FBI guidance document on checking your computer’s DNS settings (PDF) – mainly applies to most regular-computer operating systems
My Comments and explanation
What are DNS servers?
The DNS is the Internet’s phone book
The Domain Name Servers are effectively the Internet’s “telephone directories”. In this analogy, you may be thinking of calling a particular person or business in a particular area, but you don’t know their phone number. So you would have looked up the White Pages telephone book and searched this book by name and location till you found their number which you would dial to make that call. If you couldn’t find it in that directory, you would proceed to call a published “Directory Assistance” number like 411 in the USA, 192 in the UK or 1223 in Australia to ask for that number.
With the Internet, each computer is addressed by a particular IP address which effectively is the computer’s or network’s “phone number”. But it would be hard to remember these addresses for the Web sites we visit or the email servers we send the emails to. The Domain Name Servers take up the role of the telephone directories of the Internet by mapping the human-understandable Web addresses and domain names like homenetworking01.info to the IP addresses that are these sites and resources’ actual locations on the Internet.
How are these determined in your computer or network?
In most cases, the details about what DNS servers to use are passed on to your computer or other device through your home network by the router every time each piece of equipment on that network uses the DHCP protocol to get information from that device about where it stands in your network like its IP address. The router typically gets these details from your Internet provider’s servers every time it sets up the Internet connection with your Internet provider as part of asking the servers where it stands in the wider world of the Internet.
It is feasible to configure a DNS server list for a particular computer, device or network using the operating system’s network-settings interface or the Web-based management interface in the case of your router. This is a practice that is commonly done by corporations with their private networks to create human-readable identities to particular servers or networks that host particular resources.
Why does the DNS appeal to computing’s “bad actors”?
The DNS appeals to computing’s “bad actors” because it allows one to redirect a particular domain name to a different IP address that what it is supposed to go to. This can be to a Web server that is loaded with malware, existing as one of many different traps for users to supply information that is confidential to them or their organisation; or to keep them away from sites that provide proper information like security updates for your computer in order to make it easier for the network to be used by the Internet’s “bad actors”.
For email, it can also be about creating “honeypot” addresses that take advantage of domain-name typos in order to catch confidential email that is mistakenly addressed.
It can also be used as part of a concerted attempt against Websites by setting up “click-fraud” or “malvertisement” activities against advertising networks or their stakeholders i.e. the advertisers and publishers by sending users to or through dodgy Websites instead of to the advertiser’s campaign landing page.
This modification can be caused by malware that modifies the computer’s DNS settings or gets at these settings on a home-network router that hasn’t been properly set up with a password to affect the settings that everyone on the network knows.
Keeping the DNS settings safe
The first step is to know what the DNS settings are to be for your computer and network. Here, this should be found out from your Internet service provider or the IT support staff at your workplace.
Check the DNS settings on your equipment to make sure they reflect what these settings are meant to be. Most platforms will show these details in a “Network Connections” option like the “Control Panel – Network And Internet – Network And Sharing Center” in Windows 8 and 8.1, or “[Apple] – System Preferences – Networking” on the Macintosh OS X. Windows users can use the Command Prompt to obtain these details by typing “ipconfig /all” to obtain the full details about their network connection. Most other network-enabled devices like Smart TVs and network printers have these details as part of the “Network” or similar settings, typically as part of a “troubleshooting” or “settings” menu.
Infact, if you suspect that malware has got at your computer because it appears to go to different Websites than what you asked for, make a “spot check” on your network’s DNS settings using your games console’s, smart TV’s or network printer’s user interface to see if your router has been “got at” by the malware.
As for your router, check the DNS settings in your WAN, Internet, Network or DHCP settings menu in its Web-based management page. The router’s management password should also be set to a password other than the default password so that any DNS-changing malware can’t change these settings for the home network and is something you need to do as part of commissioning a new router. Most of these routers also allow you to export the settiings to your computer’s secondary storage and import them back to the router. This is a practice that is worth doing once you have all the settings in place so that if you reset the router to “ground zero”, you can keep your configuration.
As well, practicing good computer housekeeping like “think before you click” on email and Website links and keeping your desktop security software and operating system up-to-date with the latest security patches is a prudent step towards keeping away from malware that can change your network’s DNS addresses. For mobile and other “platform” computing environments like iOS, Android or your smart-TV environment, researching on apps provided by that app store is also a prudent way to go about keeping the DNS information safe.