5 DNS services to provide a layer of internet security – Network World

Firewalls and antivirus can help block internet-based malware from infecting connected enterprise machines, but layering on DNS-based filtering can help avoid some of these threats in the first place. It can also help stop users’ browsing to malware and phishing sites, block intrusive advertising, and serve as adult-content filters.
Because the Domain Name System (DNS) enables individual computers to reach destinations on the internet, services that filter out dangerous or unwanted sites can improve overall network security. DNS services provide a mix of tools to customize what content is filtered and which sites are blocked, among other useful features. This article describes five of these services.  
You utilize the Domain Name System (DNS) every time you surf the Web. Each time you type a site name into the browser, DNS is queried for the IP address corresponding to that particular domain, so the browser can contact the Web server to get the content. The process of converting the domain name to its IP address is called domain-name resolution.
There are two main types of DNS servers: recursive and authoritative. The ones that are used by most individuals and small companies (and that are covered here) are called recursive DNS and are the default services provided by most Internet Service Providers (ISPs). All the companies listed here offer recursive DNS services. Some of them, however, also sell authoritative DNS services, which allow website owners or hosts to define the web server IP addresses that their domain names point to and to manage other DNS settings.
Since DNS servers are the middlemen between your browser and website content, there are many third-party DNS services that offer additional functionality for both users and network administrators. These tools can include:
Five of these services are described here. Most are either completely free of charge or offer a number of free features that might make it worth your while to take a look.
Because there are so many DNS services available, only those that provide some type of automatic or preconfigured content filtering are discussed here with a description of what the user sees sent when the filter kicks in, which can range from a boring ,”This site can’t be reached,” page to  customizable block page.
It’s easy to switch to a different recursive DNS service. Simply change the IP addresses for DNS in the internet settings of your router to apply it to the entire network or change the DNS settings on select computers or other devices. Without further intervention, you’ll receive the DNS service’s preconfigured security or filtering protection. Some services also allow you to create an account (some free, some require premium services) to customize the level of protection and messages that appear when a site is blocked.
Remember, the speed, reliability and performance of DNS servers can vary. Slow or poor domain resolution can translate into slower and less reliable web browsing. You can run speed tests on DNS servers (try namebench) so that you can compare their performance at your particular location.
Free for: Personal or business use (over 300K monthly queries requires paid subscription)
DNS Addresses: Varies based upon desired protection
AdGuard DNS offers free preconfigured DNS services with various filtering applied and has premium services, giving you control over the filtering. You may be familiar with their name as they also separately provide AdGuard VPN and AdGuard Ad Blocker.
There are three options that AdGuard DNS provides the public for free with no account needed:
They also provide separate addresses for DNS-over-HTTPS, DNS-over-TLS, DNS-over-QUIC, and DNSCrypt. These are smarter and more secure protocols to help authenticate and encrypt the DNS. They can help prevent others from seeing what sites you’re accessing and helps stop DNS spoofing.
You can manually configure routers and end-user devices with their DNS services, but they also offer a convenient app (Windows, Mac OS, Android, and iOS) for end-user devices to help choose the filtering and apply the DNS configuration to the device. Plus, the app allows you to easily turn the protection on and off. However, the use of the app requires their premium service, which start at $2.49 monthly after their 3-day trial period. The premium service also comes with access to a cloud dashboard to view DNS-related stats and manage the filtering on multiple devices.
Free for: Personal or business use (over 300K monthly queries requires paid subscription)
DNS Addresses: 8.26.56.26 and 8.20.247.20 (8.26.56.10 and 8.20.247.10 for customizable service with an account)
Comodo Secure DNS offers a simple free service for the public. The preconfigured service that doesn’t require an account automatically blocks harmful websites such as those containing malware, spyware and phishing attempts. It claims to be more reliable, faster, and smarter than DNS services provided by most ISPs.
Accouns are totally free with tools to customize the filtering, blocked pages, and access reporting. However, Comodo’s GUI and configuration process isn’t as simplified as other services, and non-IT users may struggle. It’s apparent that Comodo is targeting businesses. It pushes managed service providers (MSP) to manage the service via the ITarian platform but for other businesses and enterprises, directs to a Comodo management site.
The premium Comodo Secure DNS service supports configuring custom blocked pages or setting up redirections. However, the free DNS service doesn’t have notification pages for blocked page and users would see the browser’s error page when a site is blocked.
Signing up for a premium account adds the ability to create additional polices and encrypt the DNS traffic, offers more user visibility and monitoring, and provides virtual-appliance support. Comodo also sells services that include authoritative DNS services for websites and many other security solutions, such as SSL certificates, secure email services, antivirus, and even PCI compliance services.
Free for: Personal or business use
DNS Addresses: Varies based upon desired protection
Control D provides a few free DNS servers with preconfigured filtering, and it can help spoof users’ locations without the use of a VPN. Plus, they provide DNS-over-HTTPS/3 and DNS-over-TLS/DoQ in addition to legacy access.
The service provides several different DNS servers to the public for free with no account needed:
Unlike most DNS services, Control D doesn’t have a default custom blocked page; users simply see their browser’s error page. But with the premium service they can configure redirections to a specified URL.
The service also allows picking exact filtering configurations, and it provides a DNS address to use. Plus, the service posts third-party DNS addresses that come with various filtering enabled.
Routers and end-user devices can be manually configured with the DNS services, but it also offers a simple Windows app for end-user devices to quickly apply the service’s DNS configuration to the device.
Control D has premium services, starting at $2 per month, after their 30-day free trial. This enables the use of even more filtering to better protect against threats from click baiting, dynamic DNS, torrents, shortened URLs, and other attack tools. Plus, it provides reporting and analytics on customer usage. Their higher plan, starting at $4 per month, enables location spoofing as well as unlocking geo-restricted content.
Free for: Personal or business use (over 300K monthly queries requires paid subscription)
DNS Addresses: Varies; they don’t publicly publish specific addresses
NextDNS provides a free public DNS service, but without an account, provides no filtering at all. However, accounts can be created totally free with a default configuration that protects against DNS-related security vulnerabilities plus blocks ads and trackers. The filtering can be customized to add more restrictions, such as adult content and specific site/app blocking. Plus, it provides access for DNS-over-HTTPS, DNS-over-TLS/QUIC.
Routers and end-user devices can be manually configured, but the service also offers DNS-configuration apps for end-user Windows, macOS, Chrome OS, iOS, and Android devices. The NextDNS web portal provides a dashboard for customizing features and functionality, including for users free accounts.
The fee for premium accounts starts at $1.99 per month, for which users get unlimited DNS queries. More expensive plans also add email-based support.
Free for: Personal or business use for Enhanced DNS; personal use only for other home and family services
DNS addresses: 208.67.222.222 and 208.67.220.220 (“FamilyShield” DNS addresses: 208.67.222.123 and 208.67.220.123)
OpenDNS is one of the most popular third-party DNS providers around and offers both free and premium services for homes and businesses. In the past it had preconfigured protection against malware and phishing sites via their main DNS addresses, but now that requires signing up for a free or premium account.
Here are the different service options for personal home use:
OpenDNS’ business service, Cisco Umbrella, offers advanced security and management, useful for larger networks and enterprise environments. It’s offered in different levels, and the service provides a 14-day free trial. They also offer an MSP and partner program, providing a streamlined console with monthly, post-paid, consumption based MSLA licensing.
(Eric Geier is a freelance tech writer. He’s also the founder of NoWiresSecurity providing a cloud-based Wi-Fi security service, Wi-Fi Surveyors providing RF site surveying, and On Spot Techs providing general IT services.)
Eric Geier is a freelance tech writer. He’s also the founder of NoWiresSecurity, providing a cloud-based Wi-Fi security service; Wi-Fi Surveyors, providing RF site surveying; and On Spot Techs, providing general IT services.
Sponsored Links

source

About The Author

admin

See author's posts