Advice Request DNS firewall vs VPN

Please provide comments and solutions that are helpful to the author of this topic.
SohanRay said:
About VPN being safe for the unencrypted traffic...... The VPN only encrypts them from the user/client end upto the VPN servers. Rest goes like it would normally, without the VPN. So say I visit a HTTP website, then I'll be in danger if I enter any personal details here,with or without the VPN. And if I don't enter any sensitive info here, I think I'll be safe with or without the VPN. Isn't that so?
Click to expand...
It would be good in this case if you were concerned about the security of the local network you are on, or wary of the ISP. However, I wouldn’t enter sensitive information on any HTTP website regardless of if I was on a VPN or not.
 
  • Like
Reactions: SohanRay
blackice said:
It would be good in this case if you were concerned about the security of the local network you are on, or wary of the ISP. However, I wouldn’t enter sensitive information on any HTTP website regardless of if I was on a VPN or not.
Click to expand...
Concerned about my privacy on the network or from the ISP you mean right?
 
SohanRay said:
Concerned about my privacy on the network or from the ISP you mean right?
Click to expand...
Privacy or security. Though if you don’t trust a network you probably shouldn’t connect to it at all. Though we have little choice in ISPs available. A VPN could create a secure end to end encrypted link if you were VPNing straight to the network you are working on, like corporate VPNs. Consumer commercial VPNs are mostly for torrenting, malware research and kids hiding adult browsing from their parents.
 
  • Like
Reactions: Kongo and SohanRay
SohanRay said:
That comes later actually, currently I am questioning if VPN is actually providing better security than an encrypted dns firewall. It does provide better privacy but does it provide better security exactly?
Click to expand...

You keep using the phrase "encrypted dns firewall." What do you think it means? If you are referring to DoH, that's encrypted but there is no firewall. If you are referring to DNS-level filtering, that can act as a "firewall" per-se (although no one ever calls it that) but that might not be encrypted. In the case of the former,better security is provided. In the case of the latter, better privacy is provided. But, like I said before, having a VPN should always be first. DoH should be added to that.
 
n8chavez said:
You keep using the phrase "encrypted dns firewall." What do you think it means? If you are referring to DoH, that's encrypted but there is no firewall. If you are referring to DNS-level filtering, that can act as a "firewall" per-se (although no one ever calls it that) but that might not be encrypted. In the case of the former,better security is provided. In the case of the latter, better privacy is provided. But, like I said before, having a VPN should always be first. DoH should be added to that.
Click to expand...
Check this out....
nextdns.io

NextDNS

The new firewall for the modern Internet
nextdns.io

VPN does provide better privacy, but I don't see how it is providing better security.
 
SohanRay said:
Check this out....
nextdns.io

NextDNS

The new firewall for the modern Internet
nextdns.io

VPN does provide better privacy, but I don't see how it is providing better security.
Click to expand...

I use NextDNS. It's very good. But, you have that exactly backward. A VPN provides better security, because of the encryption, but not necessarily privacy.
 
  • Like
Reactions: blackice
SohanRay said:
How?
Click to expand...

What do you mean how? A VPN uses an encrypted tunnel between your computer and the VPN's service provider, right? That 's security. But a VPN does not always block ads, trackers, malware, etc. That would be privacy. So, even though a VPN conceals your location it doesn't always provide privacy in a way you can control. Bottom line, VPN + Customizable DNS filtering = best. For that look at NextDNS or ControlD. So, for both, use a VPN, enforce HTTPS, and enforce DoT/DoH.
 
Last edited:
n8chavez said:
What do you mean how? A VPN uses an encrypted tunnel between your computer and the VPN's service provider, right? That 's security. But a VPN does not always block ads, trackers, malware, etc. That would be privacy. So, even though a VPN conceals your location it doesn't always provide privacy in a way you can control. Bottom line, VPN + Customizable DNS filtering = best. For that look at NextDNS or ControlD.
Click to expand...
Ok. Lemme give an example. Say I am visiting a HTTP (unencrypted) site. The VPN encrypts the connection between me and the VPN server. From there on, the connection to the site is normal i.e unencrypted. So whether or not you use a VPN if you enter any sensitive info in the HTTP site, you are in danger. So, as long as your Dns is encrypted you won't be directed to unintended IP address. Now, this applies to other network traffic too. The traffic is only encrypted between the client and vpn server. Rest depends on the type of connection anyways, just like when VPN is not being used. So what the Vpn does is just prevents someone linking my IP address to the website or domains I visit,so protecting my privacy to some extent,from entities like my ISP.
 
  • Like
Reactions: Kongo and n8chavez
SohanRay said:
Ok. Lemme give an example. Say I am visiting a HTTP (unencrypted) site. The VPN encrypts the connection between me and the VPN server. From there on, the connection to the site is normal i.e unencrypted. So whether or not you use a VPN if you enter any sensitive info in the HTTP site, you are in danger. So, as long as your Dns is encrypted you won't be directed to unintended IP address. Now, this applies to other network traffic too. The traffic is only encrypted between the client and vpn server. Rest depends on the type of connection anyways, just like when VPN is not being used. So what the Vpn does is just prevents someone linking my IP address to the website or domains I visit,so protecting my privacy to some extent,from entities like my ISP.
Click to expand...

Correct. But don't equate hiding your IP to privacy. Especially nowadays, those are not the same thing.
 
  • Like
Reactions: SohanRay
SohanRay said:
Ok. Lemme give an example. Say I am visiting a HTTP (unencrypted) site. The VPN encrypts the connection between me and the VPN server. From there on, the connection to the site is normal i.e unencrypted. So whether or not you use a VPN if you enter any sensitive info in the HTTP site, you are in danger. So, as long as your Dns is encrypted you won't be directed to unintended IP address. Now, this applies to other network traffic too. The traffic is only encrypted between the client and vpn server. Rest depends on the type of connection anyways, just like when VPN is not being used. So what the Vpn does is just prevents someone linking my IP address to the website or domains I visit,so protecting my privacy to some extent,from entities like my ISP.
Click to expand...
Actually encrypted DNS prevents people seeing or tampering with DNS from your resolver. DNSSEC is what actually prevents things like cache poisoning. They work in concert, but DNSSEC adoption is low. An encrypted DNS connection that pulls a record that has already been tampered with will still result in resolving the wrong site. Thankfully NextDNS supports DNSSEC.
 
Last edited:
  • Like
Reactions: cryogent, SohanRay and n8chavez
blackice said:
Actually encrypted DNS prevents people seeing or tampering with DNS from your resolver. DNSSEC is what actually prevents things like cache poisoning. They work in concert, but DNSSEC adoption is low. An encrypted DNS connection that pulls a record that has already been tampered with will still result in resolving the wrong site. Thankfully NextDNS supports DNSSEC.
Click to expand...
Exactly.
 
If a DNS firewall service and a good VPN service costs the same, which one should I choose.
The VPN here also has a dns firewall which blocks ads and malicious domains. But the DNS firewall is certainly better at it. Also the Dns firewall allows Customization.
 
SohanRay said:
If a DNS firewall service and a good VPN service costs the same, which one should I choose.
The VPN here also has a dns firewall which blocks ads and malicious domains. But the DNS firewall is certainly better at it. Also the Dns firewall allows Customization.
Click to expand...
What is your goal in using these services?
 
Then you are probably better off with DNS filtering. It also won't slow down your connection in the event you get service that is faster than the VPN can handle.
 
Last edited:
  • Like
Reactions: M4RT1NE2 and SohanRay

You may also like...