Changing the DNS Server on your ISP’s Router
One of the ways your ISP is spying on you is through monitoring your DNS requests. Each time you visit a website the TCP/IP handshake reaches out to your ISP and asks to get the IP Address of a domain name (website) you are visiting. This happens even if the website is using encryption with an SSL.
There are many other benefits to changing the router’s DNS server. If you are trying to filter out pornographic websites for children a DNS server like OpenDNS can help.
- DNS stands for “Domain Name System”.
- Paul Mockapetris invented DNS in 1983.
- It’s possible that DNS encryption will be in the near future.
Wireshark: TCP/IP Handshake
You can see in a Wireshark trace that my local machine reaches out to the ISP’s DNS server to resolve (mrjamiebowman.com) to an IP address. It returns the IP for my website.
ISP’s DNS Server
Just for fun, I looked up information about the DNS server that my ISP was using. A reverse DNS lookup reveals that the IP address (18.104.22.168) has a hostname of dns-cac-lb-02.rr.com. Then I did a WHOIS IP Lookup and that revealed who owned this IP address.
Which ultimately lead me here on Google maps…
Changing the Setting
This is actually relatively easy. I will be updating a Spectrum Arris modem and I will be using Quad9’s DNS Server which uses (22.214.171.124) for their IP address.
I changed my “Primary DNS Server IP” from 126.96.36.199 to 188.8.131.52 (Quad9)
Now, if I look in Wireshark I will see that my source and destination IP addresses for the DNS protocol are pointing to 184.108.40.206 (Quad9).
As you can see we are now pointing to Quad9’s DNS server. This doesn’t stop the ISP from spying on me but it does slow them down. They can still see the unencrypted data that I’m sending between domain names and could still cross-reference IP addresses to domain names. However, this removes their ability to spy on what domains I visit through DNS.