Browser (classic interface)

Protect: protecting DNS requests

Yandex.Browser uses the DNSCrypt technology, which protects users from DNS hijacking and spoofing.

DNS hijacking risks

Connecting to an internet host requires information about its IP address, and it is easier for users to remember letter-based addresses than the sequence of numbers in an IP address. DNS is a distributed system that takes a request containing a domain name and gets its IP address.

When a user enters a website address, this is what happens:

  1. The browser sends a request specifying the domain to a special DNS server.
  2. The DNS server returns a response with the appropriate physical IP address.
Attention! The request to the DNS server and the response are transmitted openly, without encryption.

The lack of encryption means that:

  • The internet provider or network administrator can find out which sites a user is accessing.
  • Attackers can tamper with the response from the DNS server and redirect the user to a malicious site. For example, instead of going to a bank's website, a user might end up on a fraudulent resource that steals passwords.

DNSCrypt technology in Yandex.Browser

The DNSCrypt technology encrypts DNS requests and protects them from interception. All encrypted requests are sent to the Yandex DNS server, which also supports the DNSCrypt protocol.

Note. By default, DNSCrypt encryption is disabled.

Enabling encryption of DNS requests

To enable encryption of DNS requests:

  1. Click the button

    In the top right corner of the browser window

  2. In the lower part of the Settings page, click the Show advanced settings button.

  3. In the Network section, select Use a DNS server with DNSCrypt encryption.
  4. Choose a DNS server from the drop-down list.
    Note. We recommend selecting the Yandex DNS server.