Advice Request DNS firewall vs VPN

Please provide comments and solutions that are helpful to the author of this topic.

blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
SohanRay said:
About VPN being safe for the unencrypted traffic...... The VPN only encrypts them from the user/client end upto the VPN servers. Rest goes like it would normally, without the VPN. So say I visit a HTTP website, then I'll be in danger if I enter any personal details here,with or without the VPN. And if I don't enter any sensitive info here, I think I'll be safe with or without the VPN. Isn't that so?
Click to expand...
It would be good in this case if you were concerned about the security of the local network you are on, or wary of the ISP. However, I wouldn’t enter sensitive information on any HTTP website regardless of if I was on a VPN or not.
 
  • Like
Reactions: SohanRay
SohanRay

SohanRay

Level 5
Thread author
Mar 19, 2022
246
blackice said:
It would be good in this case if you were concerned about the security of the local network you are on, or wary of the ISP. However, I wouldn’t enter sensitive information on any HTTP website regardless of if I was on a VPN or not.
Click to expand...
Concerned about my privacy on the network or from the ISP you mean right?
 
blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
SohanRay said:
Concerned about my privacy on the network or from the ISP you mean right?
Click to expand...
Privacy or security. Though if you don’t trust a network you probably shouldn’t connect to it at all. Though we have little choice in ISPs available. A VPN could create a secure end to end encrypted link if you were VPNing straight to the network you are working on, like corporate VPNs. Consumer commercial VPNs are mostly for torrenting, malware research and kids hiding adult browsing from their parents.
 
  • Like
Reactions: Kongo and SohanRay
n8chavez

n8chavez

Level 20
Well-known
Feb 26, 2021
972
SohanRay said:
That comes later actually, currently I am questioning if VPN is actually providing better security than an encrypted dns firewall. It does provide better privacy but does it provide better security exactly?
Click to expand...

You keep using the phrase "encrypted dns firewall." What do you think it means? If you are referring to DoH, that's encrypted but there is no firewall. If you are referring to DNS-level filtering, that can act as a "firewall" per-se (although no one ever calls it that) but that might not be encrypted. In the case of the former,better security is provided. In the case of the latter, better privacy is provided. But, like I said before, having a VPN should always be first. DoH should be added to that.
 
SohanRay

SohanRay

Level 5
Thread author
Mar 19, 2022
246
n8chavez said:
You keep using the phrase "encrypted dns firewall." What do you think it means? If you are referring to DoH, that's encrypted but there is no firewall. If you are referring to DNS-level filtering, that can act as a "firewall" per-se (although no one ever calls it that) but that might not be encrypted. In the case of the former,better security is provided. In the case of the latter, better privacy is provided. But, like I said before, having a VPN should always be first. DoH should be added to that.
Click to expand...
Check this out....
nextdns.io

NextDNS

The new firewall for the modern Internet
nextdns.io

VPN does provide better privacy, but I don't see how it is providing better security.
 
n8chavez

n8chavez

Level 20
Well-known
Feb 26, 2021
972
SohanRay said:
Check this out....
nextdns.io

NextDNS

The new firewall for the modern Internet
nextdns.io

VPN does provide better privacy, but I don't see how it is providing better security.
Click to expand...

I use NextDNS. It's very good. But, you have that exactly backward. A VPN provides better security, because of the encryption, but not necessarily privacy.
 
  • Like
Reactions: blackice
n8chavez

n8chavez

Level 20
Well-known
Feb 26, 2021
972
SohanRay said:
How?
Click to expand...

What do you mean how? A VPN uses an encrypted tunnel between your computer and the VPN's service provider, right? That 's security. But a VPN does not always block ads, trackers, malware, etc. That would be privacy. So, even though a VPN conceals your location it doesn't always provide privacy in a way you can control. Bottom line, VPN + Customizable DNS filtering = best. For that look at NextDNS or ControlD. So, for both, use a VPN, enforce HTTPS, and enforce DoT/DoH.
 
Last edited:
SohanRay

SohanRay

Level 5
Thread author
Mar 19, 2022
246
n8chavez said:
What do you mean how? A VPN uses an encrypted tunnel between your computer and the VPN's service provider, right? That 's security. But a VPN does not always block ads, trackers, malware, etc. That would be privacy. So, even though a VPN conceals your location it doesn't always provide privacy in a way you can control. Bottom line, VPN + Customizable DNS filtering = best. For that look at NextDNS or ControlD.
Click to expand...
Ok. Lemme give an example. Say I am visiting a HTTP (unencrypted) site. The VPN encrypts the connection between me and the VPN server. From there on, the connection to the site is normal i.e unencrypted. So whether or not you use a VPN if you enter any sensitive info in the HTTP site, you are in danger. So, as long as your Dns is encrypted you won't be directed to unintended IP address. Now, this applies to other network traffic too. The traffic is only encrypted between the client and vpn server. Rest depends on the type of connection anyways, just like when VPN is not being used. So what the Vpn does is just prevents someone linking my IP address to the website or domains I visit,so protecting my privacy to some extent,from entities like my ISP.
 
  • Like
Reactions: Kongo and n8chavez
n8chavez

n8chavez

Level 20
Well-known
Feb 26, 2021
972
SohanRay said:
Ok. Lemme give an example. Say I am visiting a HTTP (unencrypted) site. The VPN encrypts the connection between me and the VPN server. From there on, the connection to the site is normal i.e unencrypted. So whether or not you use a VPN if you enter any sensitive info in the HTTP site, you are in danger. So, as long as your Dns is encrypted you won't be directed to unintended IP address. Now, this applies to other network traffic too. The traffic is only encrypted between the client and vpn server. Rest depends on the type of connection anyways, just like when VPN is not being used. So what the Vpn does is just prevents someone linking my IP address to the website or domains I visit,so protecting my privacy to some extent,from entities like my ISP.
Click to expand...

Correct. But don't equate hiding your IP to privacy. Especially nowadays, those are not the same thing.
 
  • Like
Reactions: SohanRay
SohanRay

SohanRay

Level 5
Thread author
Mar 19, 2022
246
n8chavez said:
Correct. But don't equate hiding your IP to privacy. Especially nowadays, those are not the same thing.
Click to expand...
Correct actually. These days ISP using deep packet inspection can do lot more than conventional methods of tracking or loging.
 
blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
SohanRay said:
Ok. Lemme give an example. Say I am visiting a HTTP (unencrypted) site. The VPN encrypts the connection between me and the VPN server. From there on, the connection to the site is normal i.e unencrypted. So whether or not you use a VPN if you enter any sensitive info in the HTTP site, you are in danger. So, as long as your Dns is encrypted you won't be directed to unintended IP address. Now, this applies to other network traffic too. The traffic is only encrypted between the client and vpn server. Rest depends on the type of connection anyways, just like when VPN is not being used. So what the Vpn does is just prevents someone linking my IP address to the website or domains I visit,so protecting my privacy to some extent,from entities like my ISP.
Click to expand...
Actually encrypted DNS prevents people seeing or tampering with DNS from your resolver. DNSSEC is what actually prevents things like cache poisoning. They work in concert, but DNSSEC adoption is low. An encrypted DNS connection that pulls a record that has already been tampered with will still result in resolving the wrong site. Thankfully NextDNS supports DNSSEC.
 
Last edited:
  • Like
Reactions: cryogent, SohanRay and n8chavez
SohanRay

SohanRay

Level 5
Thread author
Mar 19, 2022
246
blackice said:
Actually encrypted DNS prevents people seeing or tampering with DNS from your resolver. DNSSEC is what actually prevents things like cache poisoning. They work in concert, but DNSSEC adoption is low. An encrypted DNS connection that pulls a record that has already been tampered with will still result in resolving the wrong site. Thankfully NextDNS supports DNSSEC.
Click to expand...
Exactly.
 
SohanRay

SohanRay

Level 5
Thread author
Mar 19, 2022
246
If a DNS firewall service and a good VPN service costs the same, which one should I choose.
The VPN here also has a dns firewall which blocks ads and malicious domains. But the DNS firewall is certainly better at it. Also the Dns firewall allows Customization.
 
blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
SohanRay said:
If a DNS firewall service and a good VPN service costs the same, which one should I choose.
The VPN here also has a dns firewall which blocks ads and malicious domains. But the DNS firewall is certainly better at it. Also the Dns firewall allows Customization.
Click to expand...
What is your goal in using these services?
 
blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
Then you are probably better off with DNS filtering. It also won't slow down your connection in the event you get service that is faster than the VPN can handle.
 
Last edited:
  • Like
Reactions: M4RT1NE2 and SohanRay

Similar threads

n8chavez
Serious Discussion Router VPN Killswitch
Replies
9
Views
492
VPN and DNS
sokabi
S
A
Advice Request Need to escape tracking
Replies
29
Views
1,518
General Security Discussions
aftech
A
X195
    • Like
Advice Request Help needed with DNS configuration
Replies
15
Views
1,075
AdGuard
Chuck57
Chuck57

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top