DNS Refresher
-
- UraniumLounger
- Posts: 9284
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
DNS Refresher
I'm in bad need of a refresher course on how Domain Name Servers are employed on a PC and its connections. I have become very confused of late.
I thought that my router held the DNS information and managed all IP address/URL interpretations. When I looked into my router settings I found nothing to indicate this.
As I continue to attempt problem resolution I discovered and ran the DNS Benchmark freeware from Steve Gibson. Running this program returned a long list of DNS server names and IP addresses. The fastest of these was associated with the IP address of my router, 192.168.1.1. I still don't know if that is firmware in my router or simply the id tagged because my router is my gateway to the 'Net.
After running the speed test I saw a recommendation to run Gibson's freeware Spoofability test. I ran it and the results came back for a number of IP addresses a couple of which showed 'moderate' exposure. I don't know if they can be eliminated or not.
So, to shorten this post a bit, I'd be much obliged for any pointers to good wiki or tutorials on how to manage DNS choices and how to control which are used (if that is possible).
I thought that my router held the DNS information and managed all IP address/URL interpretations. When I looked into my router settings I found nothing to indicate this.
As I continue to attempt problem resolution I discovered and ran the DNS Benchmark freeware from Steve Gibson. Running this program returned a long list of DNS server names and IP addresses. The fastest of these was associated with the IP address of my router, 192.168.1.1. I still don't know if that is firmware in my router or simply the id tagged because my router is my gateway to the 'Net.
After running the speed test I saw a recommendation to run Gibson's freeware Spoofability test. I ran it and the results came back for a number of IP addresses a couple of which showed 'moderate' exposure. I don't know if they can be eliminated or not.
So, to shorten this post a bit, I'd be much obliged for any pointers to good wiki or tutorials on how to manage DNS choices and how to control which are used (if that is possible).
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- Administrator
- Posts: 12604
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: DNS Refresher
Bob, I am pretty knowledgable on this topic, and would be happy to answer specific questions.
Most of the DNS primers I can find on a quick internet search are quite complex, and not aimed at someone who just wants to configure a PC.
Most of the DNS primers I can find on a quick internet search are quite complex, and not aimed at someone who just wants to configure a PC.
StuartR
-
- UraniumLounger
- Posts: 9284
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
Re: DNS Refresher
Hi Stuart!
Thanks for the help. I will go back over my work of yesterday and try to compose a set of cogent questions.
I'll be back . . .
Thanks for the help. I will go back over my work of yesterday and try to compose a set of cogent questions.
I'll be back . . .
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- SilverLounger
- Posts: 2069
- Joined: 25 Jan 2010, 02:12
Re: DNS Refresher
You may have posted it elsewhere but what is the make & model of the router. We may be able to find the user manual and discover something.
Joe
-
- UraniumLounger
- Posts: 9284
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
Re: DNS Refresher
The router is a Linksys EA7300.
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- SilverLounger
- Posts: 2069
- Joined: 25 Jan 2010, 02:12
-
- UraniumLounger
- Posts: 9284
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
Re: DNS Refresher
OK, it's question time; but, first, I'm going to tell you what I think I know about Domain Name Servers: A DNS translates URLs to IPs and IPs to URLs.
Question:
1) If I put the IP addresses of the servers that I want to use in the DHCP settings in my router, will they be used in the order they appear in?
2) When I run Gibson's DNS Benchmark, I see ratings on a lot (dozens) of Nameservers with IP addresses. Why are there so many? Is it just because Gibson is showing what I might be using or is it possible that I might use them unknowingly?
3) Can I prevent the use of selected servers? I ask because when I ran Spoofability I got results for some that have only moderate prevention against spoof attacks. Again, is this just Gibson casting a wide net or am I likely to use them unknowingly?
4) What 4 DNS servers do you recommend (because that's what my routers allows in DHCP)?
5) What more do I need to know about DNS servers, their uses, and their exposures?
Question:
1) If I put the IP addresses of the servers that I want to use in the DHCP settings in my router, will they be used in the order they appear in?
2) When I run Gibson's DNS Benchmark, I see ratings on a lot (dozens) of Nameservers with IP addresses. Why are there so many? Is it just because Gibson is showing what I might be using or is it possible that I might use them unknowingly?
3) Can I prevent the use of selected servers? I ask because when I ran Spoofability I got results for some that have only moderate prevention against spoof attacks. Again, is this just Gibson casting a wide net or am I likely to use them unknowingly?
4) What 4 DNS servers do you recommend (because that's what my routers allows in DHCP)?
5) What more do I need to know about DNS servers, their uses, and their exposures?
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- Administrator
- Posts: 12604
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: DNS Refresher
A DNS server translates host names into IP addresses.
It can also provide other types of data, but the main job is name to address translation.
1) Most devices have a primary DNS server that they use for all queries, and a secondary DNS server that they only use if the primary one doesn't respond
2) There are very many DNS servers around the world, you can choose to use any of the public ones, and should choose one that has a low latency (responds fast to queries). You will also want to think about whether they respect your privacy (the DNS server knows every hostname you connect to), how reliable they are, and how likely they are to be hacked and used to hijack your connections.
3) You can only choose what DNS servers you use directly. DNS is a hierarchic system, where each DNS server replies with information if it already knows the answer, or asks another DNS server if it doesn't know. Typically your home PCs and devices will use your router as their DNS server. Your router will use a server at your ISP, that will use a DNS server at some other ISP etc. This can vary though, for example my VPN software over-rides my DNS server configuration to protect my privacy.
4) If you use a VPN service then use the VPN service provider's DNS server. Otherwise use a well known server such as OpenDNS (208.67.222.222, 208.67.220.220), Cloudflare (1.1.1.1, 1.0.0.1), or Google (8.8.8.8, 8.8.4.4). I'm surprised that your router supports four DNS servers, two is the normal number.
5) I think most of the essentials are covered here already
It can also provide other types of data, but the main job is name to address translation.
1) Most devices have a primary DNS server that they use for all queries, and a secondary DNS server that they only use if the primary one doesn't respond
2) There are very many DNS servers around the world, you can choose to use any of the public ones, and should choose one that has a low latency (responds fast to queries). You will also want to think about whether they respect your privacy (the DNS server knows every hostname you connect to), how reliable they are, and how likely they are to be hacked and used to hijack your connections.
3) You can only choose what DNS servers you use directly. DNS is a hierarchic system, where each DNS server replies with information if it already knows the answer, or asks another DNS server if it doesn't know. Typically your home PCs and devices will use your router as their DNS server. Your router will use a server at your ISP, that will use a DNS server at some other ISP etc. This can vary though, for example my VPN software over-rides my DNS server configuration to protect my privacy.
4) If you use a VPN service then use the VPN service provider's DNS server. Otherwise use a well known server such as OpenDNS (208.67.222.222, 208.67.220.220), Cloudflare (1.1.1.1, 1.0.0.1), or Google (8.8.8.8, 8.8.4.4). I'm surprised that your router supports four DNS servers, two is the normal number.
5) I think most of the essentials are covered here already
StuartR
-
- Administrator
- Posts: 78471
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: DNS Refresher
In addition: Gibson's DNS Benchmark lists about 50 DNS servers. The ones that YOU use have a black outline - usually two or three (two used by your router plus the router itself). The others are not used, but listed for comparison.
Best wishes,
Hans
Hans
-
- UraniumLounger
- Posts: 9284
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
Re: DNS Refresher
Thank you Stuart and Hans.
I have my router DHCP set to use the exact same DNS servers as those indicated in #4 above in Stuart's response. When I do an ipconfig /all I get information shown in the screenshots attached.
My ISP uses the "mygrande.net" domain. What does it mean that it shows up associated with DNS connectivity settings? Do the settings in my router supersede the information in ipconfig?
Again, thank you very much. I know that I have been through all this before, but I'll soon be 80 yo and my brain is aging. Refreshers are required more and more often these days.
I have my router DHCP set to use the exact same DNS servers as those indicated in #4 above in Stuart's response. When I do an ipconfig /all I get information shown in the screenshots attached.
My ISP uses the "mygrande.net" domain. What does it mean that it shows up associated with DNS connectivity settings? Do the settings in my router supersede the information in ipconfig?
Again, thank you very much. I know that I have been through all this before, but I'll soon be 80 yo and my brain is aging. Refreshers are required more and more often these days.
You do not have the required permissions to view the files attached to this post.
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- UraniumLounger
- Posts: 9284
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
Re: DNS Refresher
How to interpret Gibson's DNS Benchmark conclusions.
After running the benchmark, Gibson concluded that I should not be using the router to resolve addresses (or, at least, that's what I think it means).
Here's part of the conclusions. If I understand it correctly, I should be using my ISP's routing solely or should, at least, add its IP as one of my DHCP entries.
Would you gentlemen agree or disagree with that recommendation? Or, am I totally misinterpreting the information?
After running the benchmark, Gibson concluded that I should not be using the router to resolve addresses (or, at least, that's what I think it means).
Here's part of the conclusions. If I understand it correctly, I should be using my ISP's routing solely or should, at least, add its IP as one of my DHCP entries.
Would you gentlemen agree or disagree with that recommendation? Or, am I totally misinterpreting the information?
You do not have the required permissions to view the files attached to this post.
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- UraniumLounger
- Posts: 9284
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
Re: DNS Refresher
And, what I hope will be the last call on your gracious help . . .
Here is a screenshot of the spoofability test showing my ISPs server results as "Moderate."
Should I be concerned about this?
Here is a screenshot of the spoofability test showing my ISPs server results as "Moderate."
Should I be concerned about this?
You do not have the required permissions to view the files attached to this post.
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- Administrator
- Posts: 78471
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: DNS Refresher
You can specify DNS servers in your router and/or in Windows. If you set them in both, those in Windows will overrule those of your router.
For Windows, see for example How to Change DNS Servers in Windows. I'd choose one of the sets mentioned by StuartR higher up in this thread (OpenDNS, CloudFlare or Google). Each of those is fast and dependable.
For Windows, see for example How to Change DNS Servers in Windows. I'd choose one of the sets mentioned by StuartR higher up in this thread (OpenDNS, CloudFlare or Google). Each of those is fast and dependable.
Best wishes,
Hans
Hans
-
- SilverLounger
- Posts: 2069
- Joined: 25 Jan 2010, 02:12
Re: DNS Refresher
I would just select from the public DNS servers that Stuart listed. Pick the ones that have the best latency for you. Steve Gibson tends to go overboard. You meet point number two about the DNS addresses being under your control. For the vast, vast majority of users the relative power of the DNS software in the router is irrelevant. While a good degree of paranoia is needed for internet activities these days, by and large, the bad guys are not trying to crash any one individual router. There are generally much more concerned with disrupting business or government systems.
BTW, from your picture your router supports 3 DNS servers. You should NOT be using Google as a WiNS server. It is unlikely that Google is running WINS software.
BTW, from your picture your router supports 3 DNS servers. You should NOT be using Google as a WiNS server. It is unlikely that Google is running WINS software.
Joe
-
- UraniumLounger
- Posts: 9284
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
Re: DNS Refresher
Thanks, Hans!
I didn't realize that I had settings both in the router and the PC. All is well now. A new ipconfig /all reveals the cloudflare servers I want now.
I didn't realize that I had settings both in the router and the PC. All is well now. A new ipconfig /all reveals the cloudflare servers I want now.
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- Administrator
- Posts: 12604
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: DNS Refresher
StuartR