DNS is domain name server which equivalent to phone book in your hand phone (or yellow pages if you around my age). When you key in anything in your browser ie "google.com", your internet device will ask your ISP DNS server where can I find this "guy" and your ISP DNS server might response:Th
1. I know it, please go head to address bla bla bla...
2. I know it, but cannot tell you as my "boss" dont allow me to do so.
3. I dont know it.

So, you can imagine how dangerous it is if you are refering to fake/illegal Domain Name Server. Because, when you key in the xxxbank.com in browser, it can direct you to the wrong address which is fake and the outlook of website is exactly the same as original one. From there, they can collect your private information and utilize it.

Now we all understand how important is the DNS server, then the next question is what is my current DNS server?
- You can find out what is your current DNS server by go to certain website that provide dns leak test feature. Just search "dns leak test" and you can get a lot of website to do testing.
- If you are using hand phone with ISP provider Malaysia, you will get Digi/Maxis/Umobile... Th

Is that possible to change DNS server ?
- For internet device that use wireless or wired connection, it is possible to change. You even can set DNS inside your home or business router.
- For hand phone that using cellular data, you need to use a VPN to change DNS server.
- Your are advise to change DNS server with good and fast response time such as google dns (8.8.8.8) or opendns server (208.67.222.222) Easiest method to change DNS server is to use VPN software, only few clicks is required.

Why need to change or implement new DNS server?
As network client:
- More secure. There are some free DNS server that comes with huge database and able to block you from access malicious website.
- Access restricted content. In case you want to access certain website that ISP server response is no. 2 above, then changing DNS server will allow you to find correct website address.
- Faster browsing experience.
As network admin:
- Content filtering.
i) Blacklist mode- You can set DNS server at router level, thus selected family/employee cannot access to certain website categories which is prohibited. One click is good enough to prevent your employee go to shopping websites around the world.
ii) Whitelist mode- Only white listed website can be access. This is very difficult to implement as nowadays there are too many domain name hiding behind each single domain name that you want to allow them access. (I found it useful only when travelling abroad, which every single data cost a lot of money, example is when you are accessing airplane wifi which only provide few MB of data.)
- Close monitor connected client activity and report. You can have full review and report for each connected client, what websites they visits and so on.

Is that safe after I change my DNS server to reputable DNS server on my internet device?
- Yes, if you are located inside home/secure network
- No, if you are connected to public wifi. You still need a VPN to make sure you are safe. Reason is network admin can change your preset DNS server to thier DNS server as router (DNAT function) is managed by them. Secondly, hacker can launch man in the middle attack to broadcast fake DNS server throughout whole lan network too, the technical terms is ARP spoofing.
- When you are connected to VPN, public network router / hacker only have IP address of your connected VPN server but all data are encrypted. Your DNS request also encrypted and send to VPN server instead of searching for DNS server at local network and ask for address.
- The best part of VPN is able to 100% confirm you are using VPN service provider DNS server instead of restricted/hacked VPN server provided by your ISP/hacker under any circumstances. Good VPN provider also comes with "internet kill switch" that not allow any traffic go out from your device before encrypted to make sure you are safe, which prevent DNS leak to your ISP.



Tech Info:
If you are interesting what is ARP spoofing, you can check on some review on network security device such as fingbox. It basically "hack" the system by cheating every clients on the local lan network that it is the router and DNS server. After that, it can detect, control, disable and block any network client on the same network. It is a good security device that utilise network hacking skill, but what if it is a hacker? You can be in trouble.

Recent open wifi security update:
latest properly setup open wifi network is well protected by disabling inter-client communication. It means even you and your friend are connected to same wifi, you cannot ping each other in the network. This is very good to protect clients being monitor by hacker unless he is good enough to hack into router and do modification on DNS server setting.


I only able to discuss the DNS server concept and security concern, please google any topic you interested and share here if you thing it can help others. that want to learn more about privacy and security.

A good read, cudos…

DNS spoofing have been around for centuries and it was only in recent years that its been exploited. The DNS works in 2 ways, Forward Lookup and Reverse Lookup.

The Forward Lookup is to translate an URL (eg. www.google.com) to IP address (eg. 172.217.31.68) while Reverse Lookup it from IP address to URL. Simple rite ?

Wrong !!

The Forward Lookup stores the corresponding URL vs. IP while the Reverse Lookup stores IP vs URL, now here's the catch....

If the DNS server only configured with Forward Lookup, means there is no other way for the DNS server to verify the destination. But if the DNS server have the Reverse Lookup configured then itself will have a cross reference check against the destination.

Also if the DNS server have the "Top Level DNS server" configured, then it also can cross check with "Authoritative" DNS server for a reply and update & thus able to verify the destination validity.

Note the word "Authoritative" which means a 100% confirmed destination address, but don't confuse with "Non-Authoritative", the Non-Authoritative means the last entry & update for the destination was from a known DNS server but was not in the top level server. So it doesn't means its not safe or valid.

DNS servers have both A, AA Records & PTR Records, these records can be updated by authoritative server only but usually common mistake was found in corporate servers where the IT Administrator take things for granted by allowing any computers to update the DNS server records, this is very dangerous.

If 1 of the computer in the network is affected by some kind of malware or virus, then it might try to update the DNS records by updating a malicious destination & fooling the DNS server that this is the correct address & destination, then the DNS server will automatically updates to all its DNS clusters/servers accordingly.

I found these common mistakes in most corporate servers where the IT guy doesn't understand how DNS works or sometimes worst, how the Internet works...

Thanks u for add in these points, appreciated.