fbpx XOMedia

IT

A simple change to Speed up and Secure your home network

Quick Summary: Follow along in this short guide to learn how to configure a faster, more secure and resilient DNS configuration for your home network.
  
Last updated: | Leave a comment

Overview

In this article we’re going to learn how to configure a faster, more secure and robust DNS configuration for your business and home network.

DNS (Domain Name System), similar to your personal contacts on your phone – is a protocol responsible for translating requests for domain names like www.xomedia.io into IP addresses like 173.236.251.117.

Motivation

Performance and Reliability

If a DNS service is overloaded or goes down, this will adversely affect your Internet connection. Pointing to a fast reliable DNS service can boost your Internet speed.

One busy afternoon we lost connection to a bunch of servers even though our Internet line was still active (we were still able to ping remote IP addresses). Without giving it any thought, we changed the DNS IPs on our firewall to get around the issue. A few days later, we learned that our ISP (Comcast) was experiencing a DNS outage that affected customers on the East Coast and parts of the Midwest.These outages still persist today.

Security and Privacy

Traditional DNS queries and responses are sent over UDP or TCP protocols without encryption (plain text). This means anyone with access to the network can potentially see the domain names you are requesting (even when you are accessing a secured website). This is vulnerable to eavesdropping and spoofing (including DNS-based Internet filtering).

So, follow along in this guide to learn how to configure a faster, more secure and robust DNS configuration for your business and home network.

Configure a faster, more reliable DNS

We configured systems on our network to use Cloudflare and Google public DNS servers.

Both DNS services are very reliable and rank among the top 10 fastest public resolvers globally.

Here is a moderated list of alternate public resolvers you can select from. Or, choose from this handy list. that user oxygen_crisis posted on HN.

Cloudflare IPs

1.1.1.1
1.0.0.1

Google IPs

8.8.8.8
8.8.4.4

Visit either of the following links for instructions on how to configure DNS settings for your OS or device:

Cloudflare Instructions

Google Instructions

In our DNS setups, we use a combination of Cloudflare (as a primary) and Google (as a secondary):

*NIX

~]# cat /etc/resolv.conf
search xomedia.io
nameserver 1.1.1.1
nameserver 8.8.8.8
~]#

Windows

C:\Users\xomedia>ipconfig /all

Windows IP Configuration

Wireless LAN adapter Wi-Fi:

[...]
   Default Gateway . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 8.8.8.8
                                       1.1.1.1
[...]

For Windows, once you’ve completed configuring your DNS settings, you can clear your DNS cache with the following command:

C:\Users\xomedia>ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

Configure a more secure DNS experience

As mentioned earlier, DNS communicates over a plain text protocol. Anyone on your network can potentially see the domain names you are requesting, revealing information about your browsing activity and websites you visit.

There are several ways to encrypt DNS traffic for increased privacy and security:

  • DoH: DNS over HTTPS is a protocol that encrypts DNS queries using HTTPS, the same security protocol used to secure websites.
  • DoT: DNS over TLS is a protocol that uses transport layer security (another encryption protocol), to secure DNS communication.
  • DNSSEC: This is an extension to the DNS protocol that uses cryptography to authenticate DNS responses, ensuring they haven’t been tampered with.
  • VPN: Using a virtual private network (VPN) can encrypt all your internet traffic, including DNS queries.

DNS over HTTPS

The quickest, simplest way to protect yourself is to configure your browser to use DoH.

DNS over HTTPS through your web browser keeps your DNS queries secure so no one can determine what you do while surfing the Internet.

Follow instructions here to quickly configure DoH for Chrome, Edge, Firefox Brave and Safari:

Configure your browser to use DoH

Clouflare WARP

Earlier, we covered Cloudflare’s 1.1.1.1 fast, privacy-respecting DNS resolving service.

Cloudflare also offers a free VPN service called Cloudflare WARP. Combined with 1.1.1.1, you get encrypted traffic and protection from snooping. Instead of just encrypting DNS queries, your entire Internet connection will become faster, more secure and private.

WARP + 1.1.1.1 = secure, private and fast Internet connection experience – all for free!

Benefits:

  • Provides a faster, more secure, and more private Internet on your devices.
  • Prevents 3rd parties (“data tracking” or “ISP monitoring”) from snooping on you while on the Internet.
  • Encrypts all Internet traffic on your device: “This doesn’t just apply to your web browser but to all apps running on your device. Any unencrypted connections are encrypted automatically and by default.”
  • WARP VPN is an improvement over other VPN solutions in that it will not slow down your Internet or drain your device battery.

How does it work?

1.1.1.1 with WARP replaces the connection between your phone and the Internet with a modern, optimized, protocol. It prevents anyone from snooping on you by encrypting the traffic leaving your device.

The WARP application uses BoringTun (an open-source implementation of the WireGuard protocol written in Rust) to encrypt all the traffic from your device and send it directly to Cloudflare’s edge network, ensuring that no one in between is snooping on what you’re doing.

BoringTun has several advantages over other WireGuard implementations, including:

  • It is cross-platform, and can be ported to different operating systems.
  • It is written in Rust, which is a memory-safe and efficient language.
  • It is a fast, secure implementation of WireGuard – capable of providing high throughput and low latency.

How to install:

WARP is now supported on all major platforms: Android, iPhone, Windows, macOS and Linux

Installation is simple and quick: Visit 1.1.1.1 from any device to get started

After installing WARP on Windows it will load in your system tray. To activate, toggle the button to enable WARP:

Cloudflare Warp enable

Then verify that your IPs have changed.

1) Your public (ISP assigned) IP:

whatsmyip.org

2) And your DNS IPs:

C:\Users\xomedia>ipconfig /all

Windows IP Configuration

[...]

Unknown adapter CloudflareWARP:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Cloudflare WARP Interface Tunnel
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2606:4700:110:8fa7:b6ec:4b0d:d791:6371(Preferred)
   Link-local IPv6 Address . . . . . : fe80::83b:d647:4bed:d388%63(Preferred)
   IPv4 Address. . . . . . . . . . . : 172.16.0.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 127.0.2.2
                                       127.0.2.3
   NetBIOS over Tcpip. . . . . . . . : Enabled


Wireless LAN adapter Wi-Fi:

[...]
   Default Gateway . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 127.0.2.2
                                       127.0.2.3
[...]

Now with the toggle of a button, you can connect through a Cloudflare data center near you. Traffic to sites behind Cloudflare are more secure, private and faster.

Conclusion

Well done!

In this brief guide we covered configuring a faster more reliable DNS service using Cloudflare as your primary DNS (fastest) and Google DNS as a secondary.

We also explained how to configure Cloudflare WARP for a more secure Internet experience.

References

https://developers.google.com/speed/public-dns
https://en.wikipedia.org/wiki/Google_Public_DNS
https://en.wikipedia.org/wiki/1.1.1.1
https://one.one.one.one/
https://developers.cloudflare.com/1.1.1.1/
https://developers.cloudflare.com/warp-client/
https://blog.cloudflare.com/1111-warp-better-vpn/
https://blog.cloudflare.com/geoexit-improving-warp-user-experience-larger-network/
https://www.cloudflare.com/learning/access-management/what-is-a-vpn/
https://github.com/cloudflare/boringtun

Thanks for reading!

If you enjoyed this post, please share:  

XOMedia is a full-service IT solutions provider. Learn how your business can benefit from XOMedia's 30+ years of experience with our Consulting and Partnership services - all work is backed by our 100% guaranteed.



Back to Blog Home

To top