Browser
Recommendations

Protect: DNS-request security

Yandex.Browser uses DNSCrypt technology, which protects users from DNS hijacking and spoofing.

Note. By default, DNSCrypt encryption is disabled.

DNS hijacking risks

Your computer needs an IP address to connect to internet sites. It's easier for users, however, to remember domain names (the letters comprising the site address) than to remember the string of numbers that make up an IP address. DNS is a widely-used system for retrieving the IP-addresses that correspond to domain names.

When a user enters a website address, this is what happens:

  1. The browser sends a request with the domain name to a special DNS server.
  2. The DNS server returns a response with the matching IP address.
Attention! The DNS-server request and response are transmitted openly, without encryption.

Not encrypting DNS requests means that:

  • The internet provider or network administrator can find out which sites a user is visiting.
  • Attackers can tamper with the response from the DNS server and redirect the user to a malicious site. For example, instead of going to a bank's website, a user might end up on a fake site that steals passwords.

DNSCrypt technology in Yandex.Browser

This is how DNSCrypt technology works:

  1. DNSCrypt encrypts requests sent from your computer using elliptical cryptography.
  2. Encrypted requests are sent to the DNS sever, which supports the DNSCrypt protocol.
  3. The DNS server then sends the encrypted IP-address to your computer.

Enabling encryption of DNS requests

To enable encryption of DNS requests:

  1. Click the icon  Settings.

  2. In the lower part of the Settings page, click the Show advanced settings button.

  3. In the Network section, select Use a DNS server with DNSCrypt encryption.
  4. Choose a DNS server from the drop-down list.
    Note. We recommend selecting the Yandex DNS server.