What’s the difference between a proxy, VPN and a DNS server?
DNS is like the phone book of the internet. A DNS server is what your computer uses to lookup where a given domain—such as reddit.com—points to (i.e. the IP address associated with that domain).
A proxy is basically a server/device that sits in-between you and the destination server. Often the proxy will simply relay/forward your traffic to the destination server so it appears (to someone else) like you’re just communicating with the proxy rather than the destination server. The proxy may also intercept requests though and return its own responses rather than forward the request on to the destination server. The behavior of the proxy depends on how it’s configured and what purpose it’s serving.
VPN stands for Virtual Private Network and it basically refers to a technology that allows you to securely connect to a remote private network over the internet. For example, you can connect to your employer’s computer network from your home computer using a corporate VPN and then you can access all your corporate network resources (e.g. corporate intranet, file servers, printers, etc.) as if you were physically in the office and connected directly to the employer’s network. When you access internet resources over a VPN connection, it’s as if you are accessing the internet from the remote network you are connecting to over VPN.
VPNs are also marketed commercially for people who are looking for a way to anonymize their internet traffic. These services will route your internet traffic through a VPN tunnel before it reaches the destination server.
This means that anyone on your side of the connection just sees you communicating with the VPN service and anyone on the other side of the connection just sees traffic coming from the VPN service (not from your computer/IP). You have to trust that the VPN service is not spying on your traffic though since they have full access to see what websites you’re visiting etc.
The difference between a proxy and a VPN is mostly that proxy is a more generic term that can refer to almost any sort of setup where there is an intermediary server or device that relays/fowards traffic on somewhere else. A VPN is specific type of system where you connect to a remote private network over a secure tunnel and your internet traffic gets directed through that tunnel. Proxies also sometimes only apply to certain types of traffic (e.g. HTTP/web traffic) whereas VPNs often route all your internet traffic through the VPN tunnel even if it’s not web traffic.
Proxy: A computer you are ordering to access the internet for you, sending you the data it received.
VPN: Encrypted connection to a different computer, allowing it to treat it and your computer as part of a separate network. Often used to connect to proxys and often used as a synonym for using a proxy.
DNS server: A kind of phone book that translates human understandable names (like www.reddit.com) into the IP address of a computer. For example, “www.google.com” will be translated (for me) into 216.28.213.196 - which is a kind of “phone number” for computers
Proxies and VPNs do something very similar. According to the OSI model, proxies work at the application layer, VPNs work at the data link/network layer.
DNS is basically a phone book, turning “www.reddit.com” into “151.101.1.140”.
But as you are asking in the context of proxies and VPNs, you are probably asking how those unblocking smart DNS services work…
Netflix DNS servers are set up to provide different answers to people in different regions, so that everyone uses a server close to them for a faster more reliable service. Austrian users will be using Netflix servers in (or at least close to) Austria, while Brazilian users will be using Netflix servers in Brazil. Logically, the Austrian Netflix servers have the Austrian Netflix library, and the Brazilian Netflix servers have the Brazilian Netflix library (content in both libraries is stored on both sets of servers.) The smart DNS services have been configured so that you will always get the address of (say) the American Netflix servers (and hence the American Netflix library) regardless of where you are in the world.
Or at least, that’s the way it used to work a few years back. Might have changed since then depending on whatever countermeasures Netflix put in place.
Therw are different letters in it.
Thanks a ton for the detailed reply. I’ve gotten a much better idea of what these terms mean now. But a question. The new DNS 1.1.1.1 is making a huge name for being a very secure DNS. If a DNS is akin to a book containing the the site names, why does it’s security matter? Or do they actually store the information which my computer looks upon it? Also, this is a bit off topic, but is there a way to verify how secure or how trustworthy these DNS’ or VPNs or even search engines like DuckDuckGo are(rather than just believing the company’s claims) ?
If a DNS is akin to a book containing the the site names, why does it’s security matter? Or do they actually store the information which my computer looks upon it?
It’s because by default your computer uses your ISP’s DNS server which makes it easy for your ISP to track what websites/domains you visit. Your ISP may also keep logs of this information for months or even years. In some cases your ISP may also use DNS to block access to certain websites or change where they route to which can be circumvented by using a third-party DNS server.
When you use a service like 1.1.1.1, you can bypass your ISP’s DNS server and instead send your DNS requests to a trusted third party. That way you can make it more difficult for your ISP to track what websites/domains you are visiting, and if the DNS requests to the third party service are encrypted then even deep packet inspection technologies cannot be used to determine what domains/websites you are requesting.
Also, this is a bit off topic, but is there a way to verify how secure or how trustworthy these DNS’ or VPNs or even search engines like DuckDuckGo are(rather than just believing the company’s claims) ?
No, not really. You just have to trust them. Some of these companies have been subpoenaed to provide testimony in court though and through public court records you can see whether in fact those companies do have logs or whether (at least in court) they claim to not have logs.
It’s also worth noting that search engines like DuckDuckGo make no claims regarding data security (as far as I know), their big focus is instead on data privacy. These are two different things, although a breach in data privacy is often caused by a breach in data security.
The difference is that data security is all about restricting system access to only authorized individuals (e.g. employees of the company). So if a hacker can exploit a vulnerability to get access to a system (or information) that they are—at a technical level—not supposed to be able to access, that’s a security issue.
Data privacy, on the other hand, is all about making sure that only the personal data that needs to be collected/processed gets collected/processed and that the organization collecting the data only makes it available to others for (a) purposes which the data subject agrees to, (b) purposes which are necessary for the functioning of the service/application, (d) purposes of fulfilling legal/compliance obligations, (c) urgent purposes relating to medical or national security emergencies, or (e) purposes for raising awareness about a matter of legitimate public interest (e.g. news/journalism).
Anyway the point is that although data security and data privacy are interconnected, they are also independent of each other. You can have a secure system that isn’t very private and you can have a private system that isn’t very secure. Data security basically deals with how well protected data or systems are from hackers. Data privacy basically deals with what steps an organization takes to minimize personal data collection and make sure personal data is only used/shared as necessary for legitimate purposes.