Protect: secure DNS requests
Yandex Browser features an integrated security system called Protect, which uses the DNS over HTTPS (DоH) technology to safeguard users against interception, data manipulation, and subversion of DNS requests.
Note
By default, DoH encryption is disabled, but you can enable it.
DNS hijacking risks
To access an internet site, you need to know its IP address. It's easier for users to remember domain names (the letters comprising the site address) than the string of numbers that make up the IP address. DNS is a distributed system for getting the IP addresses that correspond to domain names.
When a user enters a website address in Yandex Browser without using encryption, the following occurs:
- The browser sends a request specifying the domain to a special DNS server.
- The DNS server returns a response with the appropriate physical IP address.
Alert
The DNS server request and response are transmitted openly, without encryption.
The lack of encryption means that:
- The internet provider or network administrator can find out which sites a user is visiting.
- Attackers can tamper with the response from the DNS server and redirect the user to a malicious site. For example, instead of going to a bank's website, a user might end up on a fake site that steals passwords.
DoH technology in Yandex Browser
DoH uses encryption to protect users from DNS hijacking and spoofing. When you enter a website address in Yandex Browser with encryption enabled:
-
DoH encrypts the DNS request from your computer using the TLS protocol.
-
The encrypted request is sent to DNS servers with DoH support as HTTPS GET and POST requests.
-
The DNS server then sends the encrypted IP address to your computer over the HTTP or HTTP/2 protocol.
As a result of encrypting the sessions between your Yandex Browser and the DNS server:
-
Network administrators and ISPs can't track your DNS requests and find out what websites you visit.
-
Attackers can't change the DNS server's response and redirect your Yandex Browser to a fraudulent website.
Enable encryption of DNS requests
-
Press → Settings.
-
Go to the Security tab at the top of the page.
-
In the Secure connection section, enable Use a secure DNS server.
-
Select a service provider from the drop-down list, if necessary. By default, the setting is set to Use the current service provider.