DoH: The Pros and Cons of DNS Over HTTPS

DOH-HTTPS-NOIP

First things first, let’s give a little refresher of what DNS is. DNS stands for Domain Name System

DNS is like the white page directory for the Internet. You supply a name, DNS supplies a number. The name, in this case, is specifically a hostname and the number is an IP address. Without DNS you would have to remember every IP address of every website you want to visit.

IP stands for Internet Protocol. An IP address is a unique number that allows computers to locate each other on a network. The Internet is a big network and uses IP addresses to route the communication to the proper host. An IP address looks like this: 204.16.252.112.

So how does it work? What happens when you type a URL into a web browser?

1. Enter Desired Domain (or website)

Alice wants to visit the website www.noip.com, so she types it in the address bar in her favorite web browser.

2. Computer Looks Up the IP Address

Her computer contacts her ISP to get the IP address for noip.com. Her ISP’s DNS server doesn’t know the IP address, so it checks with the domain root servers.

3. Website Loads

The root servers tell Alice’s ISP the IP address of No-IP’s nameservers and her ISP looks up noip.com. Her computer receives the IP address and connects to the website.

What is different about DoH and How does it work?

DoH stands for DNS over HTTPS.  The DoH protocol works much the same way as DNS in that a DNS query is sent to a DNS server to retrieve a website. However, DoH sends query information encrypted in HTTPS rather than plain text (as is the case with DNS). This protocol also works at the app level instead of the operating system level.  This allows DoH queries to be sent to a specific list of DNS servers and bypass ISP-level DNS default settings.

Google notes that “the idea is to bring the key security and privacy benefits of HTTPS to DNS, which is how your browser is able to determine which server is hosting a given website.”

What are the Pros and Cons of DoH?

Pros

  • It prevents man-in-the-middle attacks – since DNS queries are traditionally sent in plain-text, DoH can reduce the risk of man in the middle attacks where someone can see what DNS queries you are running between you and your recursive server because it encrypts your queries.
  • The encryption with DoH can protect sensitive information that DNS hijacking methodologies employ and obfuscate data that could be sniffed by third-party observers and ISPs.
  • Because DoH centralizes DNS traffic to a few DoH enable servers, load time performance is typically improved.

Cons

  • It overrides any sort of DNS filtering your network is doing to provide insight into security and your network info
  • It provides a different experience from web browsing and to the rest of your computer and network. You might have some DNS packets going to one recursive server and then some going through your network settings, so you may have a different experience from browser to the rest of your network.
  • It weakens cyber-security. By encrypting DNS queries, companies using DNS monitoring for cybersecurity measures will lose visibility into data such as query type, response and originating IP that are used to determine bad actors.

 

Where is DoH being used currently?

Currently, the only major browsers that are offering support for DoH are Chrome 78 or higher and Mozilla Firefox. Safari may offer DoH support in the future, but this has not been announced yet.

How does this affect No-IP services?

Long story short…this does not affect No-IP services. It actually shouldn’t really affect your Internet browsing either. If DoH does fail for any reason, your browser will just fall back to the traditional DNS lookups.

Have questions or concerns about DoH? Leave your comments below.

Anycast Networks: What Are They and Why Do They Even Matter?

anycast-network

We talk about our Anycast network a lot. With over 100 points of presence in globally redundant locations, what’s not to be proud of?

What is an Anycast network and why does it even matter?

Before we get into Anycast, let’s talk about a routing scheme called Unicast. Unicast is how most DNS networks work. An easy way to think of Unicast networks is one-to-one. Unicast is taking an IP address and assigning it to one unique nameserver. If you have the following nameservers: ns1, ns2, ns3, each one of those nameservers will be responsible for answering certain queries. If ns2 goes down due to power outage or severe weather, the server will move on to the next available unicast server. If the second server goes down due to being overloaded, your domain will be fully inaccessible.

So, what is Anycast?

If Unicast is one-to-one, Anycast is one-to-many. Anycast is taking the same IP address and assigning it to multiple locations across the network. In the same scenario as above, your website isn’t just hosted at one location (or on one nameserver), it is hosted on multiple name servers, in multiple locations. So, if one server in the Anycast cluster goes down, your website won’t go down with it. The queries will just be answered by the next server instead. It is used to help distribute traffic and query load across the entire network, so one point isn’t always doing all of the work. This helps keep the network fast and reliable. Anycast also helps to ensure that someone visiting your website from Tokyo, Japan, queries the server that is closest to their location. This helps to ensure that the website loads quickly.

Anycast helps ensure that the network is flexible and reliable. It helps the traffic find the quickest path. If one of our points of presence is having problems and we take it offline, that traffic will be routed to our next point of presence on the network that is nearby.

Outsourcing your Managed DNS for your domains to a reliable and trusted Managed DNS provider with a robust Anycast network is essential for small and large businesses.

If you depend on your website for customer leads and e-commerce, not thinking strategically about your Managed DNS network will do more harm than good. Ready to learn more or get started, add Plus Managed DNS to your domain now. Plus, save 25% on any *new service with coupon code MARCH2019.  (*not valid on renewals or domain registration. management reserves all rights)

 

 

Searching For a New Dynamic DNS Provider? Make the Switch to No-IP Dynamic DNS

dyn-dns

It was just announced this week that Oracle Dyn will be deprecating many of their DNS consumer/small business solutions soon, including the Dyn Remote Access and Dyn Pro products.

We’d like to be one of the first to welcome any Oracle Dyn Customers to No-IP. We have been around since the beginning (like Oracle Dyn) and offer services that are very similar to the ones you currently use.

If Oracle Dyn will no longer be offering your service, is requiring you to move to their cloud service, or if you’re simply looking for a change, we have a solution for you.

Currently an Oracle Dyn Remote Access Customer?

Our Free Dynamic DNS or Enhanced Dynamic DNS is the right product for you. These services are served on our rock-solid DNS network with over 100 points of presence across the globe. These services allow you to create hostnames on our domain names, allowing you easy access to your network, IP camera, computer, (or whatever is behind an IP address, really). Although you won’t be able to transfer your Oracle Dyn hostname to us, you can easily create a new one with the same settings and mapping. Create your Free Dynamic DNS account, or add Enhanced Dynamic DNS to your cart now.  We don’t require you to enter credit card information to create a free account.

Currently an Oracle Dyn Pro Customer?

If you currently have the Dyn Pro product, we recommend our Plus Managed DNS service. This service allows you to create hostnames on your very own domain name. This service also includes Dynamic DNS which means you won’t have to worry about your IP address changing and removing your connection. Our Plus Managed DNS service is sold in tiers. Our base service is $29.95. It includes the creation of up to 50 hostnames on ONE domain (zone) and you will save $10 on your domain registration. There is also the ability to upgrade to additional zones and you will save $5 on any additional domain registrations after your first initial registration.  Ready to get started? Purchase Plus Managed DNS now.

How do I keep my Hostname updated with the correct IP address?

We offer a Free Dynamic Update Client that you can easily install on your Windows, Mac, or Linux machine. This small piece of software will run on your computer at the network you would like to access remotely and will keep your hostname active with the correct IP address.

I’m currently using my router to do my dynamic updates for me, does No-IP do that too?

Like Oracle Dyn, No-IP is an Integrated Dynamic DNS provider in many popular routers including the following: Netgear, Linksys, D-Link, TP-Link and more. Using an Integrated Dynamic DNS solution removes the need to download any software on your computer, you simply do the configuration at the router level on your router. If your network is currently configured to use Dyn’s update protocol, you will simply need to update a few minor settings.

Never heard of No-IP? Why not let us take a few minutes to tell you who we are.

No-IP was started in 1999, 28+ million users later this amazing journey is still thriving and growing at a pace we never could have anticipated. From our beginnings as one of the first Dynamic DNS companies to becoming one of the world’s last Free Dynamic DNS providers, we’ve always stayed true to the values that helped us grow from the beginning. In addition to our robust Dynamic DNS network, No-IP also features an Anycast Network with over 100 points of presence located across the globe to ensure that your Managed DNS service never encounters any downtime. Guaranteed.

We Are Grateful

Delivering an easy, exceptional experience for our users, who are our biggest advocates, we owe a huge thanks to everyone who has helped No-IP on this awesome journey and for helping us become the company that we are today. We hope that you will continue to be a part of our story.

Ready to sign up for a Free dynamic DNS account? It’s easy, oh and did we also mention that a credit card is not required?

When we say free, we actually mean free – no credit card required, ever. Our Free Dynamic DNS is so awesome that 28+ million people in every single country worldwide trust it and use it every day. Sign Up Now to start creating your Free Dynamic DNS hostnames!

Need more than our Free Dynamic DNS service has to offer? We are also offering 20% off all of our other services… Use coupon code SWITCH20 at checkout to receive your discount! (Offer not valid on renewals and expires on September 30, 2019)

 

National Pi Day – Pi Day Jokes

It’s Pi Day, not pie as in apple, but pi as in the ratio of the circumference of a circle to its diameter — and today, No-IP marks the occasion with a few Pi Day Jokes guaranteed to make any nerd chuckle. Check them out below and be sure to share them with your friends.

pi-day-joke-march-14-be-rational
pi-day-joke-march-14-we-have-pi
pi-day-joke-march-14-talk-forever
pi-day-joke-march-14-pi-rates

Customize Your Dynamic DNS with Plus Managed DNS

plus-managed-dns-noip

Did you know that with Plus Managed DNS you can easily create hostnames on your very own domain?

Creating hostnames on a custom domain isn’t the only benefit of No-IP Plus Managed DNS, the other benefits include:

- Backed by our robust Anycast Network with 100+ points of presence across the globe
- Dynamic DNS with 100% uptime history
- Supports SSL upgrades – add an SSL certificate to your domain for extra security
- Supports Email upgrades – Want email on your own domain? Get the perfect you@yourdomain.com email for only $9.95 a year
- Need help or have questions? Plus Managed DNS includes Phone and Ticket Support

Another benefit of using Plus Managed DNS over our Free or Enhanced Dynamic DNS services is that your hostname is less likely to get flagged as SPAM on your social media accounts and search engines. Our Enhanced and Free customers share more than 80+ domains, meaning they have to count on millions of other people doing the right thing with their hostnames. Unfortunately, this isn’t always the case and certain Free and Enhanced domains get flagged as SPAM. You can read more about why that happens here

No-IP’s Plus Managed DNS works in multiple ways. Have a domain with us? Just add our Plus Managed DNS service to it and we do the rest. Have a domain registered somewhere else? That’s okay too! Simply purchase Plus Managed DNS and delegate your domain to our nameservers. If you don’t have a domain but want to add one, purchase Plus with Registration and choose the domain you want. We will register it for you and manage the DNS.

Have questions or need help? Don’t hesitate to reach out to our Support Team.