As I have been looking into security I have discovered that I can use DNS servers other than that provided by my ISP.
Both Google and Norton provide their DNS servers to anyone for free as does DNScrypt. This is great but being a believer in there is no such thing as a "free lunch" I can't help but wondering what is in it for "them" (them =Google, Norton, DNScrypt). I feel there is something here I don't understand. Can anyone clue me in.
Why are DNS servers free ?
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Why are DNS servers free ?
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: Why are DNS servers free ?
most of them have both Free & a paid version:
https://www.opendns.com/home-internet-security/
is the same, with a "Free Family Shield" & a higher Paid level, as well.
the Free versions, tend to block things such as P0rn,
whereas the Paid version is much more customisable & does require an active, Paid, account.
depending on your actual, physical location, they often are quicker than your ISPs connection.
https://www.opendns.com/home-internet-security/
is the same, with a "Free Family Shield" & a higher Paid level, as well.
the Free versions, tend to block things such as P0rn,
whereas the Paid version is much more customisable & does require an active, Paid, account.
depending on your actual, physical location, they often are quicker than your ISPs connection.
Please edit your original post title to include [SOLVED] - when your problem is solved!
and DO LOOK at those Unanswered Topics - - you may be able to answer some!.
-
Dr.Flay
Re: Why are DNS servers free ?
You could also ask "why is each node I pass through free?"
DNS is simply a part of how the system works. Without it there is no web.
Most DNS are hosted by companies that rely on fast lookups of addresses.
eg. ISPs, AV companies, Certificate authorities, the owners of the physical pipeline.
Back in the days of dial-up modems we often used to use the free proxy services most ISPs have.
On a network, the router or a server can act as the DNS for everything connected.
The HOSTS file in an OS is kind of a basic DNS for an individual computer or connected clients.
If a site is already listed with its IP in your HOSTS file the OS does not ask the DNS to match a name to an IP, it just tries to go straight to the destination (if the DNS allows it).
As mentioned some DNS block "bad sites".... However, each DNS host has a different idea of what is bad, as no guidelines have been given other than "protect our citizens from bad things"
The AV companies concentrate on malware sites, and ISPs with streaming media services, block as many free streaming sites as possible. Very few are actually blocking much "adult entertainment"
DNS that is truly trying to protect you will show a fail screen with some reference to being blocked.
ISPs and DNS that are blocking things they prefer you not to see, will just show a normal "page does not exist" failure, so your suspicions are not aroused.
Comodo went too far with their DNS, and it showed what harm can be done with mismanagement.
Unfortunately Comodo are also commonly used for the blocklists in other DNS that block/redirect, so their dumb choices are wide reaching.
Comodo have also contributed to the demise of the CoralCDN due to blocking the .nyud.net domain. This affected thousands of sites, millions of downloads, and cut off the ability for free projects to shift Terra-bytes of data.
I favour using a fast non-blocking DNS and managing my own HOSTS blocklist wich includes malware, trackers and adverts.
If I get blocked from a site or service I require, I have the ability to quickly edit it, instead of submitting a false-positive report to a company that may not agree with me.
I certainly would not bother to use a Norton DNS for any sense of protection. Norton site ratings are useless.
If you want security from your DNS, you should pick DNSSEC capable servers.
These are capable of authenticating that you are going to the correct IP. They protect against man-in-the-middle attacks by DNS hijacking and poisoning.
https://wikipedia.org/wiki/Domain_Name_ ... Extensions
Currently I am using one from VeriSign as my primary, KAMP-DE Networks as secondary, and UUNET for a third fall-back.
I started collecting a list of authenticating DNS at the Vivaldi forum (where security and privacy is an important set of topics). I should do another scan and add any more I can see, but they are a good start for others.
https://vivaldi.net/forum/private-brows ... e-dns-list
(There are a few other handy DNS references linked in the post).
Some DNS support more query types than others. I am not sure of a convenient way/tool to test them.
I can see differing results in vTrace depending on what DNS I use;
DNS is simply a part of how the system works. Without it there is no web.
Most DNS are hosted by companies that rely on fast lookups of addresses.
eg. ISPs, AV companies, Certificate authorities, the owners of the physical pipeline.
Back in the days of dial-up modems we often used to use the free proxy services most ISPs have.
On a network, the router or a server can act as the DNS for everything connected.
The HOSTS file in an OS is kind of a basic DNS for an individual computer or connected clients.
If a site is already listed with its IP in your HOSTS file the OS does not ask the DNS to match a name to an IP, it just tries to go straight to the destination (if the DNS allows it).
As mentioned some DNS block "bad sites".... However, each DNS host has a different idea of what is bad, as no guidelines have been given other than "protect our citizens from bad things"
The AV companies concentrate on malware sites, and ISPs with streaming media services, block as many free streaming sites as possible. Very few are actually blocking much "adult entertainment"
DNS that is truly trying to protect you will show a fail screen with some reference to being blocked.
ISPs and DNS that are blocking things they prefer you not to see, will just show a normal "page does not exist" failure, so your suspicions are not aroused.
Comodo went too far with their DNS, and it showed what harm can be done with mismanagement.
Unfortunately Comodo are also commonly used for the blocklists in other DNS that block/redirect, so their dumb choices are wide reaching.
Comodo have also contributed to the demise of the CoralCDN due to blocking the .nyud.net domain. This affected thousands of sites, millions of downloads, and cut off the ability for free projects to shift Terra-bytes of data.
I favour using a fast non-blocking DNS and managing my own HOSTS blocklist wich includes malware, trackers and adverts.
If I get blocked from a site or service I require, I have the ability to quickly edit it, instead of submitting a false-positive report to a company that may not agree with me.
I certainly would not bother to use a Norton DNS for any sense of protection. Norton site ratings are useless.
If you want security from your DNS, you should pick DNSSEC capable servers.
These are capable of authenticating that you are going to the correct IP. They protect against man-in-the-middle attacks by DNS hijacking and poisoning.
https://wikipedia.org/wiki/Domain_Name_ ... Extensions
Currently I am using one from VeriSign as my primary, KAMP-DE Networks as secondary, and UUNET for a third fall-back.
I started collecting a list of authenticating DNS at the Vivaldi forum (where security and privacy is an important set of topics). I should do another scan and add any more I can see, but they are a good start for others.
https://vivaldi.net/forum/private-brows ... e-dns-list
(There are a few other handy DNS references linked in the post).
Some DNS support more query types than others. I am not sure of a convenient way/tool to test them.
I can see differing results in vTrace depending on what DNS I use;
Re: Why are DNS servers free ?
The question you are really asking is "How do they make money if they are giving me the service for free?" I might consider 2 possible answers - 1) They view free DNS services as a lost leader which could lead to sales of other (expanded/paid) services they may offer. and 2) There are entities out there that are interested in "traffic patterns" that might pay (or subscribe to a service offered by DNS providers) for said data.
It seems that the evil geniuses in Redmond, WA have figured the latter concept out... it is (part of) the reason that the upgrade to Win10 and beyond is "free":... Win10 has made the transition from merely an OS to an OS that also harvests information about use patterns that has significant value to folks who sell stuff on the internet. Google and Amazon have been doing it (harvesting use/search data) for years and using it to target consumers with user specific advertising... and guess what - it works! Lots of $ to be had there!
I don't think the providers of DNS services, track individuals (like M$, Google, Amazon, etc.) but rather compile data on "the big picture" which also has a value.
There are many "free" DNS servers. I use OpenDNS. I have configured my router to use their DNS servers as seen @ this link. The service is free, there is no "sign up", and there is no filtering that I have noticed.
It seems that the evil geniuses in Redmond, WA have figured the latter concept out... it is (part of) the reason that the upgrade to Win10 and beyond is "free":... Win10 has made the transition from merely an OS to an OS that also harvests information about use patterns that has significant value to folks who sell stuff on the internet. Google and Amazon have been doing it (harvesting use/search data) for years and using it to target consumers with user specific advertising... and guess what - it works! Lots of $ to be had there!
I don't think the providers of DNS services, track individuals (like M$, Google, Amazon, etc.) but rather compile data on "the big picture" which also has a value.
There are many "free" DNS servers. I use OpenDNS. I have configured my router to use their DNS servers as seen @ this link. The service is free, there is no "sign up", and there is no filtering that I have noticed.
Full time Linux Mint user since 2011 - Currently running LM21C on multiple Dell laptops - mostly Vostro models.
-
ivan-the-idiot
Re: Why are DNS servers free ?
You can also run your own DNS server on either your own machine or on your own network. Default install of bind9 sets it up as a caching-only server, so it isn't authoritative for any domain BUT it will query the root servers (and then down the line) and cache the results.
-
atari800
Re: Why are DNS servers free ?
Google LOOOOOOVES to collect your activity
So their gain is that if you use their DNS, they know where you are going even if you have your browsers geared up with ad blockers and anti-tracking plugins.
Think about it....
I have ghostery, ad block, microblock, etc on my browser so I see no ads
however I am using Googles DNS
When I type in "www.someplacecool.com", it goes to Google with
"Hey ip address XXX.XXX.XXX.XXX is looking for http://www.someplacecool.com"
Google stores this - it know my ip address and where I am going.
When I click on a link to "www.mygoodnessbadporn.com", it goes to google with
"hey ip address XXX.XXX.XXX.XXX is looking for http://www.mygoodnessbadporn.com"
Google now knows my ip address went to http://www.someplacecool.com and http://www.mygoodnessbadporn.com
In addition to what browser I am using, time of day, how often I linger around and a bunch of other stuff.
Norton on the other hand may use your info is to see if you go to known sites with malware or a site that redirects to malware or what ever
OPENDNS sells enhanced version of DNS access and provide security enforcement for some big companies so their angle may be "give it away and maybe someone will purchase our security packages" or whatever
I use my own DNS so the other DNS"s I tap off of to populate mine only see a "trickle" of requests looking for DNS resolution to some site
*Google has enough info on me
So their gain is that if you use their DNS, they know where you are going even if you have your browsers geared up with ad blockers and anti-tracking plugins.
Think about it....
I have ghostery, ad block, microblock, etc on my browser so I see no ads
however I am using Googles DNS
When I type in "www.someplacecool.com", it goes to Google with
"Hey ip address XXX.XXX.XXX.XXX is looking for http://www.someplacecool.com"
Google stores this - it know my ip address and where I am going.
When I click on a link to "www.mygoodnessbadporn.com", it goes to google with
"hey ip address XXX.XXX.XXX.XXX is looking for http://www.mygoodnessbadporn.com"
Google now knows my ip address went to http://www.someplacecool.com and http://www.mygoodnessbadporn.com
In addition to what browser I am using, time of day, how often I linger around and a bunch of other stuff.
Norton on the other hand may use your info is to see if you go to known sites with malware or a site that redirects to malware or what ever
OPENDNS sells enhanced version of DNS access and provide security enforcement for some big companies so their angle may be "give it away and maybe someone will purchase our security packages" or whatever
I use my own DNS so the other DNS"s I tap off of to populate mine only see a "trickle" of requests looking for DNS resolution to some site
*Google has enough info on me
-
ivan-the-idiot
Re: Why are DNS servers free ?
Unless your ISP blocks it you can just install the bind9 package - it configures a caching only DNS server by default. Then point your machine to localhost or 127.0.0.1 in /etc/resolv.conf as the first nameserver entry. And then you'll pull from the root servers... and their motivation for being free-to-use is "it is what makes the internet work"