What is a DNS resolution service, and how can it help protect your privacy and security?
DNS resolution services can help keep your data private, and some offer features like malware and phishing blocking. Is adopting one right for you?
From working from home, to online education, to telemedicine and all of our social engagements, now more than ever, every aspect of our lives is being conducted online.
While there are incredible benefits to the Internet, there are also a number of threats to both our digital security and personal information that we need to be aware of. We’ve seen a rise in malware and phishing attacks related to COVID-19, and some of our regularly used systems struggling to keep up as we all pivot online.
There are a number of things you can do to protect yourself online, including using end-to-end encrypted communications services, using a VPN, and making sure you use unique passwords for all of your logins. But today, we’re going to focus on one specific thing you can do: protect yourself from phishing and malware, with a DNS resolution service.
What’s a DNS anyway?
DNS stands for the Domain Name System, a way of simplifying the naming of computers and services connected to the Internet. You can think of the DNS as the intermediary between us—the humans who use the Internet—and the computer infrastructure that actually makes the Internet work.
Take our website, for example. When you connect to OpenMedia.org, the DNS automatically translates the numerical IP address needed for locating our site on the Internet (220.127.116.11) into the URL you recognize (OpenMedia.org). That way, us humans don’t have to memorize the long numerical sequences that computers prefer in order to connect us to our favourite websites.
Why should I care about DNS addresses?
When you type a URL into your Internet browser, you’re launching a sequence of connections that will eventually lead you to the website or other resource that you’re seeking to access.
The first thing that you connect to in this process is a DNS resolver, which tracks down the website or other resource that you’re seeking to access. Your DNS resolver is the initial point of connection when you attempt to access websites, and plays a key role in the late stages of connecting to websites and other services on the internet.
Because of this, your DNS resolver has access to all of your activity on the Internet. So you want to make sure that you know who has that information, and what is being done with it. That’s why using an alternative DNS resolution service is an important thing to consider.
Does who resolves my DNS queries matter?
Choosing a different DNS resolver can improve the speed, security, and privacy of your connection to the Internet. And determines who has access to all of your Internet activity history.
While there are many different DNS resolvers, they’re not exactly created equal. For example, the ones that are automatically provided by your Internet Service Provider (like Telus, Shaw, and Bell) are not part of the core infrastructure of the Internet. Rather, they’re built on top of the necessary computers that make the internet work.
Examples of DNS resolution services that are built into the Internet at the infrastructure level, include Cloudflare, and Canadian Shield, which is made by the Canadian Internet Registration Authority (CIRA), who manage the Top Level .CA domain.
In terms of functionality—like speed and the ability to handle large volumes of requests—these DNS resolution service providers are better positioned to perform fast and securely. They’re also both free to use.
What does using an alternate DNS resolution service do for me?
As previously mentioned, your DNS resolver knows about everything you do on the Internet. Normally, your Internet Service Provider (ISP) is configured to be your DNS resolver, and is not able to use the information they collect and retain about your Internet activity for marketing purposes, or sell this data, without your consent.
Under Canadian law, ISPs are obligated to disclose this information to law enforcement if it’s legally requested. But, unfortunately, Canadian law doesn’t have any retention limit for this information. Individual ISPs have their own internal policies that inform their retention periods, which are often hard to determine, and can vary from company to company. They may elect to store your website history indefinitely, making it susceptible to disclosure, should laws change, or should they become the subject of a data breach.
Other DNS resolution services have more explicit and transparent retention policies. For example, Cloudflare stores data related to Internet activity for just three days, and Canadian Shield stores this data for only 24 hours.
Another important consideration that relates to both privacy and speed, is where your DNS resolution service is hosted. Cloudflare is hosted all over the world, with servers located in 200 cities in more than 90 countries. Because of its international network of servers, your Internet activity could be routed to servers located all over in the world, and may be subject to local surveillance practices.
If keeping the record of your Internet traffic within Canada is a priority for you, Canadian Shield might be the better solution. It has all of its servers located within Canadian cities: Montreal, Toronto, and Vancouver. This also means faster DNS resolutions when you’re using the service within Canada.
The bottom line
Everyone shares their Internet browsing information through the DNS resolution process, but few of us are making a conscious decision about who we share this information with. Through choosing a DNS resolution service, you can exercise some control over our privacy and security by choosing the service that’s right for you.
When you activate a DNS resolution service, you’re making the choice to share your Internet data with that service instead of your ISP, and can choose the services that best suit your needs. In the current climate of phishing and malware, this extra layer of protection could be a valuable step you can take to prevent yourself from malicious actors. With Cloudflare, you’re sharing that data with a publicly traded company that’s based in the United States. In the case of Canadian Shield, you’re making the choice to share your internet data with a Canadian non-profit.
For more information or to download CIRA’s tool, visit the Canadian Shield website.
This blog was supported by a grant from CIRA.