Noob quetsion Why there is a dns ( 192 168 * * ) with my google dns that my router is using? And the most important point, Is it safe to use?

If someone attacked my network would my dns ( 192 168 * * ) be a privacy concern?

  • BestBouclettes
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    Addresses within the 192.168.0.0/16 (192.168.0.0 to 192.168.255.255) range are private (as in, they cannot be routed to the internet). This means that this address is probably your router. It’s most likely doing your local name resolution. It fallbacks to Google DNS if it cannot resolve the address it’s looking for. It’s a fairly normal configuration.

    Using Google DNS is not very private and you could use something such as Unbound to resolve and cache DNS locally.

    Also if someone enters your network, you’ll probably have other concerns to worry about, like finding the source of the breach (like an exposed service on the internet). I guess they could poison your DNS cache but I’m not sure if it’s a widespread kind of attack for home networks.

  • Vampire_Duchess@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    check dnsleaktest website and see which servers are returning, if your dns is google or is your isp dns you will know there.

    if you want more privacy replace your dns servers with cloudflare o quad9, if you want more privacy maybe consider upgrade to DNS over TLS (DOT) or HTTPS over DNS (DOH).

    You can do this with a dns filtering server like AdguardHome or Pihole. While you block ads and telemetry in your network.

    and if you even want to level up consider selfhost your own recursive dns server with unbound + AdguardHome or Pihole.

  • Vogete@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    What?

    Okay, little bit of DNS basics:

    if you run a commercial router at home, that runs a DNS recursor, which by default just queries your ISP DNS server, which queries another one, and so on. It’s DNS recursors all the way down. If you configure your router to use google’s DNS, now you’re just querying from Google instead your ISP.

    You can also run a DNS recursor (and/or an authoritative server) separately (e.g Pihole, Bind9, PowerDNS, etc.) inside your network, and nobody else but you will have access to it. As long as you don’t expose the service directly to the wide Internet (so nobody can connect), you’re fine. DNS will work for you, but nobody else.

    Also, 192.168.x.x IP addresses are private IP addresses, it’s only routeable inside your network. Nobody outside can access your stuff with those IP addresses.

    I don’t know what the question was, but I’m hoping somewhere here you found some information that will help google/bing/duckduckgo around and provide you an answer. There are a lot of sources online for understanding DNS and networking, so you should look into that a bit.