DNS and VPN questions

[ProxiMythe]

1.how does a dns bypass blocked websites?, I'm using private dns, one.one.one.one on my phone, and It is able to open blocked sites

2.what's the difference between VPN and dns?

3.can my isp still see what I browse when I'm using private dns?

4.is it true that some paid VPN can increase download speed?

5.if so how do they do that?

6.and if say my download speed is 10MBps, can paid VPN bypass the 10MBps limit that has been set by my isp?

[WindShaft]

You could use the 5G on your phone to bypass a blocked site, you don't need a VPN.

DNS doesn't change anything, you will still be blocked if its a regional block. A vpn could help if you know what region isn't blocked but you could also just use the 5g on your phone because it has less security risk etc..

I never paid for my VPNs.

and the VPN won't bypass the limit because you could also have other peoples traffic within the VPN.

[AOD_Vial8R]

DNS = Domain Name System = System that converts www.clanaod.net to 104.28.20.125 which is what routers go by.


VPN = Virtual Private Network = System that you run your traffic through so it appears that you are located in another physical location.

Overly-simplified/watered down version = Different DNS servers route traffic slightly differently. Some are faster than others depending on how congested they are, how often they update their routes between nodes, etc...A private DNS server could allow you to access some sites or content that is blocked by your ISP's system. Some block adult content for example. Using a DNS like 1.1.1.1, 208.67.220.220 will bypass your ISP's block. The second one is by opendns.com, which offers lots of other security features besides domain/IP conversion.

A VPN can be good or bad. You are basically intentionally routing all your traffic through a 3rd party, so if you happen to use one that is less reputable, you could basically give someone ALL your logins/etc. Also, depending on the route that the VPN uses, it could take all your traffic from your computer in New York, around the world to the external node in Sydney, just to connect to a website in Chicago. Which as you can imagine, is not as efficient as just using a different DNS than your ISP's default.

Sorry if any of that is confusing, just got off work. :)

[mikesdeman]

To expand on @AOD_Vial8R's post

1.how does a dns bypass blocked websites?, I'm using private dns, one.one.one.one on my phone, and It is able to open blocked sites

If your ISP is blocking websites via DNS that means that the default DNS servers that your router uses to convert domain names to IP addresses (ie what computer google.com is on so your computer can talk to it). By switching your DNS to a different server (eg 1.1.1.1 you effectively force your computer to ask a different DNS server for the lookups other than the one defined by your Router. This is why blocking via DNS is stupid - it is easy to bypass.

2.what's the difference between VPN and dns?

A VPN basically gives you a different gateway to the internet. Essentially you are connecting your computer to a new gateway through an encrypted tunnel. This means traffic goes through your router and ISPs network but they cannot read the traffic (because of the encryption). You can mess this up however for example if you do not route your DNS lookups through the tunnel, your ISP can't read your actual traffic, but can see what websites you have asked for the IP address. Crucially the tunnel is two way encrypted so your ISP cannot read what sites you are visiting and what data they are sending back (eg websites).

3.can my isp still see what I browse when I'm using private dns?

Tricky. If you are not using a VPN your and only private (or any other DNS server other than your ISPs), you are still routing normal traffic through your router and ISP network. Typically DNS lookups are done "in the clear" which means the lookups themselves are not encrypted. Your ISP can then read your DNS lookups even if it is not directed at their own servers by capturing the packets. You can be fairly certain they are doing this. Additionally once you have done the lookup the ISP can also see what IP addresses your computer is connecting to, and also the data between them. If you are connecting via https the actual data is encrypted and cannot be read, if http then the data is in the clear. So from using private DNS servers you are in the worst case telling your ISP what websites you are visiting and also all of the data sent to and from the websites. In the best case they can only see what IP addresses you are connecting to (but this is ONLY if you force all of your DNS lookups to be encrypted). This is different than using a VPN because the only IP address they can see if you are using this is the gateway IP.

4.is it true that some paid VPN can increase download speed?

This usually seen because using a VPN with software normally routes DNS through the encrypted tunnel. This shouldn't in itself speed up your connection but if your ISP's DNS server is shared by all of its customers and it is crap hardware (which it will be) this will largely be your "speed" bottle neck - your DNS lookups to connect the IP to the domain name. You can generally overcome this by just using private DNS servers. There are other more complicated issues that can also be relevant such as which route to a particular IP your traffic takes but all things being equal using a VPN should technically slow down your connection due to the additional overhead of encrypting and decrypting the traffic. So the short answer to this one is... it depends!

5.if so how do they do that?

See above (4).

6.and if say my download speed is 10MBps, can paid VPN bypass the 10MBps limit that has been set by my isp?

No. Your encrypted traffic still has to go through your ISP even if they can't read it. The packets go from your router over their line and they specifically limit the speed on the line of the packets, encrypted or not, no matter where they are going.

The answers are general, can be expanded, and if inaccurate please do let me know! You can explore the details by Google cos he knows everything.

[mikesdeman]

Just to add to my above, DNS has NOTHING at all to do with routing. It is simly a question and answer session for your computer to find out what the IP address a given domain holds. Question: what computer do I need to connect to to get the website for google.com. Your computer uses whatever DNS server it has set. That DNS server answer with an IP address. The next thing that happens is your computer forms the packets and sends off the packet with a header containing the IP address that is the destingation to your gateway who then decides how to route it. VPN changes your routing because it is a tunnel to a diffenet gateway to decide how to route the packets.

Additionally, just because you use a disreputable VPN doesn't necessarily mean you are giving up all of your logins. If you are using https then your traffic inside the already encrypted tunnel (should) be end to end encrypted meaning the VPN server administrator can't read any more data than your ISP could if you weren't using one. (Your ISP doesn't know all of your logins).

I have used the word gateway alot, a VPN doesn't actually change your physical gateway (that is still your ISP) its just a "virtual gateway" if you like!