Public vs. private DNS servers

public DNS vs private dns

Domain Name System or DNS is one of the key components of inter-system communication allowing the internet to function. DNS systems make it easier for people to browse the web by acting as telephone books containing IP addresses that a computer could use to initiate communication. As all DNS servers are connected, this creates a colossal structure on which the internet is founded.

Having said that, many options exist for how a DNS server could be set up within an organization. This article will review the different types of DNS server setups, highlighting the main differences between public and private DNS servers, their use cases and unique properties.

A short recap of DNS

Every internet user and domain has an assigned IP address. Communication between servers and devices happens via IP address exchanges, not host names. DNS servers convert domain names into IP addresses. This process allows systems to communicate across the internet.

Due to the connected nature of the whole system, if a DNS server lacks a needed IP address, it asks other DNS servers through a series of queries to find the address. These constant exchanges among the DNS servers also help to eliminate various redundancies and help to keep the data up to date.

Every device typically uses a DNS server provided by the Internet Service Provider (ISP) by default, but users can configure their devices to use different DNS servers. This creates a distinction between public and private DNS servers.

What is public DNS?

A public DNS is a service that translates domain names into IP addresses for the general internet. It first appeared to simplify and direct internet traffic for users globally. Public DNS servers are accessible to anyone with an internet connection and are often provided by internet service providers or third-party companies. These servers are most commonly used by individuals and organizations that do not require a private network for their DNS queries. They offer a straightforward and efficient way to navigate the web, helping users access websites quickly and reliably.

What is private DNS? 

A private DNS is a service that operates within a specific organization, managing queries only for its internal network. It was developed as businesses needed secure methods to handle their communications internally. 

Private DNS restricts its service to an organization’s network, keeping internal addresses hidden from the external internet. This is typically used in corporate settings to maintain privacy and control over DNS records. It helps increase security by reducing the risk of external attacks. 

Private DNS servers can make your network safer by restricting external access. However, their effectiveness in security really depends on how well they are set up and managed.

Public vs. private DNS servers

Organizations often combine public and private DNS servers for their day-to-day operations. One of the most common setups involves maintaining an external authoritative DNS server that handles public queries and a separate one containing authoritative information provided by public DNS.

Keeping public and private DNS servers separate isolates your network from the internet. This method helps to build layers of security by keeping internal DNS data private. Here are the principal benefits of private DNS servers over public ones.

  • Reliability. Separate DNS servers can provide better uptime. This means you won’t have to deal with the blank screens telling you that the DNS server is down.

  • Filtering content. If you want tighter control of the content that’s allowed to access, switching a DNS server can help to achieve stricter content controls. That way, blocking particular websites or their entire categories is possible.

  • Security. DNS servers can also be used as one of the methods to deter various cybersecurity threats. Some of them boost stronger security measures like advanced security and encryption protocols.

While this setup means extra work for network administrators, this can be essential work to provide the best possible security.

What are DNS risks?

Even when having an in-house DNS server, this does create additional problems. To ensure the network’s security, each user must use the company’s proprietary server. However, it can be pretty difficult, especially when a business has a bring-your-own-device (BYOD) policy. Such users can switch DNS servers anytime, putting the company at additional risk.

From the administrator’s side, having control of a DNS also means limiting the harmful websites available to any given user. This acts as an additional barrier to protect the endpoints protecting the company’s resources.

How can NordLayer Custom DNS help?

chart of NordLayer's custom DNS solution

NordLayer clients can use their own private DNS servers without needing to configure them per device. Our Custom DNS feature allows clients to apply a currently used private DNS solution to NordLayer Virtual Private Gateways. Additional features like DNS Filtering enhance the overall security by allowing clients to precisely customize what content they should access while connected to their Virtual Private Gateway. This results in a much more secure solution than relying on publicly available DNS servers.

NordLayer-connected users can’t change the company-assigned DNS servers into something else. On the other hand, users that don’t have their own DNS set up can use the ones provided by NordLayer.

In the end, NordLayer can seamlessly integrate into your company’s IT infrastructure no matter what DNS setup you're currently using. This significantly contributes to providing well-rounded cybersecurity care to prevent various risks associated with DNS operations. Contact us to learn more how we can help your business.

Share article


Copy failed

Protect your business with cybersecurity news that matters

Join our expert community and get tips, news, and special offers delivered to you monthly.

Free advice. No spam. No commitment.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.