Protect: secure DNS requests

The Yandex Browser beta version has the Protect integrated security system with DNSCrypt technology to protect users from interception and substitution of DNS requests.

Note. By default, DNSCrypt encryption is disabled.
  1. DNS hijacking risks
  2. DNSCrypt technology in Yandex Browser
  3. Enabling encryption of DNS requests

DNS hijacking risks

To access an internet site, you need to know its IP address. It's easier for users to remember domain names (the letters comprising the site address) than the string of numbers that make up the IP address. DNS is a distributed system for getting the IP addresses that correspond to domain names.

When a user enters a website address, this is what happens:

  1. The browser sends a request specifying the domain to a special DNS server.
  2. The DNS server returns a response with the appropriate physical IP address.
Attention. The DNS server request and response are transmitted openly, without encryption.

The lack of encryption means that:

  • The internet provider or network administrator can find out which sites a user is visiting.
  • Attackers can tamper with the response from the DNS server and redirect the user to a malicious site. For example, instead of going to a bank's website, a user might end up on a fake site that steals passwords.

DNSCrypt technology in Yandex Browser

  1. DNSCrypt encrypts requests sent from your computer using elliptical cryptography.
  2. Encrypted requests are send to the DNS sever, which supports the DNSCrypt protocol.
  3. The DNS server then sends the encrypted IP address to your computer.

Enabling encryption of DNS requests

  1. Click  → Settings.
  2. Go to the Protect tab at the top of the page.
  3. In the Secure connection section, enable the Use DNS server for DNSCrypt encryption option.
  4. In the drop-down list, choose a DNS server that you trust.
    Note. We recommend selecting the Yandex DNS server.
Note. After encryption is enabled, Yandex Browser sends requests to the selected DNS server. If this server is unavailable, Yandex Browser is unable to get IP addresses, and the internet stops working. To prevent this, enable the Use system resolver if DNS server with DNSCrypt is unavailable option.