Net neutrality is on its death bed. With it gone, ISPs will be able to strip-data-mine your every move on the web. There are answers. One is Tenta‘s new secure Domain Name System (DNS) resolver, Tenta DNS. This receives and sends the directions to the websites you visit using the secure Transport Layer Security (TLS) protocol.
DNS is the internet’s master phone book. When you type in a website address or click on a link, it turns human-readable domain names into machine-usable IP addresses. If you use your ISP’s DNS server, which is the default, the ISP can watch your every move. Even if you use an ordinary third-party DNS server, such as Google Public DNS servers, 18.104.22.168 or 22.214.171.124, and one of Cisco’s OpenDNS servers, 126.96.36.199 or 188.8.131.52, your DNS requests are still made in the clear and your ISP can see where you’re going.
To conceal what you’re doing on the web, you must encrypt your DNS requests. To lock these down, developers created the Internet Engineering Task Force (IETF) RFC 7858, Specification for DNS over Transport Layer Security. What Tenta has done is to take this internet standard and turn it into real software.
As the company explained in a blog post, “Tenta DNS is a modern, secure DNS alternative that supports both ICANN and OpenNIC roots, DNS over TLS, and DNSSEC (DNS Security Extensions). By initiating a TLS protocol when DNS data is sent from your browser, Tenta DNS closes yet another crack through which your ISP can spy on you.”
Other DNS servers are expected to support DNS over TLS soon. As Patrick Nohe, the SSL Store content manager, pointed out, “Adoption depends entirely on the DNS industry. If a server is equipped with SSL/TLS, DNS over TLS is within its capabilities — it’s just a matter of supporting it.”
Programmers, such as those working on the DNS Privacy Project, are also building DNS over TLS implementations.