This means that rather than using DNS servers supplied by your Internet Service Provider (ISP) or Google, you can resolve your own DNS queries and publish your DNS address on the internet yourself.
Still confused? Ok, let’s start at the beginning…
What is DNS?
The DNS (aka Domain Name System) is used to resolve human-readable hostnames like www.ProPrivacy.com into machine-readable IP addresses like 18.104.22.168.
DNS also provides other information about domain names, such as mail services.
IP addresses and URLs
Every internet connected device and resource has a unique numerical address to identify it so that other devices on the internet can find and communicate with them. This numerical identifier is known as an Internet Protocol (IP) address.
By far the most commonly used internet resources are websites, each of which can be identified using its unique IP address. Problem is, though, that although computers are great at remembering long strings of numbers, us poor humans are not.
We, therefore, use easier to remember web addresses (URLs) such as proprivacy.com instead.
A DNS server simply translates URLs into IP address that computers can understand. It is basically just an address book that cross-references a URL with its corresponding IP address. For example, translating the URL proprivacy.com to its IP address of 22.214.171.124.
Things are, of course, a little more complicated than this. The DNS server needs to stay continually updated with the latest lists of URL and their corresponding IP addresses. But in a nutshell that is all a DNS server does.
When you use a Virtual Private Network (VPN), all DNS requests should be sent through your encrypted VPN tunnel to be handled by a DNS server run by your VPN provider. When this does not happen, you have what is called a DNS leak.
Enter BIND - Open Source DNS Server
BIND is open source DNS server software developed by Internet Systems Consortium(ISC). It is the ubiquitous de facto standard DNS server software on the internet, with some 70 percent of all DNS servers using the software.
BIND is composed of three parts:
- Resolver –The bit that resolves DNS queries by translating URLs into IP addresses.
- Authoritative domain name server – which answers requests from other DNS resolvers about domain name queries. This is how DNS servers stay updated with URLs and their corresponding IP addresses. As such, BIND provides the backbone for much of the world’s DNS system.
- Tools – a big selection of diagnostic and other tools.
BIND and VPN Servers
DNS translation can be a big privacy threat for VPN users. A simple VPN setup will hide what your real IP gets up to on the internet from your ISP. This is completely undermined, however, if your ISP is responsible for translating the names of every URL your visit into their corresponding IP addresses.
It will know exactly which websites you have visited, even when using a VPN! In order to prevent this, most, commercial VPN services use BIND (or something similar) to resolve users’ DNS requests.
This prevents your ISP from being able to track your internet activity using DNS translation and removes the need for third-party DNS services such as Google DNS. If you run a personal VPN server, you can do the same thing. The instructions linked to below should help get you started.
Most good VPN services these days also offer DNS leak protection as a feature of their software. This uses firewall rules to ensure that all DNS requests are routed through the VPN tunnel to be resolved by DNS server run by the VPN provider.
Note that most VPN clients currently only support IPv4 DNS routing, and prevent IPv6 leaks with the simple expedient of disabling IPv6. OpenVPN GUI 4.2.x, however, fully supports both IPv4 and IPv6 routing.
Hiding your location
In addition to privacy, a popular use for VPNs is to watch TV shows such as BBC iPlayer and Netflix outside of their originating country. Software such as BIND allows VPN services to ensure that DNS requests are resolved in the same country as the IP address appears from. This makes it less likely that a service will detect that you are using a VPN and consequently block you.
Indeed, many services do not even check users’ IP addresses! They just look at the country the DNS request is processed from. Smart DNS providers take advantage of this to provide unblocking services.
Because DNS translation is basically just looking up addresses in a database, it is almost instant. This makes Smart DNS much faster than VPNs, which must expend processing power on encrypting and decrypting data.
How to create your own Open Source DNS server with BIND
BIND is developed as a UNIX tool, but the code can be recompiled for use on any platform. A pre-compiled executable version of BIND for Windows is available on the official download page. Custom versions of BIND are available for most server platforms. For example CentOS, Red Hat Enterprise Linux, Debian, Fedora, FreeBSD, Solaris, and Ubuntu.
As always when downloading open source DNS (or any other software) from the internet please take the time to verify the code’s digital signature.
BIND is primarily a network tool used by professional server administrators. The full official setup and configuration documentation is available here. If you fancy trying your hand at creating a home/VPS DNS server using BIND, here are some quickstart-ish!) setup instructions for Windows and Ubuntu, and CentOS6.
If running your own VPN server with accompanying BIND DNS resolver, OpenVPN GUI can push DNS requests to your BIND server. OpenVPN GUI 4.2.x includes full DNS leak protection.
BIND ISC DNS Recap
BIND by ISC handles DNS translation and is the backbone of the DNS system. Because it is free and open source, BIND can be deployed by anybody with the technical chops to configure it correctly.
That BIND allows individuals and small companies to handle DNS queries is particularly important when it comes to VPNs, as DNS translation is a privacy risk that can undermine the benefits of using a VPN.