Stop DNS Manipulation Attacks By Encrypting DNS Queries
Jigsaw, a company owned by Google’s holding company Alphabet, has released an easy-to-use application for Android platform. This app, Intra, encrypts all DNS queries made by the Android system or apps, and hence checks DNS manipulation attacks imposed by ISPs or government authorities. Intra is free and has no data usage limit.
Every time a user enters a website’s URL in the address bar of the browser or any installed application accesses its remote server, the URL is passed through a DNS server. Most of the DNS servers are controlled by ISPs and can be controlled by government authorities. The DNS server returns IP address of the requested URL, and plays a very crucial role for connecting to the requested URL. A manipulative DNS server may return incorrect IP address for some specific URLs in order to block access or control browsing. Moreover, ISPs and government authorities can have a watch over the accessed URLs.
Encrypted DNS requests help users to overcome these problems by securing the DNS requests, so that ISPs or authorities can’t see requested URLs. A DNS server offering DNS over HTTPS/TLS would return encrypted response, and hence users can access the authentic website without being tracked by authorities.
DNS over TLS in Android 9 Pie
Google has already addressed DNS manipulation issue in the latest version of Android. The Android 9 Pie has option for setting up system-wide private DNS. This is a huge security feature introduced in the Android 9. Users of Android Pie can turn on it to encrypt their DNS requests and prevent DNS leaking or manipulation by authorities. For other Android versions, users can install the Intra app by Jigsaw.
Using Intra app is very easy. Begin with installing the app from Google Play, and turn on it – and you’re good to go.
By default, the Intra app connects to Google’s DNS server (dns.google.com), but users can opt for Cloudflare’s DNS or enter any other supported DNS server. Moreover, users can exclude specific apps to not use Intra.