How DNS encryption protects your privacy

In recent years, with the increasing use of big data and the maturity of technology, people have become increasingly aware of the importance and necessity of personal privacy protection.

When you enter your personal bank card information and personal home address on a shopping website, how to protect your personal information from being leaked?

When you surf the Internet, how to prevent people from obtaining your browsing information, and how is your privacy protected?

As we introduced in the previous article, DNS is a collection of characters of an IP address, which can be composed of letters, numbers, etc. We access websites mainly through the domain names system, and before actually accessing the website, we need to resolve the domain name to an IP address through a DNS server. DNS pollution and DNS hijacking occur in this process.

What are DNS pollution and DNS hijacking?

DNS pollution

DNS pollution returns you the IP address of a page that doesn't exist.

DNS pollution is the first step in the user request, which directly interferes with the user's DNS request from the protocol. Some countries or regions use DNS pollution to prevent a website from being accessed for specific purposes. For example, certain websites, such as Youtube, and Facebook, may block users from accessing in.

DNS hijacking

DNS hijacking returns you a fake page of the IP address.

When you need to access the address of www.google.com, the DNS server happens to be hacked and returns an IP address that is not a Google server, but a fake page, and you go to that wrong address.

How information is leaked?

In the early days of the invention of the DNS server, we did not consider security. The IP address returned from the server was directly transmitted in plaintext without encryption. The plaintext data would pass through multiple physical nodes such as intermediate proxy servers, routers, wifi hotspots, and communication service operators.

When monitoring your communication with the DNS server, the transmitted content is completely exposed, and the hackers can know what you are accessing, resulting in privacy leakage. The information will be encrypted during the transmission process to prevent personal information leakage so that the middleman cannot view or tamper with it.

How DNS encrypts your privacy？

• Symmetric Cryptography
• Asymmetric Cryptography

What is Symmetric Cryptography?

Simply put, there is a key, similar to the key in our daily life, which can encrypt a piece of information and can also decrypt the encrypted data.

In the case of symmetric cryptography, both parties in the communication need to hold the same key, and no one else knows it. Hence, how to ensure strict restrictions under realistic conditions, so the second encryption method is asymmetric cryptography.

What is Asymmetric Cryptography?

In a symmetric cryptography relationship, there is only one key. In the asymmetric cryptography relationship, one is called the public key, and the other is called the private key. The private key must decrypt the content encrypted with the public key. Similarly, the public key can only decrypt the content encrypted by the private key.

(It's better to understand the relationship with this chart below.)

The security of asymmetric cryptography is greatly improved, but compared with symmetric cryptography, the speed of message transmission is minimal, and the rate of encryption and decryption is slower. Therefore, we can use a combination of symmetric cryptography and asymmetric cryptography simultaneously to improve the security and speed of information transmission.