Increase security by running your own dns resolver service
AbstractThis document will show you how to install and run a dns server on your local (windows) PC at home, to allow you to do all dns lookups (resolver) locally yourself. Using a local dns resolver is a great and easy way to increase security and anonymity a lot.
1. DNS explained
For those of you who don't know yet: DNS (short for: domain name system) is a way to convert hostnames like www.google.com into IP addresses like 192.168.10.1, and vice versa. Needless to say that this is extremely important for the internet - without it, we would have to remember a lot of numbers (IP addresses).
2. DNS and anonymity
End-users (client PCs) use DNS resolver servers to do the actual dns lookup. You can configure those in your network settings manually or through DHCP. Normally this will be dns servers you got from your ISP.
Now, if you open your browser and enter www.google.com, your PC will ask the configured dns nameservers for the correct IP address to www.google.com. Sounds simple? It is. But remember: those who run and operate the dns service can see each and every dns lookup you make. In other words: they can guess what you do on the net.
Of course, they just know which sites/hosts you connect to, so they can't read out the actual network session but hey, if I know that you're surfing to www.teensex.com, it's not hard to guess that you're out for porn :-)
I don't say that every dns server operator logs and analyzes every dns query, but the possibility does exist. So if you strive for maximum anonymity, you should do the dns name resolution yourself - run your own local dns resolver!
3. DNS and useability
Like with SMTP mailservers, most providers allow access to their dns servers only to their customer IPs. If you switch internet connections often, for example if you run VPNs, you might not have access to your main provider's dns servers.
Running your own dns resolver on your PC will solve this, since you'll always have access! You don't need to change dns server settings ever again.
4. Installing DNS server software
To run your own dns resolver, you need to install a dns server software. There are quite a lot of applications out there that do just this, however, we recommend to use TreeWalk DNS (http://ntcanuck.com/) which is a free software package. Download and install the software.
TreeWalk will run as a service under windows and will be started automatically each time you boot your PC. If you don't like this, you can change this behaviour by opening your windows control panel, then going to the services part. Look for twdns service and change the settings from the properties tab.
You don't normally need to configure TreeWalk; by default, it's already configured to do dns resolving lookups and to allow only your own PC and your internal LAN (10.x.x.x, 192.168.x.x). If you don't want this, you can edit TreeWalk's config file and restart.
The only thing left to do is to change your dns server settings in your network settings. Choose manual configuration of the dns servers and enter 127.0.0.1 (which is your local PC) as primary dns server. You should leave the secondary dns server blank.
That's it! You now surf the net with your own local dns server.
Should you have any questions, you're welcome to ask SurfoNym's support!