The domain name system (DNS) connects URLs / Links with their IP address. With DNS, it’s possible to type words instead of a string of numbers into a browser, allowing people to search for websites and send emails using familiar names. Traditionally these queries are not encrypted when they traversing an internet connection.
Private DNS (aka Secure DNS) is available now and encrypts DNS queries, ensuring they cannot be tampered with and are unintelligible to ISPs, mobile carriers, and any others in the network path between you and your DNS resolver.
At least newer Android devices support Private DNS but it may not be configured or active by default and not all internet providers or connections support it.
You can test if you current DNS is using Secure / Private DNS
Currently OpenDNS (acquired by Cisco) is a popular provider of public (free) or paid DNS services to improve security for home, business and other internet users.
They offer DNSCrypt service for Windows and Mac computers that has improvements to traditional DNS and can work along side Private DNS.
More info on Private DNS
Apr 18, 2018
There are many options for DNS security and privacy available right now. You do not need to use your ISP DNS or plain-text DNS anymore and open yourself to DNS hijacking, sniffing and abuse by third parties (looking at your Marriot).
However, with all great options out there (eg: 188.8.131.52, 184.108.40.206, 220.127.116.11), come great responsibilities. Which provider to choose? Which protocol to choose? DNSCrypt? DNS over HTTPS or TLS? What about DNSSEC? …
Here is a list and more info on Public and Private DNS providers.
Enable Private DNS with 18.104.22.168 on Android 9 Pie – blog.cloudflare.com
Stephen Pinkerton 2018-08-16
Android Pie (v9) only supports DNS over TLS. To enable this on your device:
- Go to Settings → Network & internet → Advanced → Private DNS.
- Select the Private DNS provider hostname option.
1dot1dot1dot1.cloudflare-dns.comand hit Save.
- Visit 22.214.171.124/help (or 126.96.36.199/help) to verify that “Using DNS over TLS (DoT)” shows as “Yes”.
And you’re done!
Is Cloudflare’s 188.8.131.52 Really About Privacy First?
So basically, despite its “privacy-first” policy, Cloudflare will be sharing DNS query data with APNIC Labs (Asia-Pacific Network Info Centre, the Regional Internet address Registry for the Region) for the next 5 years in exchange for the use of its 184.108.40.206 network address along with the chance of permanently acquiring the IP address — including 220.127.116.11.
On APNIC’s blog post, they stated that their deep interest is in understanding the technical infrastructure of the internet including the intricacies of DNS in order to mitigate malicious denial of service attacks. They were also quick to reiterate Cloudflare’s commitment to data privacy:
“In setting up this joint research program, APNIC is acutely aware of the sensitivity of DNS query data. We are committed to treat all data with due care and attention to personal privacy and wish to minimise the potential problems of data leaks. We will be destroying all “raw” DNS data as soon as we have performed statistical analysis on the data flow. We will not be compiling any form of profiles of activity that could be used to identify individuals, and we will ensure that any retained processed data is sufficiently generic that it will not be susceptible to efforts to reconstruct individual profiles. Furthermore, the access to the primary data feed will be strictly limited to the researchers in APNIC Labs, and we will naturally abide by APNIC’s non-disclosure policies.”