DNS Resolver

Public DNS that makes your internet safer.

Speed up your connection while staying protected from threats, no downloads or installs required.

Network-level protection from popular threats

fish

Phishing

bug

Malware

megaphone

Advertising

How it works

DNS is a technological backbone of the internet, providing helpful directions for traveling computers looking to access public resources and services. It's GPS, but for the internet.

Equally, DNS offers providers like us the ability to add a level of security by stopping the resolution of malicious traffic and destinations. Danger you can't access, is less danger from the start.

DNS is all but a mandatory service if you wish to browse the internet. Equally, it makes sense that if you can add effortless protection in a set-and-forget manner, you do so.

User requests a website

When a user wants to visit a website, they typically start by typing the website's domain name into a web browser's address bar. At this point, the browser initiates a request to visit the specified website.

Resolver lookup

To translate the domain name into the corresponding IP address, the browser sends a query to a DNS resolver. The DNS resolver is a critical component in the DNS resolution process. It acts as an intermediary between the user's browser and the DNS infrastructure.

The DNS resolver plays a crucial role in resolving domain names to IP addresses. It is often provided by the user's Internet Service Provider (ISP), but it can also be a public resolver like Google's Public DNS, Cloudflare's 1.1.1.1, or others.

When the DNS resolver receives a query from the browser, it starts the process of resolving the domain name. The resolver first checks its cache to see if it has a previously resolved IP address for the domain. This cache allows for faster retrieval of frequently visited websites since the resolver doesn't need to make additional queries.

Authoritative DNS Server Query

If the IP address is not found in the cache or if the cache is expired, the resolver proceeds with querying the authoritative DNS server responsible for the domain. The authoritative DNS server is the one that holds the DNS records for a specific domain.

Recursive Process occurs

The resolver sends a request to the authoritative DNS server, typically via a series of other DNS servers in a recursive manner. The authoritative DNS server receives the query and looks up the requested domain name in its DNS records.

Caching and response

Once the authoritative DNS server finds the IP address associated with the domain name, it sends the response back to the resolver. The resolver then caches the IP address for future use and returns it to the user's browser.

With the IP address in hand, the browser can establish a connection with the web server hosting the website. This connection allows the browser to retrieve and display the web page content, enabling the user to access the desired website.

Got questions?

What is DNS?

DNS stands for Domain Name System. It is a fundamental component of the internet that translates human-readable domain names, like www.example.com, into machine-readable IP addresses, such as 192.0.2.1. This translation enables users to access websites, send emails, and perform various online activities by using familiar domain names instead of having to memorize numerical IP addresses, because it wouldn't be very hip to tell your friends to check out your latest video at 172.555.126.192/content/files/video/epicclip.mp4.

 
What is an "authoritative" DNS server?

An authoritative DNS server is a DNS server that holds the official and up-to-date DNS records for a particular domain. It is responsible for providing the authoritative answer (or response) to DNS queries for that domain. When a domain name needs to be resolved to an IP address or other DNS records, a DNS resolver contacts the authoritative DNS server for that domain to obtain the accurate information.

Authoritative DNS servers are designated by the domain owner or administrator and are responsible for storing the zone files, which contain the DNS records for a specific domain. These records include information such as the IP addresses associated with the domain, mail server settings, subdomains, and other relevant DNS data.

When a DNS resolver receives a query for a domain, it first contacts the root DNS servers to determine the authoritative DNS server for that domain. The resolver then queries the authoritative DNS server to obtain the correct DNS records, which it then returns to the requesting client.

Can BeeHive censor what I see?

DNS is, again, more akin to a street sign.

Technologically, we could provide your browser with misleading data or otherwise cause the DNS resolution to fail for sites at wish, yes.

However, we can't alter the served locations OF the sites, nor hide them from you if you simply used another DNS provider. We also can't inject into the page that you're viewing, meaning that we can't "filter" or "manipulate" what you're shown. If you're accessing a site and we allow the resolution of it, you're served the page in it's pure, source format.

What types of content do/will you block?

We automatically detect and block websites and domains used for phishing, malware sharing or distribution unethically, known "command and control" endpoints, and more un-particularly-explainable threat types, in the spirit of security.

After human request and/or manual review, we may additionally choose to include websites in our blocklist that:

  • Distribute factually incorrect information without satirical reflection or guise (TLDR: purposeful misinformation)
  • Are used to deliberately incite users into a mislead reaction
  • Are used for fraudulent purposes outside of those of a "detectable thru automation" nature
  • Immediately provide information or request an action that could create a large-scale and immediate threat to human life, safety, or security
  • Host services or material depicting, promoting, or facilitating the sale, transfer, exchange, or sexual/non-sexual abuse of a minor
Does BeeHive participate in political censorship or manipulation?

No, when we decide to block a threat, it is not in regard to simple political or subject-matter disagreement.

As a security vendor we have a responsibility to create solutions to protect others, and as an intelligence provider we have a responsibility to know, and influence, "what's next". Sometimes, the easiest way to stop a problem, is to not let it go in the first place.

DNS is not meant to be used as a heavy-handed filtration tool, and we do not apply it as such in terms of the content sharable or viewable on 3rd party platforms. We cannot interact with, or filter, how you express yourself, your political views, your opinions...and to be honest with you, we probably can't change them either.

However, if directly abusive or inciting content is brought to our attention, we have a responsibility to address it, and potentially block it, if it poses a genuine danger to the imminent state of life, safety, or security for a wide-scale audience.

SUMMARIZED

We will not attempt to blacklist entire platforms due to disagreeing content from individual users, on platforms where it's a clear impracticality to have humanly moderated the content.

Your posts on X commenting on Donald Trumps' consistent Cheeto-esque color, complaints about Joe Biden's shoulder-sniffing frequency, and shitposts about various alphabet agency investigations, can live on. We probably never cared about them to begin with.

However, it's unlikely for us to not end up blacklisting "buildabombandleaveitattheairport.biz", as there is no point, at all, in any sane society, to build a device and leave it at an airport, nor host a website that provides the instructions for it. While we understand that some may view this as "censorship," we assure you that we are comfortable with this approach as it is a minor task for us to handle.

This is a mentally applicable rule to any type of content. This answer is provided in the spirit that you, a hopefully mentally sane and sound person, can consider the types of content being hosted or provided, and the consequences they could result in, when wondering if we "would" block something at any point in time in the spirit of security.

How do I start using your DNS?

Setting DNS isn't particularly the easiest thing to do on every computer, as for most deployments, you'd prefer your DNS be given to you automatically.

Regardless of your operating system or network environment, you can take advantage of our DNS Security by setting the following values in your computer's network or wireless configuration:

filter.beehive.systems

or

172.233.234.254

 

Our DNS-over-HTTPS Query Format is

filter.beehive.systems/dns-query

You might need this. If you do, you'll know. If you don't, you won't.

For a secondary, aka "backup" resolver, we recommend entering Cloudflare's 1.1.1.1 resolver; it's fast, reliable, and as close enough to surveillance-free as you'll get from a large corporation, but, you're free to choose another if you're advanced enough of a user to just have spare DNS resolvers laying around.