Newbie here; how can domains know what my ISP is?
Hello NextDNS users,
I have recently gotten into privacy a lot more and started using NextDNS. I have set it up correctly, I think. The reason why I think I did is because I get a 'running' result to the 'nextdns status' query.
I have incidentally went on a What-is-my-IP-address kind of site and, to my surprise, learned that it knew what ISP I'm using. On top of that, they are reporting a IP address that is roughly correct, which is perplexing me. However, I'm not sure whose IP that is: mine or mine ISP.
I have checked the settings on my.nextdns.io and they are set to hide my IP address.
A little help clarifying this would be nice. Thanks
2 replies
-
First, let me say that NextDNS is not a VPN service. You can't hide your IP address from sites that you browse to using NextDNS.
If you're referring to the Anonymized EDNS Client Subnet setting, that is related to content delivery networks and manipulating a DNS extension to prevent the CDN's DNS servers from getting info about your ISP (the subnet that your IP address is part of). This doesn't block your IP address from sites you visit, just from the DNS servers of the CDN service that a site may use.
The only way to prevent a website from knowing your IP address is to use a VPN service. Then the site will get the IP address of your VPN service, and your VPN service potentially knows everywhere that you browse to (so make sure that you trust your VPN service).
-
DNS vs VPN
- DNS = Domain Name System acts as the phonebook of the internet. It can help improve the speed, security, and filtering (ads/porn/malware) of websites and services you need access to.
- Usually only the lookup portion is encrypted (eg: DoH/DoT)
- Your Real IP stays visible (with few exceptions, like said) to those sites/services you access.
- VPN = Virtual Private Network acts as a middleman for your internet connection. It provides the ability to improve your privacy, anonymity, location Spoofing.
- Websites and Services will see your VPN IP, not your real IP
- NOTE: VPN services are not foolproof. Websites/Services can block some VPN services, for a number of reasons.
- All your internet traffic between you and the VPN service is encrypted
- You gain some additional VPN features and services, like geo-unblocking for sites/services that are region locked.
- Websites and Services will see your VPN IP, not your real IP
Bottom line... From a cybersecurity perspective; a VPN only hides your connection (your ISP / MITM), not your persona. Connecting through VPN's is like putting a mask on while still wearing your name tag. Without a holistic approach to decouple your identity from your hardware (clean your browser and harden the OS), you are NOT truly incognito! You're just a known user connecting from a different building. Without the proper hardening, using a VPN service may provide some benefits (geo-unblocking), but it's basically just extra latency for zero privacy (if that is your concern).
- DNS = Domain Name System acts as the phonebook of the internet. It can help improve the speed, security, and filtering (ads/porn/malware) of websites and services you need access to.
Content aside
- 2 days agoLast active
- 2Replies
- 57Views
-
2
Following