DNS Refresher

Networking, connecting to the internet, wi-fi and home entertainment
User avatar
BobH
UraniumLounger
Posts: 8326
Joined: 13 Feb 2010, 01:27
Location: Temple - Deep in the Heart of Texas

DNS Refresher

Post by BobH »

I'm in bad need of a refresher course on how Domain Name Servers are employed on a PC and its connections. I have become very confused of late.

I thought that my router held the DNS information and managed all IP address/URL interpretations. When I looked into my router settings I found nothing to indicate this.

As I continue to attempt problem resolution I discovered and ran the DNS Benchmark freeware from Steve Gibson. Running this program returned a long list of DNS server names and IP addresses. The fastest of these was associated with the IP address of my router, 192.168.1.1. I still don't know if that is firmware in my router or simply the id tagged because my router is my gateway to the 'Net.

After running the speed test I saw a recommendation to run Gibson's freeware Spoofability test. I ran it and the results came back for a number of IP addresses a couple of which showed 'moderate' exposure. I don't know if they can be eliminated or not.

So, to shorten this post a bit, I'd be much obliged for any pointers to good wiki or tutorials on how to manage DNS choices and how to control which are used (if that is possible).

:cheers: :chocciebar: :thankyou:
Bob's yer Uncle!
(1/2)(1+√5)
Intel Core i5, 3570K, 3.40 GHz, 16 GB RAM, ECS Z77 H2-A3 Mobo, Windows 7 >HPE 64-bit, MS Office 2016

User avatar
StuartR
Administrator
Posts: 11499
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: DNS Refresher

Post by StuartR »

Bob, I am pretty knowledgable on this topic, and would be happy to answer specific questions.

Most of the DNS primers I can find on a quick internet search are quite complex, and not aimed at someone who just wants to configure a PC.
StuartR


User avatar
BobH
UraniumLounger
Posts: 8326
Joined: 13 Feb 2010, 01:27
Location: Temple - Deep in the Heart of Texas

Re: DNS Refresher

Post by BobH »

Hi Stuart!

Thanks for the help. I will go back over my work of yesterday and try to compose a set of cogent questions.

I'll be back . . .
Bob's yer Uncle!
(1/2)(1+√5)
Intel Core i5, 3570K, 3.40 GHz, 16 GB RAM, ECS Z77 H2-A3 Mobo, Windows 7 >HPE 64-bit, MS Office 2016

JoeP
SilverLounger
Posts: 1648
Joined: 25 Jan 2010, 02:12

Re: DNS Refresher

Post by JoeP »

You may have posted it elsewhere but what is the make & model of the router. We may be able to find the user manual and discover something.
Joe

User avatar
BobH
UraniumLounger
Posts: 8326
Joined: 13 Feb 2010, 01:27
Location: Temple - Deep in the Heart of Texas

Re: DNS Refresher

Post by BobH »

The router is a Linksys EA7300.
Bob's yer Uncle!
(1/2)(1+√5)
Intel Core i5, 3570K, 3.40 GHz, 16 GB RAM, ECS Z77 H2-A3 Mobo, Windows 7 >HPE 64-bit, MS Office 2016

JoeP
SilverLounger
Posts: 1648
Joined: 25 Jan 2010, 02:12

Re: DNS Refresher

Post by JoeP »

Joe

User avatar
BobH
UraniumLounger
Posts: 8326
Joined: 13 Feb 2010, 01:27
Location: Temple - Deep in the Heart of Texas

Re: DNS Refresher

Post by BobH »

OK, it's question time; but, first, I'm going to tell you what I think I know about Domain Name Servers: A DNS translates URLs to IPs and IPs to URLs.

Question:
1) If I put the IP addresses of the servers that I want to use in the DHCP settings in my router, will they be used in the order they appear in?

2) When I run Gibson's DNS Benchmark, I see ratings on a lot (dozens) of Nameservers with IP addresses. Why are there so many? Is it just because Gibson is showing what I might be using or is it possible that I might use them unknowingly?

3) Can I prevent the use of selected servers? I ask because when I ran Spoofability I got results for some that have only moderate prevention against spoof attacks. Again, is this just Gibson casting a wide net or am I likely to use them unknowingly?

4) What 4 DNS servers do you recommend (because that's what my routers allows in DHCP)?

5) What more do I need to know about DNS servers, their uses, and their exposures?

:cheers: :chocciebar: :thankyou:
Bob's yer Uncle!
(1/2)(1+√5)
Intel Core i5, 3570K, 3.40 GHz, 16 GB RAM, ECS Z77 H2-A3 Mobo, Windows 7 >HPE 64-bit, MS Office 2016

User avatar
StuartR
Administrator
Posts: 11499
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: DNS Refresher

Post by StuartR »

A DNS server translates host names into IP addresses.
It can also provide other types of data, but the main job is name to address translation.

1) Most devices have a primary DNS server that they use for all queries, and a secondary DNS server that they only use if the primary one doesn't respond

2) There are very many DNS servers around the world, you can choose to use any of the public ones, and should choose one that has a low latency (responds fast to queries). You will also want to think about whether they respect your privacy (the DNS server knows every hostname you connect to), how reliable they are, and how likely they are to be hacked and used to hijack your connections.

3) You can only choose what DNS servers you use directly. DNS is a hierarchic system, where each DNS server replies with information if it already knows the answer, or asks another DNS server if it doesn't know. Typically your home PCs and devices will use your router as their DNS server. Your router will use a server at your ISP, that will use a DNS server at some other ISP etc. This can vary though, for example my VPN software over-rides my DNS server configuration to protect my privacy.

4) If you use a VPN service then use the VPN service provider's DNS server. Otherwise use a well known server such as OpenDNS (208.67.222.222, 208.67.220.220), Cloudflare (1.1.1.1, 1.0.0.1), or Google (8.8.8.8, 8.8.4.4). I'm surprised that your router supports four DNS servers, two is the normal number.

5) I think most of the essentials are covered here already
StuartR


User avatar
HansV
Administrator
Posts: 71978
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: DNS Refresher

Post by HansV »

In addition: Gibson's DNS Benchmark lists about 50 DNS servers. The ones that YOU use have a black outline - usually two or three (two used by your router plus the router itself). The others are not used, but listed for comparison.
Regards,
Hans

User avatar
BobH
UraniumLounger
Posts: 8326
Joined: 13 Feb 2010, 01:27
Location: Temple - Deep in the Heart of Texas

Re: DNS Refresher

Post by BobH »

Thank you Stuart and Hans. :chocciebar:

I have my router DHCP set to use the exact same DNS servers as those indicated in #4 above in Stuart's response. When I do an ipconfig /all I get information shown in the screenshots attached.
ipconfig slash all 1.PNG
ipconfig slash all 2.PNG
ipconfig slash all 3.PNG
My ISP uses the "mygrande.net" domain. What does it mean that it shows up associated with DNS connectivity settings? Do the settings in my router supersede the information in ipconfig?

Again, thank you very much. I know that I have been through all this before, but I'll soon be 80 yo and my brain is aging. Refreshers are required more and more often these days.

:cheers: :chocciebar: :thankyou:
You do not have the required permissions to view the files attached to this post.
Bob's yer Uncle!
(1/2)(1+√5)
Intel Core i5, 3570K, 3.40 GHz, 16 GB RAM, ECS Z77 H2-A3 Mobo, Windows 7 >HPE 64-bit, MS Office 2016

User avatar
BobH
UraniumLounger
Posts: 8326
Joined: 13 Feb 2010, 01:27
Location: Temple - Deep in the Heart of Texas

Re: DNS Refresher

Post by BobH »

How to interpret Gibson's DNS Benchmark conclusions.

After running the benchmark, Gibson concluded that I should not be using the router to resolve addresses (or, at least, that's what I think it means).

Here's part of the conclusions.
dns benchmark conclusions.PNG
If I understand it correctly, I should be using my ISP's routing solely or should, at least, add its IP as one of my DHCP entries.

Would you gentlemen agree or disagree with that recommendation? Or, am I totally misinterpreting the information?
You do not have the required permissions to view the files attached to this post.
Bob's yer Uncle!
(1/2)(1+√5)
Intel Core i5, 3570K, 3.40 GHz, 16 GB RAM, ECS Z77 H2-A3 Mobo, Windows 7 >HPE 64-bit, MS Office 2016

User avatar
BobH
UraniumLounger
Posts: 8326
Joined: 13 Feb 2010, 01:27
Location: Temple - Deep in the Heart of Texas

Re: DNS Refresher

Post by BobH »

And, what I hope will be the last call on your gracious help . . .

Here is a screenshot of the spoofability test showing my ISPs server results as "Moderate."

Should I be concerned about this?
spoofability (561 x 294).jpg
You do not have the required permissions to view the files attached to this post.
Bob's yer Uncle!
(1/2)(1+√5)
Intel Core i5, 3570K, 3.40 GHz, 16 GB RAM, ECS Z77 H2-A3 Mobo, Windows 7 >HPE 64-bit, MS Office 2016

User avatar
HansV
Administrator
Posts: 71978
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: DNS Refresher

Post by HansV »

You can specify DNS servers in your router and/or in Windows. If you set them in both, those in Windows will overrule those of your router.

For Windows, see for example How to Change DNS Servers in Windows. I'd choose one of the sets mentioned by StuartR higher up in this thread (OpenDNS, CloudFlare or Google). Each of those is fast and dependable.
Regards,
Hans

JoeP
SilverLounger
Posts: 1648
Joined: 25 Jan 2010, 02:12

Re: DNS Refresher

Post by JoeP »

I would just select from the public DNS servers that Stuart listed. Pick the ones that have the best latency for you. Steve Gibson tends to go overboard. You meet point number two about the DNS addresses being under your control. For the vast, vast majority of users the relative power of the DNS software in the router is irrelevant. While a good degree of paranoia is needed for internet activities these days, by and large, the bad guys are not trying to crash any one individual router. There are generally much more concerned with disrupting business or government systems.

BTW, from your picture your router supports 3 DNS servers. You should NOT be using Google as a WiNS server. It is unlikely that Google is running WINS software.
Joe

User avatar
BobH
UraniumLounger
Posts: 8326
Joined: 13 Feb 2010, 01:27
Location: Temple - Deep in the Heart of Texas

Re: DNS Refresher

Post by BobH »

Thanks, Hans!

I didn't realize that I had settings both in the router and the PC. All is well now. A new ipconfig /all reveals the cloudflare servers I want now. :cheers: :chocciebar: :thankyou:
Bob's yer Uncle!
(1/2)(1+√5)
Intel Core i5, 3570K, 3.40 GHz, 16 GB RAM, ECS Z77 H2-A3 Mobo, Windows 7 >HPE 64-bit, MS Office 2016

User avatar
StuartR
Administrator
Posts: 11499
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: DNS Refresher

Post by StuartR »

:thumbup:
StuartR