When visiting a Wi-Fi hotspot, do you really trust their DNS settings? By default client machines using DHCP will get their DNS settings as well as other addressing information from the DHCP server, which would be the router at a wireless hotspot. Trustworthy? Why would anyone think so?
First, don't bother with the Gnome/Mate/Cinnamon networking applet. It will let you make the change, but doesn't successfully change the system configuration. Instead, find the Network Settings. In the Mate menu it's at System|Administration|Network. It should something look like this:
Click on the padlock where it says "Click to make changes" and enter your root password. Click on the connection you want to configure. For this example I'm using a desktop on a home network using Verizon FiOS. Feeling neither trust nor love for Verizon, I'd rather not trust their DNS servers. Instead, I'll use OpenDNS. Here's a little piece at the bottom of their home page:
Note the two IPv4 addresses, 208.67.222.222 and 208.67.220.220. Enter these addresses in the DNS Servers box under the DNS tab. There are other choices for a public DNS, e.g., Google.
One unfortunate aspect of the GUI management of DNS settings is that with wireless connections, the settings must be made for each access point, which means that the first time you connect to a new access point, the DNS server address will default to the access point or its DNS server. Fix it as above and then restart networking.
At the Google page there is a link to a nice little introduction to DNS security.
No comments:
Post a Comment