Skip to Main Content

What is DNS encryption and how does it impact me?

The fight over the DNS and DNS encryption is heating up, throwing a needed light on a critical technology that connects you to the internet – but does little to protect your privacy.

DNS stands for Domain Name System. Simply put, it’s the system for converting domain names like avira.com into a numerical IP address sequence such as 62.146.210.86 and then helping people connect to their desired online destinations. Just type in that text URL and your device contacts the DNS server run by your internet service provider and asks it for the DNS address so it make the connection. Just think of this as a giant edition of the Yellow Page where instead of your fingers, you let the DNS technology do the walking. Without DNS, you would have to remember the precise IP address of your destination, making the internet much less accessible.

Your DNS is open and unencrypted

Your online activities is broken down into a series of postcards or letters called data packets. The older-HTTP packets are unencrypted, allowing anyone along the transmission chain to know where you are going and what you are saying. It’s like a postcard where everything is visible. The newer HTTPS packets work like a basic letter where your words and activity is sealed and encrypted within a virtual envelope.

But here is the catch – for both HTTP and the more secure HTTPS – the DNS details are not encrypted for either the packet sender and recipient. So if Bill and Alice are always using HTTPS, the mailman will not know the details of Bill’s deep passionate love for Alice. But, he will easily know that Bill is sending and receiving a number of letters from her. And he can also add into his database the other online activities and connections of those two.

If the Post Office wanted to destroy or influence this relationship, they could potentially block the two from communicating together. Or, even more cleverly, they use this information about where Bill and Alice are spending their online time to send the two lovers helpful ads – like chocolate and flower sales ahead of Valentine’s Day. And don’t forget, they know this even when Bill and Alice are trying to be privacy conscious and only chatting with HTTPS.

There is a crowd at the DNS keyhole

One might think that the process, technology, and support for encrypting DNS would be straightforward. What is there to dislike about encrypting DNS activity and giving internet users more privacy? A lot, it seems. Some of the upset parties are Internet Service Providers in the US and the UK. There are competition regulators in the US upset that a de facto private monopoly over DNS could be forming. At least two major browser developers – Firefox by Mozilla and Google Chrome are stepping into the fray with DNS encryption options. Child protection and anti-porn forces are also involved. Even the techies are involved over the shortcomings of the two major paths to DNS encryption — the DNS-over-HTTPS (DoH) protocols fielded by Firefox or the less known DNS-over-TLS. Given this amount of disagreement – and the stakes involved – this argument is just not going to go away anytime soon.

There is value in tracking Bill and Alice (and you) 

Where there is smoke, there is fire and where there is a fight … follow the money. While the romance of Bill and Alice may just involve these two, there is little direct value in tapping this relationship for more details. But magnify this by a few million, you can see how online trackers find this valuable. Just think of the term Surveillance Capitalism as publicized by Shoshana Zuboff and you will get the picture. There is a reason why ISPs and others are fighting over the ability to track your online activities. The real question is if you are willing to be tracked.

Just get a full-fledged VPN

DNS encryption is not a simple, default choice. There are some hoops that users have to jump through to make this possible. In addition, it is not clear how the other court battles will pan out. But why worry, why sweat over DNS leaks and keeping your activity private and out of the hands of trackers. Get a full-fledged VPN such as the free  Avira Phantom VPN that encrypts the entire conversation – packet payload and DNS addresses – to keep your life the way it should be — private and in your hands.

As a PR Consultant and journalist, Frink has covered IT security issues for a number of security software firms, as well as provided reviews and insight on the beer and automotive industries (but usually not at the same time). Otherwise, he's known for making a great bowl of popcorn and extraordinary messes in a kitchen.