We talk a lot internally and with clients about deploying business IT security in a complete stack that works together, and DNS can often get overlooked from the security side of things. But controlling and securing your DNS traffic has drastic results that really provide a lot of bang for the buck. Ask anyone that’s ran a computer lab open to the public – uncontrolled web browsing wreaks havoc on a machine, sometimes even with kiosks specifically meant for public browsing. Filtering web traffic at the DNS level is much more effective than plugins or a traditional content filtering device, and allows for detailed reporting into employee activities and browsing habits.
Modern DNS filters also block known threats, botnets and bad actors – which is a lot more effective than it seems at first glance. Many ransomware campaigns won’t even encrypt data on a machine if they are unable to communicate to their C&C server back home. DNS filtering can do the endpoint security agent’s job before it even reaches the business network.
Recently Cloudflare released a free and fast DNS server to the public with the easy to remember address of 220.127.116.11 (And secondary of 18.104.22.168). While this doesn’t provide the same type of security as a filtered DNS host it’s an easy to remember DNS server for home users to experiment with, and is aimed at privacy and security conscious users. If you’ve been using your home ISP’s default DNS servers, check out 22.214.171.124 and try it out at home.