1

I mean, for example, if you have configured your home router to Cloudflare's or Google's DNS settings - now, does it make any sense to alter you DNS settings -again- at the your Laptop or Mobile devices or use any WARP App?

Can DNS settings be configured twice i.e both at router level and device level? Does it provide any extra benefit - like more privacy or security?

What happens if you configure you router to Cloudflare's DNS settings while your device is configured to Google's or Quad9's (or any other) DNS settings? Which DNS resolver is in action in such a scenario?

Does such a configuration double the online privacy and security?

Seven T
  • 11
  • 3
  • You have to explain your concern better. How can DNS affect your privacy and security? – papajony Sep 16 '21 at 18:51
  • 1
    It's not me saying that DNS affects privacy and security, it's the Cloudflare's claim that their DNS resolver 1.1.1.1 (and their WARP product) makes your connection more "private" and secure. – Seven T Sep 17 '21 at 09:40
  • thanks. Your DNS requests go to some DNS server anyway, and they may keep track of the sites you visit. So, I guess it is a matter of whom you trust more, your ISP or Cloudflare. – papajony Sep 17 '21 at 10:19
  • But Cloudflare asserts that they don't keep any logs, any whatever minimum data they take in, deletes it mechanically after 24 hrs. Doesn't that make, Coudflare's DNS, more "private" and secure, rather than just simply "trust" them? – Seven T Sep 17 '21 at 14:12

4 Answers4

1

if you have configured your home router to Cloudflare's or Google's DNS settings - now, does it make any sense to alter you DNS settings -again- at the your Laptop or Mobile devices?

If your laptop and mobile devices go 'off' your network and connect to wireless networks at other locations (at school, at the doctor's office, at a restaurant) then it makes sense to have configured those settings at the device level.

Can DNS settings be configured twice i.e both at router level and device level?

They can, although generally, once settings are configured at the device level, router level settings will be ignored.

Does it provide any extra benefit - like more privacy or security?

It's good to enable device level settings in case the device travels. It's good to enable router level settings in case a device that doesn't have local settings comes onto the network. So, yes, there's extra benefit to doing both, although each device will only benefit from one level of setting.

What happens if you configure you router to Cloudflare's DNS settings while your device is configured to Google's or Quad9's (or any other) DNS settings? Which DNS resolver is in action in such a scenario?

Again, only one level of setting will take effect, the most local setting (device before router). If device resolver is configured, that will take effect, and router setting will be ignored.

Does such a configuration double the online privacy and security?

There's no doubling up on a single device, but as mentioned, if the network contains both devices with device level settings and devices without device level settings, then having the router level settings provides a safety net for otherwise naive devices.

gowenfawr
  • 71,975
  • 17
  • 161
  • 198
  • "then it makes sense" - why? DNS (as opposed to DNSSEC) does not implement any sort of integrity/authentication facility - that's we use other things (like certificates). "router level settings will be ignored" - no, the router settings might be ignored by the client, but that does not mean the connection will not be re-routed by the router. "and router setting will be ignored" - while most domestic internet routers come bundled with a DHCP server, it is the latter which directs clients to use a specific DNS server, not the router. This is a very confused answer. – symcbean Sep 17 '21 at 22:44
0

In the case where you've set a DNS server on both the router and the device. The device's setting will take precedence since the OS will use the DNS settings configured on your device instead of the router.

Dot Lee
  • 1
  • 2
0

It's the other way around: if you set the DNS at the router, the user can set their own on the OS and this will take precedence.

What happens if you configure you router to Cloudflare's DNS settings while your device is configured to Google's or Quad9's (or any other) DNS settings?

The DNS configured at the device is the only used. The one you set at the router is the suggested DNS resolver, and it will be sent to the devices using DHCP (along with device's IP, netmask and default gateway). The device is free to ignore any of those addresses and use its own values.

As DHCP settings are not mandatory, the device may choose to use whatever DNS resolver it wants, whatever IP address. Using a different default gateway or network mask may keep the device from accessing the internet, but can be done as easily.

Does such a configuration double the online privacy and security?

It changes nothing. Your privacy and security are less dependent on the DNS settings than most people believe. Unless you are using DNS-over-TLS or DNS-over-HTTPS, no matter what DNS resolver you use, your ISP will know what domains you are acessing (if they care to look).

ThoriumBR
  • 50,648
  • 13
  • 127
  • 142
  • Cloudflare has maintained that 1.1.1.1 DNS services, support DNS-over-HTTPS and DNS-over-TLS, and that it would honor user privacy. Now, does that mean my ISP cannot see my Domain querries and my searches are private? – Seven T Sep 17 '21 at 18:18
  • If you are using DNS-over-TLS or DNS-over-HTTPS, your ISP cannot easily see that. But you will need to connect to whatever domain you just securely queried over TLS, and your ISP will have to know for sure the IP address you want to connect to. – ThoriumBR Sep 17 '21 at 20:04
0

You can connect to an IP network without having to manually specify the client address and the structure of the network because most such networks provide a DHCP service. This tells your computer about the network. It may also suggest a DNS server (or servers) to use. The default configuration on most computers is to accept the suggested DNS config if the interface is configured to use DHCP. But you can change that.

The router is the point through which data enters and exits the network. Therefore software on the router can read (and potentially modify) any data passing through it. End-to-end encryption (e.g. with HTTPS) prevents eavesdropping/tampering with the data. Normal DNS does not use encryption. While its possible to hide the DNS data using DNS-over-HTTPS, a man-in-the-middle can still see what IP address you are connecting to so of little benefit in hiding your activity.

Your computer will not store DNS records indefinitely - there are very specific rules about how long it should cache that data with parameters controlled by the administrator of the DNS zone. This site, for example, has an unusually long TTL of 3 days. But even if you didn't switch off your machine for those 3 days, you don't know when that record will expire or be evicted from the cache.

Does such a configuration double the online privacy and security?

No.

If you need that level of privacy / security use an anonymization service.

symcbean
  • 18,278
  • 39
  • 73