What are the implications of activating âobtain DNS server address automaticallyâ?
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;
up vote
1
down vote
favorite
There's a (private, password-protected) WiFi network (not under my control) which at first did not work* for my laptop - until I disabled the option that caused it to use google's DNS server.
[*] not working means that the laptop was connected to the LAN, but had no internet access.
What are the security/privacy implications, if any, of using one or the other? Is it a sign that something fishy is going on if 8.8.8.8
is not working?
dns
New contributor
add a comment |Â
up vote
1
down vote
favorite
There's a (private, password-protected) WiFi network (not under my control) which at first did not work* for my laptop - until I disabled the option that caused it to use google's DNS server.
[*] not working means that the laptop was connected to the LAN, but had no internet access.
What are the security/privacy implications, if any, of using one or the other? Is it a sign that something fishy is going on if 8.8.8.8
is not working?
dns
New contributor
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
There's a (private, password-protected) WiFi network (not under my control) which at first did not work* for my laptop - until I disabled the option that caused it to use google's DNS server.
[*] not working means that the laptop was connected to the LAN, but had no internet access.
What are the security/privacy implications, if any, of using one or the other? Is it a sign that something fishy is going on if 8.8.8.8
is not working?
dns
New contributor
There's a (private, password-protected) WiFi network (not under my control) which at first did not work* for my laptop - until I disabled the option that caused it to use google's DNS server.
[*] not working means that the laptop was connected to the LAN, but had no internet access.
What are the security/privacy implications, if any, of using one or the other? Is it a sign that something fishy is going on if 8.8.8.8
is not working?
dns
dns
New contributor
New contributor
New contributor
asked 4 hours ago
lucidbrot
1064
1064
New contributor
New contributor
add a comment |Â
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
2
down vote
Well, I can imagine legitimate reasons why a network administrator would want to block access to Google's DNS. After all, you're basically telling Google about every host you're connecting to. To Google, that's very valuable information since without it, they'll be tracking you on the WWW only. By using their DNS as well, you're giving them everything there is to know about your movements on the internet.
On the other hand, a locally administered DNS can in principle do lots of other sinister things, for example redirect you (visibly or invisibly).
In the end, you simply have to think about who operates the network, what their interests may be and how you can trust them. Or just ask.
New contributor
add a comment |Â
up vote
1
down vote
Why might a custom DNS server not work
There are many reasons that specifying the DNS servers may block you from using the connection:
The network may be protecting all DNS queries to protect from tracking or interception, in which case they may drop queries that would not be protected.
There may be some form of authentication taking place, which may involve being redirected using DNS, which may not happen if you use an external DNS provider
They may have blocked external DNS to prevent tools like iodine being used to get around captive portals.
There may be a content filter being used, which may use DNS to see which sites are being used, which requires users not use external DNS so it can watch their traffic.
An attacker may be intercepting DNS traffic, and blocking external DNS to make sure they get all of the traffic
What are the effects of using the network provided DNS server
If you use the provided DNS and do not use DNSSEC, then the following may happen:
- Tracking of visited sites
- Blocking of sites
- Redirecting of sites
As the network or an adversary can provide a DNS server that they control, or that will work with them to record and/or modify responses that are sent to your machine.
This can be mitigated by using DNSSEC to prevent spoofing of DNS responses, and HTTPS to prevent the network modifying the pages you visit after DNS resolution has taken place.
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
Well, I can imagine legitimate reasons why a network administrator would want to block access to Google's DNS. After all, you're basically telling Google about every host you're connecting to. To Google, that's very valuable information since without it, they'll be tracking you on the WWW only. By using their DNS as well, you're giving them everything there is to know about your movements on the internet.
On the other hand, a locally administered DNS can in principle do lots of other sinister things, for example redirect you (visibly or invisibly).
In the end, you simply have to think about who operates the network, what their interests may be and how you can trust them. Or just ask.
New contributor
add a comment |Â
up vote
2
down vote
Well, I can imagine legitimate reasons why a network administrator would want to block access to Google's DNS. After all, you're basically telling Google about every host you're connecting to. To Google, that's very valuable information since without it, they'll be tracking you on the WWW only. By using their DNS as well, you're giving them everything there is to know about your movements on the internet.
On the other hand, a locally administered DNS can in principle do lots of other sinister things, for example redirect you (visibly or invisibly).
In the end, you simply have to think about who operates the network, what their interests may be and how you can trust them. Or just ask.
New contributor
add a comment |Â
up vote
2
down vote
up vote
2
down vote
Well, I can imagine legitimate reasons why a network administrator would want to block access to Google's DNS. After all, you're basically telling Google about every host you're connecting to. To Google, that's very valuable information since without it, they'll be tracking you on the WWW only. By using their DNS as well, you're giving them everything there is to know about your movements on the internet.
On the other hand, a locally administered DNS can in principle do lots of other sinister things, for example redirect you (visibly or invisibly).
In the end, you simply have to think about who operates the network, what their interests may be and how you can trust them. Or just ask.
New contributor
Well, I can imagine legitimate reasons why a network administrator would want to block access to Google's DNS. After all, you're basically telling Google about every host you're connecting to. To Google, that's very valuable information since without it, they'll be tracking you on the WWW only. By using their DNS as well, you're giving them everything there is to know about your movements on the internet.
On the other hand, a locally administered DNS can in principle do lots of other sinister things, for example redirect you (visibly or invisibly).
In the end, you simply have to think about who operates the network, what their interests may be and how you can trust them. Or just ask.
New contributor
New contributor
answered 4 hours ago
Victor Mataré
1264
1264
New contributor
New contributor
add a comment |Â
add a comment |Â
up vote
1
down vote
Why might a custom DNS server not work
There are many reasons that specifying the DNS servers may block you from using the connection:
The network may be protecting all DNS queries to protect from tracking or interception, in which case they may drop queries that would not be protected.
There may be some form of authentication taking place, which may involve being redirected using DNS, which may not happen if you use an external DNS provider
They may have blocked external DNS to prevent tools like iodine being used to get around captive portals.
There may be a content filter being used, which may use DNS to see which sites are being used, which requires users not use external DNS so it can watch their traffic.
An attacker may be intercepting DNS traffic, and blocking external DNS to make sure they get all of the traffic
What are the effects of using the network provided DNS server
If you use the provided DNS and do not use DNSSEC, then the following may happen:
- Tracking of visited sites
- Blocking of sites
- Redirecting of sites
As the network or an adversary can provide a DNS server that they control, or that will work with them to record and/or modify responses that are sent to your machine.
This can be mitigated by using DNSSEC to prevent spoofing of DNS responses, and HTTPS to prevent the network modifying the pages you visit after DNS resolution has taken place.
add a comment |Â
up vote
1
down vote
Why might a custom DNS server not work
There are many reasons that specifying the DNS servers may block you from using the connection:
The network may be protecting all DNS queries to protect from tracking or interception, in which case they may drop queries that would not be protected.
There may be some form of authentication taking place, which may involve being redirected using DNS, which may not happen if you use an external DNS provider
They may have blocked external DNS to prevent tools like iodine being used to get around captive portals.
There may be a content filter being used, which may use DNS to see which sites are being used, which requires users not use external DNS so it can watch their traffic.
An attacker may be intercepting DNS traffic, and blocking external DNS to make sure they get all of the traffic
What are the effects of using the network provided DNS server
If you use the provided DNS and do not use DNSSEC, then the following may happen:
- Tracking of visited sites
- Blocking of sites
- Redirecting of sites
As the network or an adversary can provide a DNS server that they control, or that will work with them to record and/or modify responses that are sent to your machine.
This can be mitigated by using DNSSEC to prevent spoofing of DNS responses, and HTTPS to prevent the network modifying the pages you visit after DNS resolution has taken place.
add a comment |Â
up vote
1
down vote
up vote
1
down vote
Why might a custom DNS server not work
There are many reasons that specifying the DNS servers may block you from using the connection:
The network may be protecting all DNS queries to protect from tracking or interception, in which case they may drop queries that would not be protected.
There may be some form of authentication taking place, which may involve being redirected using DNS, which may not happen if you use an external DNS provider
They may have blocked external DNS to prevent tools like iodine being used to get around captive portals.
There may be a content filter being used, which may use DNS to see which sites are being used, which requires users not use external DNS so it can watch their traffic.
An attacker may be intercepting DNS traffic, and blocking external DNS to make sure they get all of the traffic
What are the effects of using the network provided DNS server
If you use the provided DNS and do not use DNSSEC, then the following may happen:
- Tracking of visited sites
- Blocking of sites
- Redirecting of sites
As the network or an adversary can provide a DNS server that they control, or that will work with them to record and/or modify responses that are sent to your machine.
This can be mitigated by using DNSSEC to prevent spoofing of DNS responses, and HTTPS to prevent the network modifying the pages you visit after DNS resolution has taken place.
Why might a custom DNS server not work
There are many reasons that specifying the DNS servers may block you from using the connection:
The network may be protecting all DNS queries to protect from tracking or interception, in which case they may drop queries that would not be protected.
There may be some form of authentication taking place, which may involve being redirected using DNS, which may not happen if you use an external DNS provider
They may have blocked external DNS to prevent tools like iodine being used to get around captive portals.
There may be a content filter being used, which may use DNS to see which sites are being used, which requires users not use external DNS so it can watch their traffic.
An attacker may be intercepting DNS traffic, and blocking external DNS to make sure they get all of the traffic
What are the effects of using the network provided DNS server
If you use the provided DNS and do not use DNSSEC, then the following may happen:
- Tracking of visited sites
- Blocking of sites
- Redirecting of sites
As the network or an adversary can provide a DNS server that they control, or that will work with them to record and/or modify responses that are sent to your machine.
This can be mitigated by using DNSSEC to prevent spoofing of DNS responses, and HTTPS to prevent the network modifying the pages you visit after DNS resolution has taken place.
answered 1 hour ago
jrtapsell
2,648924
2,648924
add a comment |Â
add a comment |Â
lucidbrot is a new contributor. Be nice, and check out our Code of Conduct.
lucidbrot is a new contributor. Be nice, and check out our Code of Conduct.
lucidbrot is a new contributor. Be nice, and check out our Code of Conduct.
lucidbrot is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f194789%2fwhat-are-the-implications-of-activating-obtain-dns-server-address-automatically%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password