What are the implications of activating “obtain DNS server address automatically”?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;







up vote
1
down vote

favorite
1












There's a (private, password-protected) WiFi network (not under my control) which at first did not work* for my laptop - until I disabled the option that caused it to use google's DNS server.
[*] not working means that the laptop was connected to the LAN, but had no internet access.



What are the security/privacy implications, if any, of using one or the other? Is it a sign that something fishy is going on if 8.8.8.8 is not working?










share|improve this question







New contributor




lucidbrot is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

























    up vote
    1
    down vote

    favorite
    1












    There's a (private, password-protected) WiFi network (not under my control) which at first did not work* for my laptop - until I disabled the option that caused it to use google's DNS server.
    [*] not working means that the laptop was connected to the LAN, but had no internet access.



    What are the security/privacy implications, if any, of using one or the other? Is it a sign that something fishy is going on if 8.8.8.8 is not working?










    share|improve this question







    New contributor




    lucidbrot is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.





















      up vote
      1
      down vote

      favorite
      1









      up vote
      1
      down vote

      favorite
      1






      1





      There's a (private, password-protected) WiFi network (not under my control) which at first did not work* for my laptop - until I disabled the option that caused it to use google's DNS server.
      [*] not working means that the laptop was connected to the LAN, but had no internet access.



      What are the security/privacy implications, if any, of using one or the other? Is it a sign that something fishy is going on if 8.8.8.8 is not working?










      share|improve this question







      New contributor




      lucidbrot is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      There's a (private, password-protected) WiFi network (not under my control) which at first did not work* for my laptop - until I disabled the option that caused it to use google's DNS server.
      [*] not working means that the laptop was connected to the LAN, but had no internet access.



      What are the security/privacy implications, if any, of using one or the other? Is it a sign that something fishy is going on if 8.8.8.8 is not working?







      dns






      share|improve this question







      New contributor




      lucidbrot is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question







      New contributor




      lucidbrot is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question






      New contributor




      lucidbrot is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked 4 hours ago









      lucidbrot

      1064




      1064




      New contributor




      lucidbrot is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      lucidbrot is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      lucidbrot is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.




















          2 Answers
          2






          active

          oldest

          votes

















          up vote
          2
          down vote













          Well, I can imagine legitimate reasons why a network administrator would want to block access to Google's DNS. After all, you're basically telling Google about every host you're connecting to. To Google, that's very valuable information since without it, they'll be tracking you on the WWW only. By using their DNS as well, you're giving them everything there is to know about your movements on the internet.



          On the other hand, a locally administered DNS can in principle do lots of other sinister things, for example redirect you (visibly or invisibly).



          In the end, you simply have to think about who operates the network, what their interests may be and how you can trust them. Or just ask.






          share|improve this answer








          New contributor




          Victor Mataré is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.
























            up vote
            1
            down vote













            Why might a custom DNS server not work



            There are many reasons that specifying the DNS servers may block you from using the connection:



            • The network may be protecting all DNS queries to protect from tracking or interception, in which case they may drop queries that would not be protected.


            • There may be some form of authentication taking place, which may involve being redirected using DNS, which may not happen if you use an external DNS provider


            • They may have blocked external DNS to prevent tools like iodine being used to get around captive portals.


            • There may be a content filter being used, which may use DNS to see which sites are being used, which requires users not use external DNS so it can watch their traffic.


            • An attacker may be intercepting DNS traffic, and blocking external DNS to make sure they get all of the traffic


            What are the effects of using the network provided DNS server



            If you use the provided DNS and do not use DNSSEC, then the following may happen:



            • Tracking of visited sites

            • Blocking of sites

            • Redirecting of sites

            As the network or an adversary can provide a DNS server that they control, or that will work with them to record and/or modify responses that are sent to your machine.



            This can be mitigated by using DNSSEC to prevent spoofing of DNS responses, and HTTPS to prevent the network modifying the pages you visit after DNS resolution has taken place.






            share|improve this answer




















              Your Answer







              StackExchange.ready(function()
              var channelOptions =
              tags: "".split(" "),
              id: "162"
              ;
              initTagRenderer("".split(" "), "".split(" "), channelOptions);

              StackExchange.using("externalEditor", function()
              // Have to fire editor after snippets, if snippets enabled
              if (StackExchange.settings.snippets.snippetsEnabled)
              StackExchange.using("snippets", function()
              createEditor();
              );

              else
              createEditor();

              );

              function createEditor()
              StackExchange.prepareEditor(
              heartbeatType: 'answer',
              convertImagesToLinks: false,
              noModals: false,
              showLowRepImageUploadWarning: true,
              reputationToPostImages: null,
              bindNavPrevention: true,
              postfix: "",
              noCode: true, onDemand: true,
              discardSelector: ".discard-answer"
              ,immediatelyShowMarkdownHelp:true
              );



              );






              lucidbrot is a new contributor. Be nice, and check out our Code of Conduct.









               

              draft saved


              draft discarded


















              StackExchange.ready(
              function ()
              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f194789%2fwhat-are-the-implications-of-activating-obtain-dns-server-address-automatically%23new-answer', 'question_page');

              );

              Post as a guest






























              2 Answers
              2






              active

              oldest

              votes








              2 Answers
              2






              active

              oldest

              votes









              active

              oldest

              votes






              active

              oldest

              votes








              up vote
              2
              down vote













              Well, I can imagine legitimate reasons why a network administrator would want to block access to Google's DNS. After all, you're basically telling Google about every host you're connecting to. To Google, that's very valuable information since without it, they'll be tracking you on the WWW only. By using their DNS as well, you're giving them everything there is to know about your movements on the internet.



              On the other hand, a locally administered DNS can in principle do lots of other sinister things, for example redirect you (visibly or invisibly).



              In the end, you simply have to think about who operates the network, what their interests may be and how you can trust them. Or just ask.






              share|improve this answer








              New contributor




              Victor Mataré is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
              Check out our Code of Conduct.





















                up vote
                2
                down vote













                Well, I can imagine legitimate reasons why a network administrator would want to block access to Google's DNS. After all, you're basically telling Google about every host you're connecting to. To Google, that's very valuable information since without it, they'll be tracking you on the WWW only. By using their DNS as well, you're giving them everything there is to know about your movements on the internet.



                On the other hand, a locally administered DNS can in principle do lots of other sinister things, for example redirect you (visibly or invisibly).



                In the end, you simply have to think about who operates the network, what their interests may be and how you can trust them. Or just ask.






                share|improve this answer








                New contributor




                Victor Mataré is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                Check out our Code of Conduct.



















                  up vote
                  2
                  down vote










                  up vote
                  2
                  down vote









                  Well, I can imagine legitimate reasons why a network administrator would want to block access to Google's DNS. After all, you're basically telling Google about every host you're connecting to. To Google, that's very valuable information since without it, they'll be tracking you on the WWW only. By using their DNS as well, you're giving them everything there is to know about your movements on the internet.



                  On the other hand, a locally administered DNS can in principle do lots of other sinister things, for example redirect you (visibly or invisibly).



                  In the end, you simply have to think about who operates the network, what their interests may be and how you can trust them. Or just ask.






                  share|improve this answer








                  New contributor




                  Victor Mataré is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.









                  Well, I can imagine legitimate reasons why a network administrator would want to block access to Google's DNS. After all, you're basically telling Google about every host you're connecting to. To Google, that's very valuable information since without it, they'll be tracking you on the WWW only. By using their DNS as well, you're giving them everything there is to know about your movements on the internet.



                  On the other hand, a locally administered DNS can in principle do lots of other sinister things, for example redirect you (visibly or invisibly).



                  In the end, you simply have to think about who operates the network, what their interests may be and how you can trust them. Or just ask.







                  share|improve this answer








                  New contributor




                  Victor Mataré is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.









                  share|improve this answer



                  share|improve this answer






                  New contributor




                  Victor Mataré is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.









                  answered 4 hours ago









                  Victor Mataré

                  1264




                  1264




                  New contributor




                  Victor Mataré is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.





                  New contributor





                  Victor Mataré is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.






                  Victor Mataré is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.






















                      up vote
                      1
                      down vote













                      Why might a custom DNS server not work



                      There are many reasons that specifying the DNS servers may block you from using the connection:



                      • The network may be protecting all DNS queries to protect from tracking or interception, in which case they may drop queries that would not be protected.


                      • There may be some form of authentication taking place, which may involve being redirected using DNS, which may not happen if you use an external DNS provider


                      • They may have blocked external DNS to prevent tools like iodine being used to get around captive portals.


                      • There may be a content filter being used, which may use DNS to see which sites are being used, which requires users not use external DNS so it can watch their traffic.


                      • An attacker may be intercepting DNS traffic, and blocking external DNS to make sure they get all of the traffic


                      What are the effects of using the network provided DNS server



                      If you use the provided DNS and do not use DNSSEC, then the following may happen:



                      • Tracking of visited sites

                      • Blocking of sites

                      • Redirecting of sites

                      As the network or an adversary can provide a DNS server that they control, or that will work with them to record and/or modify responses that are sent to your machine.



                      This can be mitigated by using DNSSEC to prevent spoofing of DNS responses, and HTTPS to prevent the network modifying the pages you visit after DNS resolution has taken place.






                      share|improve this answer
























                        up vote
                        1
                        down vote













                        Why might a custom DNS server not work



                        There are many reasons that specifying the DNS servers may block you from using the connection:



                        • The network may be protecting all DNS queries to protect from tracking or interception, in which case they may drop queries that would not be protected.


                        • There may be some form of authentication taking place, which may involve being redirected using DNS, which may not happen if you use an external DNS provider


                        • They may have blocked external DNS to prevent tools like iodine being used to get around captive portals.


                        • There may be a content filter being used, which may use DNS to see which sites are being used, which requires users not use external DNS so it can watch their traffic.


                        • An attacker may be intercepting DNS traffic, and blocking external DNS to make sure they get all of the traffic


                        What are the effects of using the network provided DNS server



                        If you use the provided DNS and do not use DNSSEC, then the following may happen:



                        • Tracking of visited sites

                        • Blocking of sites

                        • Redirecting of sites

                        As the network or an adversary can provide a DNS server that they control, or that will work with them to record and/or modify responses that are sent to your machine.



                        This can be mitigated by using DNSSEC to prevent spoofing of DNS responses, and HTTPS to prevent the network modifying the pages you visit after DNS resolution has taken place.






                        share|improve this answer






















                          up vote
                          1
                          down vote










                          up vote
                          1
                          down vote









                          Why might a custom DNS server not work



                          There are many reasons that specifying the DNS servers may block you from using the connection:



                          • The network may be protecting all DNS queries to protect from tracking or interception, in which case they may drop queries that would not be protected.


                          • There may be some form of authentication taking place, which may involve being redirected using DNS, which may not happen if you use an external DNS provider


                          • They may have blocked external DNS to prevent tools like iodine being used to get around captive portals.


                          • There may be a content filter being used, which may use DNS to see which sites are being used, which requires users not use external DNS so it can watch their traffic.


                          • An attacker may be intercepting DNS traffic, and blocking external DNS to make sure they get all of the traffic


                          What are the effects of using the network provided DNS server



                          If you use the provided DNS and do not use DNSSEC, then the following may happen:



                          • Tracking of visited sites

                          • Blocking of sites

                          • Redirecting of sites

                          As the network or an adversary can provide a DNS server that they control, or that will work with them to record and/or modify responses that are sent to your machine.



                          This can be mitigated by using DNSSEC to prevent spoofing of DNS responses, and HTTPS to prevent the network modifying the pages you visit after DNS resolution has taken place.






                          share|improve this answer












                          Why might a custom DNS server not work



                          There are many reasons that specifying the DNS servers may block you from using the connection:



                          • The network may be protecting all DNS queries to protect from tracking or interception, in which case they may drop queries that would not be protected.


                          • There may be some form of authentication taking place, which may involve being redirected using DNS, which may not happen if you use an external DNS provider


                          • They may have blocked external DNS to prevent tools like iodine being used to get around captive portals.


                          • There may be a content filter being used, which may use DNS to see which sites are being used, which requires users not use external DNS so it can watch their traffic.


                          • An attacker may be intercepting DNS traffic, and blocking external DNS to make sure they get all of the traffic


                          What are the effects of using the network provided DNS server



                          If you use the provided DNS and do not use DNSSEC, then the following may happen:



                          • Tracking of visited sites

                          • Blocking of sites

                          • Redirecting of sites

                          As the network or an adversary can provide a DNS server that they control, or that will work with them to record and/or modify responses that are sent to your machine.



                          This can be mitigated by using DNSSEC to prevent spoofing of DNS responses, and HTTPS to prevent the network modifying the pages you visit after DNS resolution has taken place.







                          share|improve this answer












                          share|improve this answer



                          share|improve this answer










                          answered 1 hour ago









                          jrtapsell

                          2,648924




                          2,648924




















                              lucidbrot is a new contributor. Be nice, and check out our Code of Conduct.









                               

                              draft saved


                              draft discarded


















                              lucidbrot is a new contributor. Be nice, and check out our Code of Conduct.












                              lucidbrot is a new contributor. Be nice, and check out our Code of Conduct.











                              lucidbrot is a new contributor. Be nice, and check out our Code of Conduct.













                               


                              draft saved


                              draft discarded














                              StackExchange.ready(
                              function ()
                              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f194789%2fwhat-are-the-implications-of-activating-obtain-dns-server-address-automatically%23new-answer', 'question_page');

                              );

                              Post as a guest













































































                              Comments

                              Popular posts from this blog

                              What does second last employer means? [closed]

                              Installing NextGIS Connect into QGIS 3?

                              One-line joke