Reading Time: 3 minutes

Changing the DNS Server on your ISP’s Router

One of the ways your ISP is spying on you is through monitoring your DNS requests. Each time you visit a website the TCP/IP handshake reaches out to your ISP and asks to get the IP Address of a domain name (website) you are visiting. This happens even if the website is using encryption with an SSL.

There are many other benefits to changing the router’s DNS server. If you are trying to filter out pornographic websites for children a DNS server like OpenDNS can help.

https://www.quad9.net/

Fun Facts

Wireshark: TCP/IP Handshake

You can see in a Wireshark trace that my local machine reaches out to the ISP’s DNS server to resolve (mrjamiebowman.com) to an IP address. It returns the IP for my website.

(Wireshark DNS Handshake)

ISP’s DNS Server

Just for fun, I looked up information about the DNS server that my ISP was using. A reverse DNS lookup reveals that the IP address (209.18.47.62) has a hostname of dns-cac-lb-02.rr.com. Then I did a WHOIS IP Lookup and that revealed who owned this IP address.

(WHOIS IP)

Which ultimately lead me here on Google maps…

(ISP on Google Maps)

Changing the Setting

This is actually relatively easy. I will be updating a Spectrum Arris modem and I will be using Quad9’s DNS Server which uses (9.9.9.9) for their IP address.

(Default DNS Settings)

I changed my “Primary DNS Server IP” from 209.18.47.62 to 9.9.9.9 (Quad9)

(Pointing to Quad9’s DNS Server)

Now, if I look in Wireshark I will see that my source and destination IP addresses for the DNS protocol are pointing to 9.9.9.9 (Quad9).

(Wireshark – Quad9 DNS)

Wrapping Up

As you can see we are now pointing to Quad9’s DNS server. This doesn’t stop the ISP from spying on me but it does slow them down. They can still see the unencrypted data that I’m sending between domain names and could still cross-reference IP addresses to domain names. However, this removes their ability to spy on what domains I visit through DNS.