The Domain Name System (DNS) is used by your Mac to access websites. The DNS is invisible to an extent that many don't even know it exists. All websites linked to the Internet is assigned with an IP address. Your PC will be able to load a website once you type the website's IP address into a web browser.
You may find it difficult to remember an IP address, and hence the DNs was developed to map easy to remember domain names like onto IP addresses containing only numbers. After typing a URL into web browser's address bar and clicking Enter, your PC will then contact a DNS server to identify the IP address linked with the domain name. DNS is considered to be a directory of all websites in the whole wide world. It is more like a huge giant phonebook containing the IP addresses for all of the websites available on the Internet.
Why Change Your DNS Servers?
All Internet service providers operate their own DNS servers. For instance, when you buy Internet access from a particular company, your Mac will automatically use that company's DNS servers. This is actually not an issue unless the service provider's DNS servers suddenly become unavailable. This issue will prevent your Mac from loading any websites.
How to change, add, and edit DNS server setting on Mac:
- Start with the Apple menu and select "System Preferences"
- Select the "Network" control panel, choose your network interface from the left side ("Wi-Fi" or "Ethernet" for example).
- In the lower right corner of the Network window, click the "Advanced" button
Select the "DNS" tab shown on the top of the screen,
- To add a new DNS server: click on the [+] plus button
- To edit an existing DNS server: click twice on the DNS IP address you wish to change
- To remove a DNS server: select a DNS server IP address and then click either the [-] minus button or hit the delete key
- Click on the "OK" button after making changes to the DNS settings
- Click on "Apply" to activate the DNS changes, close out of System Preferences
Initially, the topmost DNS servers will be accessed, and hence you may want to place the best performing servers near the top of the list in order to gain the best results.
Protect Your Mac from DNS Attacks
Security exploits are increasing these days and we find that they not only affect computers and other smart devices but also affect whole networks. DNS are considered to be a major security exploit when compared with several other security exploits executed by hackers to either damage network infrastructures or steal valuable information.
Some of the key DNS attacks include:
Denial of service (DoS)
In this attack, the attacker renders a computer to be inaccessible to the user by flooding the system with traffic or by making a resource unavailable.
The attacker will spoof his/her IP address while executing an attack. This attack focuses on constantly changing location-based data just to hide where exactly the attack is coming from. This will actually hide the attacker's real location, giving him/her all the time required for exploiting the attack.
In this attach, the attackers send an increasing number of queries while spoofing their own IP address and by using the victim's source address. When these queries get answered, they will eventually get redirected to the victim.
Reflective amplification DoS
A flux gets activated when the size of the answer is significantly larger than the query itself, causing an amplification effect. This attack employs the very same method as a reflected attack, but it will additionally overpower the user's system's infrastructure.
- Distributed denial of service (DDoS) The attacker controls a large number of computers in order to spread malware and also flood the victim's computer with overloading traffic. Eventually, this will result in the system getting overloaded and ending up in a crash.
- DNS spoofing Attackers drive the traffic away from real DNS servers and redirect them to a "pirate" serve. This could lead to theft or damage of a user's confidential data.
Basic tips to prevent DNS attacks
- The DNS cache should be cleared on local and also wide area networks.
- A good firewall should be installed.
- Host the organization's architecture on varied servers because if one server is attacked by DDoS then the other server will instantly take over and survive the attack.
- The computer or network should be encrypted with a dependable encryption tool.
- DNS servers should always be updated and checked on a constant basis to make sure that their security patches are up-to-date.
- The resolver should be restricted for external users in order to prevent cache poisoning.
Use Comodo cWatch to Prevent DNS Attacks
cWatch Web is a web security tool developed by Comodo, a cybersecurity company. This is a Managed Security Service (MSS) functioning in a Security-as-a-Service (SaaS) model. This software runs on Comodo's high capacity cloud in order host the detection/protection software at geographically placed servers distributed all over the world. cWatch offers its services via professional team working 24/7 to solve all your web security related issues.
cWatch is available with the following key features:
Web Application Firewall (WAF)
WAF works at all web servers in the CDN acting like a customs inspection point to detect and filter out content like embedded malicious website code.
It is possible for unsuspecting websites to get infected with malicious code. cWatch Web has been specifically engineered to provide protection from malicious actors.
Security Information and Event Management (SIEM)
SIEM is considered to be the brain of the cyber security stack that handles real-time security monitoring, advanced threat detection, incident management and forensics.
- Content Delivery Network (CDN) Delivers web content at a faster rate by caching at several global data center servers to shorten distance to local servers, provide security, and meet traffic spikes.
Higher Search Engine Optimization (SEO)
A universal system of distributed servers to enhance the performance of websites and web applications.