Mixing
What are the implications of activating “obtain DNS server address automatically�
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;
up vote
1
down vote
favorite
There's a (private, password-protected) WiFi network (not under my control) which at first did not work* for my laptop - until I disabled the option that caused it to use google's DNS server.
[*] not working means that the laptop was connected to the LAN, but had no internet access.
What are the security/privacy implications, if any, of using one or the other? Is it a sign that something fishy is going on if 8.8.8.8 is not working?
dns
asked 4 hours ago
lucidbrot
1064
New contributor
lucidbrot is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |Â
up vote
1
down vote
favorite
There's a (private, password-protected) WiFi network (not under my control) which at first did not work* for my laptop - until I disabled the option that caused it to use google's DNS server.
[*] not working means that the laptop was connected to the LAN, but had no internet access.
What are the security/privacy implications, if any, of using one or the other? Is it a sign that something fishy is going on if 8.8.8.8 is not working?
dns
asked 4 hours ago
lucidbrot
1064
New contributor
lucidbrot is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
There's a (private, password-protected) WiFi network (not under my control) which at first did not work* for my laptop - until I disabled the option that caused it to use google's DNS server.
[*] not working means that the laptop was connected to the LAN, but had no internet access.
What are the security/privacy implications, if any, of using one or the other? Is it a sign that something fishy is going on if 8.8.8.8 is not working?
dns
asked 4 hours ago
lucidbrot
1064
New contributor
lucidbrot is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
There's a (private, password-protected) WiFi network (not under my control) which at first did not work* for my laptop - until I disabled the option that caused it to use google's DNS server.
[*] not working means that the laptop was connected to the LAN, but had no internet access.
What are the security/privacy implications, if any, of using one or the other? Is it a sign that something fishy is going on if 8.8.8.8 is not working?
dns
dns
asked 4 hours ago
lucidbrot
1064
New contributor
lucidbrot is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 4 hours ago
lucidbrot
1064
New contributor
lucidbrot is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 4 hours ago
lucidbrot
1064
New contributor
lucidbrot is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 4 hours ago
lucidbrot
1064
asked 4 hours ago
lucidbrot
1064
1064
New contributor
lucidbrot is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
lucidbrot is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
lucidbrot is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |Â
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
2
down vote
Well, I can imagine legitimate reasons why a network administrator would want to block access to Google's DNS. After all, you're basically telling Google about every host you're connecting to. To Google, that's very valuable information since without it, they'll be tracking you on the WWW only. By using their DNS as well, you're giving them everything there is to know about your movements on the internet.
On the other hand, a locally administered DNS can in principle do lots of other sinister things, for example redirect you (visibly or invisibly).
In the end, you simply have to think about who operates the network, what their interests may be and how you can trust them. Or just ask.
answered 4 hours ago
Victor Mataré
1264
New contributor
Victor Mataré is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |Â
up vote
1
down vote
Why might a custom DNS server not work
There are many reasons that specifying the DNS servers may block you from using the connection:
The network may be protecting all DNS queries to protect from tracking or interception, in which case they may drop queries that would not be protected.
There may be some form of authentication taking place, which may involve being redirected using DNS, which may not happen if you use an external DNS provider
They may have blocked external DNS to prevent tools like iodine being used to get around captive portals.
There may be a content filter being used, which may use DNS to see which sites are being used, which requires users not use external DNS so it can watch their traffic.
An attacker may be intercepting DNS traffic, and blocking external DNS to make sure they get all of the traffic
What are the effects of using the network provided DNS server
If you use the provided DNS and do not use DNSSEC, then the following may happen:
- Tracking of visited sites
- Blocking of sites
- Redirecting of sites
As the network or an adversary can provide a DNS server that they control, or that will work with them to record and/or modify responses that are sent to your machine.
This can be mitigated by using DNSSEC to prevent spoofing of DNS responses, and HTTPS to prevent the network modifying the pages you visit after DNS resolution has taken place.
answered 1 hour ago
jrtapsell
2,648924
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
Well, I can imagine legitimate reasons why a network administrator would want to block access to Google's DNS. After all, you're basically telling Google about every host you're connecting to. To Google, that's very valuable information since without it, they'll be tracking you on the WWW only. By using their DNS as well, you're giving them everything there is to know about your movements on the internet.
On the other hand, a locally administered DNS can in principle do lots of other sinister things, for example redirect you (visibly or invisibly).
In the end, you simply have to think about who operates the network, what their interests may be and how you can trust them. Or just ask.
answered 4 hours ago
Victor Mataré
1264
New contributor
Victor Mataré is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |Â
up vote
2
down vote
Well, I can imagine legitimate reasons why a network administrator would want to block access to Google's DNS. After all, you're basically telling Google about every host you're connecting to. To Google, that's very valuable information since without it, they'll be tracking you on the WWW only. By using their DNS as well, you're giving them everything there is to know about your movements on the internet.
On the other hand, a locally administered DNS can in principle do lots of other sinister things, for example redirect you (visibly or invisibly).
In the end, you simply have to think about who operates the network, what their interests may be and how you can trust them. Or just ask.
answered 4 hours ago
Victor Mataré
1264
New contributor
Victor Mataré is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |Â
up vote
2
down vote
up vote
2
down vote
Well, I can imagine legitimate reasons why a network administrator would want to block access to Google's DNS. After all, you're basically telling Google about every host you're connecting to. To Google, that's very valuable information since without it, they'll be tracking you on the WWW only. By using their DNS as well, you're giving them everything there is to know about your movements on the internet.
On the other hand, a locally administered DNS can in principle do lots of other sinister things, for example redirect you (visibly or invisibly).
In the end, you simply have to think about who operates the network, what their interests may be and how you can trust them. Or just ask.
answered 4 hours ago
Victor Mataré
1264
New contributor
Victor Mataré is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Well, I can imagine legitimate reasons why a network administrator would want to block access to Google's DNS. After all, you're basically telling Google about every host you're connecting to. To Google, that's very valuable information since without it, they'll be tracking you on the WWW only. By using their DNS as well, you're giving them everything there is to know about your movements on the internet.
On the other hand, a locally administered DNS can in principle do lots of other sinister things, for example redirect you (visibly or invisibly).
In the end, you simply have to think about who operates the network, what their interests may be and how you can trust them. Or just ask.
answered 4 hours ago
Victor Mataré
1264
New contributor
Victor Mataré is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 4 hours ago
Victor Mataré
1264
New contributor
Victor Mataré is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 4 hours ago
Victor Mataré
1264
answered 4 hours ago
Victor Mataré
1264
1264
New contributor
Victor Mataré is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Victor Mataré is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Victor Mataré is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |Â
add a comment |Â
up vote
1
down vote
Why might a custom DNS server not work
There are many reasons that specifying the DNS servers may block you from using the connection:
The network may be protecting all DNS queries to protect from tracking or interception, in which case they may drop queries that would not be protected.
There may be some form of authentication taking place, which may involve being redirected using DNS, which may not happen if you use an external DNS provider
They may have blocked external DNS to prevent tools like iodine being used to get around captive portals.
There may be a content filter being used, which may use DNS to see which sites are being used, which requires users not use external DNS so it can watch their traffic.
An attacker may be intercepting DNS traffic, and blocking external DNS to make sure they get all of the traffic
What are the effects of using the network provided DNS server
If you use the provided DNS and do not use DNSSEC, then the following may happen:
- Tracking of visited sites
- Blocking of sites
- Redirecting of sites
As the network or an adversary can provide a DNS server that they control, or that will work with them to record and/or modify responses that are sent to your machine.
This can be mitigated by using DNSSEC to prevent spoofing of DNS responses, and HTTPS to prevent the network modifying the pages you visit after DNS resolution has taken place.
answered 1 hour ago
jrtapsell
2,648924
add a comment |Â
up vote
1
down vote
Why might a custom DNS server not work
There are many reasons that specifying the DNS servers may block you from using the connection:
The network may be protecting all DNS queries to protect from tracking or interception, in which case they may drop queries that would not be protected.
There may be some form of authentication taking place, which may involve being redirected using DNS, which may not happen if you use an external DNS provider
They may have blocked external DNS to prevent tools like iodine being used to get around captive portals.
There may be a content filter being used, which may use DNS to see which sites are being used, which requires users not use external DNS so it can watch their traffic.
An attacker may be intercepting DNS traffic, and blocking external DNS to make sure they get all of the traffic
What are the effects of using the network provided DNS server
If you use the provided DNS and do not use DNSSEC, then the following may happen:
- Tracking of visited sites
- Blocking of sites
- Redirecting of sites
As the network or an adversary can provide a DNS server that they control, or that will work with them to record and/or modify responses that are sent to your machine.
This can be mitigated by using DNSSEC to prevent spoofing of DNS responses, and HTTPS to prevent the network modifying the pages you visit after DNS resolution has taken place.
answered 1 hour ago
jrtapsell
2,648924
add a comment |Â
up vote
1
down vote
up vote
1
down vote
Why might a custom DNS server not work
There are many reasons that specifying the DNS servers may block you from using the connection:
The network may be protecting all DNS queries to protect from tracking or interception, in which case they may drop queries that would not be protected.
There may be some form of authentication taking place, which may involve being redirected using DNS, which may not happen if you use an external DNS provider
They may have blocked external DNS to prevent tools like iodine being used to get around captive portals.
There may be a content filter being used, which may use DNS to see which sites are being used, which requires users not use external DNS so it can watch their traffic.
An attacker may be intercepting DNS traffic, and blocking external DNS to make sure they get all of the traffic
What are the effects of using the network provided DNS server
If you use the provided DNS and do not use DNSSEC, then the following may happen:
- Tracking of visited sites
- Blocking of sites
- Redirecting of sites
As the network or an adversary can provide a DNS server that they control, or that will work with them to record and/or modify responses that are sent to your machine.
This can be mitigated by using DNSSEC to prevent spoofing of DNS responses, and HTTPS to prevent the network modifying the pages you visit after DNS resolution has taken place.
answered 1 hour ago
jrtapsell
2,648924
Why might a custom DNS server not work
There are many reasons that specifying the DNS servers may block you from using the connection:
The network may be protecting all DNS queries to protect from tracking or interception, in which case they may drop queries that would not be protected.
There may be some form of authentication taking place, which may involve being redirected using DNS, which may not happen if you use an external DNS provider
They may have blocked external DNS to prevent tools like iodine being used to get around captive portals.
There may be a content filter being used, which may use DNS to see which sites are being used, which requires users not use external DNS so it can watch their traffic.
An attacker may be intercepting DNS traffic, and blocking external DNS to make sure they get all of the traffic
What are the effects of using the network provided DNS server
If you use the provided DNS and do not use DNSSEC, then the following may happen:
- Tracking of visited sites
- Blocking of sites
- Redirecting of sites
As the network or an adversary can provide a DNS server that they control, or that will work with them to record and/or modify responses that are sent to your machine.
This can be mitigated by using DNSSEC to prevent spoofing of DNS responses, and HTTPS to prevent the network modifying the pages you visit after DNS resolution has taken place.
answered 1 hour ago
jrtapsell
2,648924
answered 1 hour ago
jrtapsell
2,648924
answered 1 hour ago
jrtapsell
2,648924
answered 1 hour ago
jrtapsell
2,648924
2,648924
add a comment |Â
add a comment |Â
lucidbrot is a new contributor. Be nice, and check out our Code of Conduct.
lucidbrot is a new contributor. Be nice, and check out our Code of Conduct.
lucidbrot is a new contributor. Be nice, and check out our Code of Conduct.
lucidbrot is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f194789%2fwhat-are-the-implications-of-activating-obtain-dns-server-address-automatically%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
