dns isp_为什么不应该使用ISP的默认DNS服务器

dns isp

Your computers, phones, and other devices normally use the Domain Name System (DNS) server with which the router is configured. Unfortunately, this is often the one provided by your Internet Service Provider (ISP). These lack privacy features and also might be slower than some alternatives.

您的计算机，电话和其他设备通常使用配置了路由器的域名系统(DNS)服务器。 不幸的是，这通常是您的Internet服务提供商(ISP)提供的。 这些缺乏隐私功能，并且可能比某些替代方案要慢。

DNS不是私有的(没有DoH) (DNS Is Not Private (Without DoH))

DNS was designed nearly 40 years ago, and it hasn’t evolved much since. It’s entirely unencrypted. This means it offers the same level of protection against nosy third parties as unsecured HTTP traffic, which is not much at all. Even if you use HTTPS, any third party in the middle of your traffic can see the websites to which you’re connecting (but not the contents of your visit). For example, on a public Wi-Fi network, the operator of that network could monitor which websites you visit.

DNS是在40年前设计的，从那以后就没有多大发展。 它是完全未加密的。 这意味着它提供了与不安全的HTTP流量相同程度的保护，以防止恶意的第三方访问，这一点也不多。 即使您使用HTTPS，访问量中间的任何第三方都可以看到您要连接的网站(但访问的内容却看不到)。 例如，在公共Wi-Fi网络上，该网络的运营商可以监视您访问的网站。

The solution to this issue is DNS over HTTPS (DoH). This new protocol simply encrypts the contents of a DNS query so third parties can’t sniff it out. Major DNS providers, like Cloudflare, OpenDNS, and Google Public DNS, already support it. However, Chrome and Firefox are also in the process of rolling it out.

解决此问题的方法是通过HTTPS的DNS(DoH )。 这个新协议只是对DNS查询的内容进行加密，因此第三方无法将其嗅探出来。 Cloudflare，OpenDNS和Google Public DNS等主要DNS提供商已经支持它。 但是，Chrome和Firefox也正在推广中。

Aside from the privacy improvements, DoH prevents any tampering with DNS queries in transit. It’s just a more secure protocol, and everyone should use it.

除了改善隐私性外，DoH还可以防止篡改传输中的DNS查询。 这只是一个更安全的协议，每个人都应该使用它。

However, even if you enable DoH in your browser, it’s up to the DNS provider to implement it. Most home network connections are configured by default to use the ISP’s DNS servers, which probably don’t support DoH. If you haven’t changed it manually, this is probably the case with your browser and operating system.

但是，即使在浏览器中启用DoH，也要由DNS提供程序来实现。 默认情况下，大多数家庭网络连接都配置为使用ISP的DNS服务器，该服务器可能不支持DoH。 如果您没有手动更改，则浏览器和操作系统可能就是这种情况。

There are some exceptions, though. In the U.S., Mozilla Firefox is automatically enabling DNS over HTTPS and using Cloudflare’s DNS servers. Comcast’s DNS servers support DoH and work with Google Chrome and Microsoft Edge.

但是，也有一些例外。 在美国， Mozilla Firefox会自动通过HTTPS启用DNS，并使用Cloudflare的DNS服务器。 Comcast的DNS服务器支持DoH，并可以与Google Chrome和Microsoft Edge一起使用。

Generally, though, the only way to really get DoH is to use a different DNS service.

但是，通常，真正获得DoH的唯一方法是使用其他DNS服务。

您的ISP可以记录您的浏览历史记录 (Your ISP Can Log Your Browsing History)

If you care at all about privacy online, using your ISP’s DNS server is a massive problem. Every request sent can be logged and tells your ISP which websites you browse, down to the hostnames and subdomains. Browsing history like this is the kind of valuable data off of which many companies make huge profits.

如果您完全关心在线隐私，那么使用ISP的DNS服务器是一个大问题。 发送的每个请求都可以记录下来，并告诉您的ISP您浏览了哪些网站，包括主机名和子域。 像这样的浏览历史是许多公司从中获得巨额利润的一种有价值的数据。

Many ISPs, including Comcast, claim they don’t log customer data. However, Comcast actively lobbied against DoH. Although U.S. ISPs claim they don’t collect data, (and even though it’s legal to do so), it would be very easy to implement since they control the DNS servers you use. The FTC was concerned enough to investigate whether ISPs are doing this. Laws and regulations in other countries vary, so it’s up to you whether you trust your ISP.

包括康卡斯特(Comcast)在内的许多ISP声称它们不记录客户数据。 但是，康卡斯特积极游说反对卫生部。 尽管美国ISP声称他们不收集数据(尽管这样做是合法的)，但由于它们可以控制您使用的DNS服务器，因此实现起来非常容易。 FTC非常关注调查ISP是否正在这样做。 其他国家/地区的法律法规不尽相同，因此，是否信任ISP取决于您。

It’s worth noting that Comcast has adopted DoH, but this doesn’t protect your privacy when it comes to the company monitoring your DNS queries. DoH secures the connection between you and the DNS provider, but, in this case, Comcast is the DNS provider and, therefore, can still see the queries.

值得注意的是， Comcast已采用DoH ，但这对于监视DNS查询的公司并不能保护您的隐私。 DoH可以保护您与DNS提供程序之间的连接，但是在这种情况下，Comcast是DNS提供程序，因此仍然可以查看查询。

Of course, DNS isn’t the only way ISPs track you. They can also see the IP addresses you connect to, regardless of which DNS server you use. They can glean a lot of information about your browsing habits this way. Changing DNS servers won’t stop your ISP from tracking, but it will make it a little harder.

当然，DNS并非ISP跟踪您的唯一方法。 无论您使用哪个DNS服务器，他们都可以查看您连接到的IP地址。 他们可以通过这种方式收集有关您的浏览习惯的许多信息。 更改DNS服务器不会阻止您的ISP进行跟踪，但是会增加难度。

Using a virtual private network (VPN) for your daily browsing is the only real way to prevent your ISP from seeing what you’re connecting to online. You can check out our guide on VPNs to learn more about them.

使用虚拟专用网络(VPN)进行日常浏览是阻止ISP看到您在线连接的唯一真正方法。 您可以查看有关VPN的指南，以了解有关它们的更多信息。

第三方DNS服务器可能会更快 (Third-Party DNS Servers Might Be Faster, Too)

In addition to privacy concerns, DNS services provided by ISPs can be slower than Google or Cloudflare. This isn’t always the case, as your ISP will generally be closer to you than a third party, but many people get faster speeds with a third-party DNS server. It’s usually just a difference of milliseconds, though, which might not matter much to you.

除了隐私问题之外，ISP提供的DNS服务可能比Google或Cloudflare慢。 并非总是如此，因为您的ISP通常比第三方更接近您，但是许多人使用第三方DNS服务器的速度更快。 不过，通常只有几毫秒的时间差，对您来说可能并不重要。

您应该使用哪个公共DNS服务器？ (Which Public DNS Server Should You Use?)

If you want to switch to a public DNS server, you have a few options. The most common is Google’s Public DNS, which use the addresses 8.8.8.8 and 8.8.4.4.

如果要切换到公共DNS服务器，则有几种选择。 最常见的是Google的公共DNS，使用地址8.8.8.8和8.8.4.4 。

If you trust Google less than your ISP, you can also use CloudFlare’s DNS, which claims to be the fastest and takes a privacy-first stance. The main address for it is 1.1.1.1, with an alternate of 1.0.0.1.

如果您对Google的信任程度不及ISP，则还可以使用CloudFlare的DNS，该DNS声称是最快的，并且采取隐私优先的态度。 它的主要地址是1.1.1.1 ，备用地址是1.0.0.1 。

Lastly, you can also use OpenDNS, from Cisco. You can find the addresses for that here.

最后，您还可以使用Cisco的OpenDNS。 您可以在此处找到该地址。

如何更改您的DNS设置 (How to Change Your DNS Settings)

The best way to change your DNS settings is at the router level. If you change your DNS server on your router, this change will apply to every device on your home network.

更改DNS设置的最佳方法是在路由器级别。 如果更改路由器上的DNS服务器，则此更改将应用​​于家庭网络中的每个设备。

To get started, type either 192.168.1.1 or 10.0.0.1 to log in to your router.

首先，键入192.168.1.1或10.0.0.1登录到路由器。

The exact location of the DNS setting varies depending on which router you have. However, it should be somewhere in the network settings.

DNS设置的确切位置取决于您拥有的路由器。 但是，它应该在网络设置中的某处。

For example, on a Verizon router, it’s under My Network > Network Connections > Broadband > Edit. Once there, you can change the address manually and replace your ISP’s automatic servers.

例如，在Verizon路由器上，它位于我的网络>网络连接>宽带>编辑下。 到达那里后，您可以手动更改地址并替换ISP的自动服务器。

If you have any trouble finding it, just do a Google search for your router model to find out where this setting is.

如果找不到任何问题，只需在Google上搜索您的路由器型号即可找出此设置的位置。

If you’re in a situation in which you can’t change the DNS settings on the router (like a college dorm or another location where you don’t control the Wi-Fi), you can still change the settings for your specific device. We’ll show you how to change these settings on a Mac and Windows machine (go here to find out how to change these on an Android phone or iPhone).

如果您无法更改路由器上的DNS设置(例如大学宿舍或您无法控制Wi-Fi的其他位置)，则仍然可以更改特定设备的设置。 我们将向您展示如何在Mac和Windows计算机上更改这些设置(转到此处以了解如何在Android手机或iPhone上更改这些设置)。

On a Windows machine, open “Control Panel” from the Start menu, and then navigate to the “Network and Sharing Center.” In the sidebar, click “Change Adapter Settings.”

在Windows计算机上，从“开始”菜单中打开“控制面板”，然后导航到“网络和共享中心”。 在边栏中，单击“更改适配器设置”。

You should see a list of your network devices on both Ethernet and Wi-Fi. If you want to change the settings for both, you’ll have to repeat the following instructions for each device.

您应该会在以太网和Wi-Fi上看到网络设备的列表。 如果要同时更改两者的设置，则必须为每个设备重复以下说明。

Right-click the first device for which you want to change the DNS settings, and then click “Properties.”

右键单击要更改其DNS设置的第一台设备，然后单击“属性”。

Select “Internet Protocol Version 4” from the list.

从列表中选择“ Internet协议版本4”。

In the dialog box that appears, select the radio button next to “Use the Following DNS Server Addresses,” type your preferred DNS server addresses, and then click “OK.”

在出现的对话框中，选择“使用以下DNS服务器地址”旁边的单选按钮，键入您首选的DNS服务器地址，然后单击“确定”。

On a Mac, you’ll find this option in “System Preferences” under “Network.” Click “Wi-Fi” or “Ethernet,” and then click “Advanced” at the bottom of the menu.

在Mac上，您可以在“网络”下的“系统偏好设置”中找到此选项。 单击“ Wi-Fi”或“以太网”，然后单击菜单底部的“高级”。

Under the “DNS” tab, you can modify the DNS settings for your device. Click the plus (+) or minus (-) signs at the bottom to add or remove servers.

在“ DNS”标签下，您可以修改设备的DNS设置。 单击底部的加号(+)或减号(-)以添加或删除服务器。

如何通过HTTPS(DoH)启用DNS (How to Enable DNS Over HTTPS (DoH))

If you want to enable DoH on your browser, you can do so on Chrome, Firefox, and Microsoft Edge.

如果要在浏览器中启用DoH，则可以在Chrome，Firefox和Microsoft Edge上启用。

On Chrome, go to chrome://flags/#dns-over-https, and then select “Enabled” from the drop-down menu. Relaunch Chrome for the changes to take effect.

在Chrome上，转到chrome：// flags /＃dns-over-https，然后从下拉菜单中选择“启用”。 重新启动Chrome，以使更改生效。

In Firefox, the option is a bit buried. Open the menu and go to Options > General. Scroll down and click “Settings” at the bottom. Select the checkbox next to the “Enable DNS over HTTPS” option. You can also select a DNS provider manually here if you prefer.

在Firefox中，该选项有些隐蔽。 打开菜单，然后转到选项>常规。 向下滚动并单击底部的“设置”。 选中“通过HTTPS启用DNS”选项旁边的复选框。 如果愿意，还可以在此处手动选择DNS提供程序。

翻译自: https://www.howtogeek.com/664608/why-you-shouldnt-be-using-your-isps-default-dns-server/

dns isp