What is Domain Name Service (DNS), and what are the private DNS providers? NextDNS: An Option

Posted on March 6, 2023  •  4 minutes  • 796 words  • Other languages:  Türkçe

What is Domain Name Service (DNS)?

Domain Name Service is one of the central technology of current information systems. When we type and browse to www.duckduckgo.com , we connect to a server with an IP, like ‘40.114.177.156’, and access the website. A regular smart device connected to the internet may request hundreds or even thousands of Domain Name Service Requests to access specific systems. NextDNS is a private Domain Name Service provider which has many tuning features to increase the information security of small office–home office (SOHO) environments.

If it is not explicitly configured for many environments, the default DNS provider should be the internet service provider’s (ISP) servers. In this text, I’ll explain the current features and configurations of NextDNS for end-users.

NextDNS

NextDNS is founded by Romain Cointepas and Olivier Poitrey . Security, Privacy, Parental Control, and Analytics & Logs are the main features.

Security

There are options to opt-in to prevent malicious domain names, like a fake website for a bank. For instance:

• “Threat Intelligence Feeds” are live lists that update in real-time in the discovery of a new malicious domain and/or known malicious servers.
• “AI-Driver Threat Detection” is an option that prevents new malicious domains based on machine-learning algorithms. Google Safe Browsing, Cryptojacking Protection, Block Newly Registered Domains (NRDs) for domains registered in the last 30 days and others for more technical aspects are currently available to enable for your configuration profile.

Privacy

For privacy protection, like leaking unnecessary information when using a device or browsing a website, currently, there are many dedicated blocking lists, like EasyPrivacy, AdGuard, etc. There are more than 80 different lists to add your configuration profile easily. NextDNS also have a native list called “NextDNS Ads & Trackers Blocklist.” They are currently testing in Beta version of their “Native Tracking Protection”, which has “Windows, Apple, and some other” options.

Parental Control

In that section, we should mention one topic that a user can configure more than one configurations profiles, like one for adults and one for children, to implement different categories to block access. There is also an option called “Recreation Time” to give access to the blocked games or categories at a particular time, like if children have a gaming time at weekends from 14.00 to 18.00, that setting can be implemented here. Other than those configured times, the selected games or categories will not be accessed. The other options are “SafeSearch” to filter explicit results from main search engine results and the other is Youtube Restricted Mode to filter mature videos and hide comments.

Analytics and Logs

Before giving details about analytics, there are “Denylist” and “Allowlist” options for global options that will overwrite all other configuration options to write specific website or domain addresses. The Analytics section provides details and statistics about which domain names are resolved to connect mostly, which ones are blocked, blocking reasons based on the lists and options selected beforehand and some resolving requests from different devices shown.

The logs section shows requests your devices requested to resolve domain names for their IPs. They can be enabled or disabled to record based on preference. Available log data storage locations are the United States (default option), European Union, the United Kingdom, and Switzerland. Locations matter because of the different laws which directly affect users’ data privacy. There is also an option to select retention time for logs, e.g. expiration time to delete after that specific time.

Setup Guides

After setting up and logging into the account, which also supports Two Factor Authentication, there are setup guides to implement that new configuration profile to use your devices provided explicitly for “Android, iOS, Windows, macOS, Linux, ChromeOS, Browsers, and Routers.”

For instance, if you configure your home router to use NextDNS, every device that uses that router will automatically use NextDNS. There is more than one way to use it, but those guides are regularly updated with new, more secure ways to connect NextDNS like DNS-over-TLS or DNS-over-HTTPS.

Lastly, I’d like to underline to implementation of dedicated private DNS providers because of potential blocks by governments or ISPs. If your internet service provider blocks or slows down your access to a website, the DNS is their primary option. But another fundamental question is here: “Quis custodiet ipsos custodes?” (Who will guard the guards themselves?) by Roman poet Juvenal from his Satires.
Reliability is a problematic word for information security. But if we compare a local government with a global DNS provider company regarding censorship policies, the second one would be a better option for those local people.

There are currently four different pricing options for using NextDNS.

Disclaimer: This text is provided without any influence or support of NextDNS Inc. and aims to provide a guideline for end-users to introduce private DNS providers.