Indian Spices (Just because I love them)

DNS is an integral part of internet. It plays significant role in performance and security of internet.

What’s DNS?

Well, according to Cloudflare

Domain Name System (DNS) is the phonebook of Internet. Humans access information online through domain names, like google.com or yahoo.com. Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources.

Let’s see how DNS may work in your network

By default your devices use DNS resolver provided by ISP (Typically ISPs are the internet service providers like BSNL, Reliance Jio, Airtel). Default ISP DNS resolvers uses UDP without any encryption. DNS can be hijacked to redirect users to ad websites (Increase the revenue). For example, when a user hits unregistered or unresolvable domains, ISP DNS resolvers will direct users to their ad page. DNS lookups can be stored and used to recommend products. That’s the last thing any user want. If you think about it, users pay for ISPs to sell products to users? That doesn’t make sense but totally possible and most likely happening already. If you are wondering how this can be avoided, the sad truth is you can’t.

Here comes DNS over HTTPS (doh…)

Most of our activities in internet are monitored at different levels. But there is a way to stay anonymous to ISP DNS resolvers, its called DNS over HTTPS, its supposed to be secure and improves privacy. However I don’t completely agree with the privacy part because still resolvers can see logs atleast they are trusted parties. DNS queries will be secure during the transport and hard to hijack. Trusted resolvers are much better in this case.

Why are we talking about this?

Internet isn’t the best place to expect privacy but it can be made more secure using few hacks. I believe DOH is one of the hacks. I use it here in the US for my home network. I wanted to secure my home in India as well. Before that I should try to figure out the performance of DOH in India. My home is located in a small town and I have BSNL broadband. Indian broadband networks especially in rural areas have poor performance and availablility due to lack of infrastructure. In addition to that India is a mobile first market. I have run different experiments and identified issues in broadband network. There is a common misconception about BSNL customer service. They responded pretty well to my concern about availability. Kudos to BSNL for that.

I used RIPE probes for the experiment. RIPE is a non-profit organization that has probes installed in different parts of the world. Members can use the probe to run certain allowed experiments using those probes. I ran my measurements using RIPE probes installed in India

Experiment

I decided to test the response time for DOH using a ripe probe installed in different broadband networks.

DNS over HTTPS providers (Doh)

Cloudflare - 1.1.1.1 Google Public DNS — 8.8.8.8

For the experiment, I have taken the list of popular websites in India based on Alexa ranking. This was precisely taken on July 07 2018 PST.