault door
Enhancing your home or business network security doesn't have to come with a hefty price tag. Integrating malware-blocking DNS services into your existing security setup can add an extra layer of protection against malicious threats. This blog will guide you through the basics of DNS, the benefits of DNS over HTTPS (DoH), and how to change your DNS settings to improve your network security for free.

What is DNS?

The Domain Name System (DNS) is often called the "phonebook of the internet." Essentially, DNS translates human-friendly domain names like www.example.com into IP addresses like 192.168.1.1, which computers use to identify each other on the network. This translation is crucial because, while we remember and use domain names, computers need IP addresses to locate and communicate with each other.

When you type a website address into your browser, your device requests a DNS server to get the corresponding IP address. Once it has the IP address, your device can load the website. Without DNS, browsing the internet would be cumbersome, as you would have to remember and type long strings of numbers.

Public DNS servers are available to the public as alternatives to the DNS servers provided by Internet Service Providers (ISPs). These public servers often have added features such as increased speed, privacy, and security. Some well-known public DNS services include:

  • Google Public DNS (8.8.8.8 / 8.8.4.4)
  • OpenDNS (208.67.222.222 / 208.67.220.220)
  • Cloudflare DNS (1.1.1.1 / 1.0.0.1)
  • Quad9 (9.9.9.9)

For those looking for enhanced security, some public DNS services provide features specifically designed to block malware, phishing sites, and other malicious content. Two such examples are:

  • Cloudflare Security (1.1.1.2 / 1.0.0.2): Cloudflare's DNS has added security filters to block malware.
  • Control D Block Malware (76.76.2.11): Control D offers various filtering options, including malware blocking.

Using these DNS services can add an additional layer of protection to your home or business network, helping to prevent access to harmful sites and reducing the risk of malware infections.

DoH vs DNS

DNS over HTTPS (DoH) and standard DNS are two methods for resolving DNS queries, but they differ significantly in terms of privacy, security, and implementation.

Standard DNS

Standard DNS queries are typically sent over unencrypted channels via UDP or TCP. This means that any entity between your device and the DNS server (like your ISP, network administrators, or potential attackers) can see the websites you are trying to access. This lack of encryption can pose privacy risks and make DNS queries susceptible to attacks like DNS spoofing or man-in-the-middle attacks.

DNS over HTTPS (DoH)

DoH encrypts DNS queries using the HTTPS protocol, which is used for secure web browsing. This encryption prevents intermediaries from seeing the DNS queries, enhancing privacy and security. By disguising DNS traffic as regular HTTPS traffic, DoH also makes it more difficult for attackers to intercept or manipulate DNS queries.

Pros and Cons of Standard DNS vs. DoH

Standard DNS:

Pros:

  • Simplicity: Easy to set up and widely supported by all devices and routers.
  • Speed: Generally faster due to less processing overhead compared to encrypted connections.

Cons:

  • Lack of Privacy: Queries are sent in plaintext, making them visible to ISPs and potential attackers.
  • Security Risks: Susceptible to attacks like DNS spoofing and man-in-the-middle attacks.

DNS over HTTPS (DoH):

Pros:

  • Enhanced Privacy: Queries are encrypted, preventing ISPs and attackers from viewing the websites you access.
  • Improved Security: Encryption makes DNS queries less susceptible to tampering and spoofing.

Cons:

  • Complexity: May require additional configuration and support from both client and server.
  • Potential Performance Impact: Encryption adds some overhead, potentially slowing down the DNS resolution process.
  • Compatibility: Not all devices and applications support DoH.

Choosing the Right Option

While standard DNS is straightforward and widely used, DoH provides significant privacy and security benefits. For businesses and individuals concerned about privacy and security, using DoH can be a worthwhile upgrade. However, it's important to check that your devices and network infrastructure support DoH to take full advantage of its benefits.

How to Change Your DNS Settings

Changing your DNS settings to point to a public DNS service with added security can enhance your network's protection against malware and other threats. Here’s a step-by-step guide on how to do this on your home router.

General Steps for Changing DNS Settings on a Router

  1. Access Your Router's Web Interface:
    • Open a web browser and enter your router's IP address in the address bar. Common addresses are 192.168.1.1 or 192.168.0.1.
    • Log in using your router's admin username and password. If you haven't changed these from the default, you can usually find them on a sticker on the router or in the router’s manual.
  2. Locate the DNS Settings:
    • Navigate to the DNS settings section. This is usually found under settings like "Network Settings," "Internet," "WAN," or "Advanced Settings."
  3. Enter the DNS Addresses:
    • Replace the existing DNS server addresses with those of the public DNS service you want to use. For example, if using Cloudflare Security, enter 1.1.1.2 and 1.0.0.2.
  4. Save Your Settings:
    • After entering the new DNS addresses, save your changes. The router might need to reboot for the changes to take effect.

Common Router Settings for DNS on ISP-Supplied Routers

ATT

  1. Log in to your ATT router's web interface.
  2. Navigate to "Home Network" > "Subnets & DHCP."
  3. In the DNS section, enter the desired DNS addresses.
  4. Save changes and reboot the router if necessary.

Xfinity

  1. Log in to your Xfinity router's web interface.
  2. Go to "Connection" > "WAN Network."
  3. Enter the new DNS server addresses in the DNS settings.
  4. Save changes and reboot the router if needed.

Google Fiber

  1. Log in to your Google Fiber Network Box.
  2. Go to "Network" > "Advanced" > "DNS."
  3. Enter the new DNS addresses.
  4. Save changes and reboot the Network Box if necessary.

T-Mobile

  1. Log in to your T-Mobile router.
  2. Navigate to the "Advanced" settings.
  3. Find the DNS settings section and enter the desired DNS server addresses.
  4. Save changes and reboot the router if required.

Time Warner

  1. Access the Time Warner router's web interface.
  2. Go to "Basic Setup" or "WAN Setup."
  3. Enter the new DNS server addresses in the DNS section.
  4. Save your settings and reboot the router if needed.

Comcast

  1. Log in to your Comcast router.
  2. Navigate to "Gateway" > "Connection" > "Local IP Network."
  3. Enter the new DNS server addresses.
  4. Save changes and reboot the router if necessary.

Spectrum

  1. Log in to your Spectrum router's web interface.
  2. Go to "Advanced" > "Network" > "DNS."
  3. Enter the new DNS server addresses.
  4. Save changes and reboot the router if required.

Final Tips

  • Restart Devices: After changing your router’s DNS settings, restart all connected devices to ensure they use the new DNS settings.
  • Backup Settings: Before making changes, consider backing up your router’s current configuration if you need to revert to previous settings.

Following these steps, you can effectively enhance your network’s security and privacy by using a public DNS service with malware protection.

Conclusion

Protecting your home or business network from malware and other online threats is essential. Public DNS services with built-in malware protection is a simple and effective way to enhance your network security.

DNS, the system that translates domain names into IP addresses, is crucial for web navigation. While standard DNS is functional, it lacks privacy and security features. DNS over HTTPS (DoH) is a better alternative because encrypted queries keep your browsing activity private and secure.

Switching to a public DNS service like Cloudflare Security (1.1.1.2 / 1.0.0.2) or Control D Block Malware (76.76.2.11) can block malicious sites and prevent malware infections. Changing your DNS settings is straightforward and can be done through your router’s web interface.

For routers from ATT, Xfinity, Google Fiber, T-Mobile, Time Warner, Comcast, and Spectrum, the process involves logging in, navigating to the DNS settings, and replacing the default addresses with your chosen public DNS service. This simple step significantly boosts your network’s security.

Remember, changing your DNS settings is just one part of a comprehensive security strategy that should include regular software updates, strong passwords, and robust security solutions.

By using public DNS services with malware protection, you can add an extra layer of defense to your network, ensuring a safer online experience.


About TJF Design

TJF Design specializes in technology consulting and contracting services tailored to meet businesses' unique needs. Dedicated to delivering innovative solutions that enhance security, efficiency, and performance. Whether you need to bolster network security, optimize IT infrastructure, or implement new technologies, we're here to help. Visit the website to learn more about available services.

Comments