DNS is known as the address book of the Internet: when you want to visit a website you will know its hostname, such as www.networksinthenews.com. In reality the website is hosted on a webserver which can be reached at a specific IP address. So how to find that address? Simple, you ask a DNS server!
In recent years, the use of DNS has become more and more of a privacy headache. In the old days, most of our communication over the Internet was not encrypted. That made it relatively easy for hackers to eavesdrop. These days, more and more websites support HTTPS: encrypting the traffic makes it impossible (or at least much harder) to listen in. But before we can reach that website, we’ll need to know its IP address and for that we’ll first need to perform – indeed – an unencrypted DNS query.
DNS traffic is typically still unencrypted and that’s where our troubles begin: for each website we visit, we’ll send a request over the Internet, asking DNS for the IP address for that hostname. This means that anyone monitoring our DNS traffic will get an easy listing of all the websites we’re visiting. To that end, it’s in fact much easier for a hacker to just focus on our DNS traffic, instead of trying to analyse every single bit of data we transmit. And it’s not just hackers we should worry about, but also our own Internet Service Providers keeping track of us. All of this was not lost on goverments trying to censor the Internet either: a simple way to block access to unwanted sites is to just block the DNS requests for those hostnames.