Surf and Browse on Lockdown
BeeHive's Secure DNS helps protect you from abuse, advertising, and misinformation as you traverse the internet
Effortless protection from the most popular categories of web threats
Command & Control
It's Google Maps, but for the internet...
DNS is a technological backbone of the internet, providing helpful directions for traveling computers looking to access public resources and services. Equally, DNS offers providers like us the ability to add a level of security by stopping the resolution of malicious traffic and destinations. Danger you can't access, is less danger from the start.
How DNS Works
User Requests a Website
When a user wants to visit a website, they typically start by typing the website's domain name into a web browser's address bar. At this point, the browser initiates a request to visit the specified website.
DNS Resolver Lookup
To translate the domain name into the corresponding IP address, the browser sends a query to a DNS resolver. The DNS resolver is a critical component in the DNS resolution process. It acts as an intermediary between the user's browser and the DNS infrastructure.
The DNS resolver plays a crucial role in resolving domain names to IP addresses. It is often provided by the user's Internet Service Provider (ISP), but it can also be a public resolver like Google's Public DNS, Cloudflare's 220.127.116.11, or others.
When the DNS resolver receives a query from the browser, it starts the process of resolving the domain name. The resolver first checks its cache to see if it has a previously resolved IP address for the domain. This cache allows for faster retrieval of frequently visited websites since the resolver doesn't need to make additional queries.
Querying Authoritative DNS Server
If the IP address is not found in the cache or if the cache is expired, the resolver proceeds with querying the authoritative DNS server responsible for the domain. The authoritative DNS server is the one that holds the DNS records for a specific domain.
The resolver sends a request to the authoritative DNS server, typically via a series of other DNS servers in a recursive manner. The authoritative DNS server receives the query and looks up the requested domain name in its DNS records.
Caching and Response
Once the authoritative DNS server finds the IP address associated with the domain name, it sends the response back to the resolver. The resolver then caches the IP address for future use and returns it to the user's browser.
With the IP address in hand, the browser can establish a connection with the web server hosting the website. This connection allows the browser to retrieve and display the web page content, enabling the user to access the desired website.
Got questions? The answers may be here...
What is DNS?
DNS stands for Domain Name System. It is a fundamental component of the internet that translates human-readable domain names, like www.example.com, into machine-readable IP addresses, such as 192.0.2.1. This translation enables users to access websites, send emails, and perform various online activities by using familiar domain names instead of having to memorize numerical IP addresses, because it wouldn't be very hip to tell your friends to check out your latest video at 172.555.126.192/content/files/video/epicclip.mp4.
What is an "authoritative" DNS server?
An authoritative DNS server is a DNS server that holds the official and up-to-date DNS records for a particular domain. It is responsible for providing the authoritative answer (or response) to DNS queries for that domain. When a domain name needs to be resolved to an IP address or other DNS records, a DNS resolver contacts the authoritative DNS server for that domain to obtain the accurate information.
Authoritative DNS servers are designated by the domain owner or administrator and are responsible for storing the zone files, which contain the DNS records for a specific domain. These records include information such as the IP addresses associated with the domain, mail server settings, subdomains, and other relevant DNS data.
When a DNS resolver receives a query for a domain, it first contacts the root DNS servers to determine the authoritative DNS server for that domain. The resolver then queries the authoritative DNS server to obtain the correct DNS records, which it then returns to the requesting client.
Does this allow you to potentially censor what I see?
DNS is, again, more akin to a street sign.
Technologically, we could provide your browser with misleading data or otherwise cause the DNS resolution to fail for sites at wish, yes.
However, we can't alter the served locations OF the sites, nor hide them from you if you simply used another DNS provider. We also can't inject into the page that you're viewing, meaning that we can't "filter" or "manipulate" what you're shown.
What types of content do you, or will you block?
We automatically detect and block websites and domains used for phishing, malware sharing or distribution unethically, known "command and control" endpoints, and more un-particularly-explainable threat types, in the spirit of security.
After human request and/or manual review, we may additionally choose to include websites in our blocklist that:
- Distribute factually incorrect information without satirical reflection or guise (TLDR: purposeful misinformation)
- Are used to deliberately incite users into a mislead reaction
- Are used for fraudulent purposes outside of those of a "detectable thru automation" nature
- Immediately provide information or request an action that could create a large-scale and immediate threat to human life, safety, or security
- Host services or material depicting, promoting, or facilitating the sale, transfer, exchange, or sexual/non-sexual abuse of a minor
Do those last X reasons involve political censorship?
As a security vendor we have a responsibility to create solutions to protect others, and as an intelligence provider we have a responsibility to know, and influence, "what's next". Sometimes, the easiest way to stop a problem, is to not let it go in the first place.
DNS is not meant to be used as a heavy-handed filtration tool, and we do not apply it as such in terms of the content sharable or viewable on 3rd party platforms. We cannot interact with, or filter, how you express yourself, your political views, your opinions...and to be honest with you, we probably can't change them either.
However, if directly abusive or inciting content is brought to our attention, we have a responsibility to address it, and potentially block it, if it poses a genuine danger to the imminent state of life, safety, or security for a wide-scale audience.
We will not attempt to blacklist entire platforms due to disagreeing content from individual users, on platforms where it's a clear impracticality to have humanly moderated the content.
Your posts on X commenting on Donald Trumps' consistent Cheeto-esque color, complaints about Joe Biden's shoulder-sniffing frequency, and shitposts about various alphabet agency investigations, can live on. We probably never cared about them to begin with.
However, it's unlikely for us to not end up blacklisting "buildabombandleaveitattheairport.biz", as there is no point, at all, in any sane society, to build a device and leave it at an airport, nor host a website that provides the instructions for it. While we understand that some may view this as "censorship," we assure you that we are comfortable with this approach as it is a minor task for us to handle.
This is a mentally applicable rule to any type of content. This answer is provided in the spirit that you, a hopefully mentally sane and sound person, can consider the types of content being hosted or provided, and the consequences they could result in, when wondering if we "would" block something at any point in time in the spirit of security.
How do I use BeeHive's Secure DNS?
Setting DNS isn't particularly the easiest thing to do on every computer, as for most deployments, you'd prefer your DNS be given to you automatically.
Regardless of your operating system or network environment, you can take advantage of our DNS Security by setting the following values in your computer's network or wireless configuration:
Primary IPv4 DNS Resolver:
Primary IPv6 DNS Resolver:
For a secondary, aka "backup" resolver, we recommend entering Cloudflare's 18.104.22.168 resolver; it's fast, reliable, and as close enough to surveillance-free as you'll get from a large corporation, but, you're free to choose another if you're advanced enough of a user to just have spare DNS resolvers laying around.
Is this free?
Yes, this is free because you are the product.
Offering a DNS resolver allows us to see traffic information so we can, on our own, watch for trends of access to unsavory domains, or risky and abusive resources. It's in our best interests to offer this for free, because for US, your DNS traffic is more valuable in the interests of security, than a few sympathy dollars. You're getting much more than a few dollars worth from this, for free, while we're using the data we collect to keep you and others safe. Seems like a deal not worth the disagreement...