@Vladimir, thank you for sharing your perspective - and even more meaningful to also share a guide to a related fix on Windows 10.
Your comments are valid.
I would add that some folks are altering their DNS not necessarily for misguided (edit: holistic) security perks, but rather for speed. The response time from 220.127.116.11 CloudFlare (or 18.104.22.168 IBM) might on average be a little quicker than default DNS that the user was previously experiencing. This has led some to modify DNS locally on devices, or perhaps configure their home router (or work router).
related youtube video by Linus Tech Tips:
Both are actually valid reasons: The speed, as you have mentioned, is definitely improves when using Cloudflare, unless your carrier blocking it (AT&T incident, already resolved).
The RELATIVE security factor is also present: if using 22.214.171.124, you are actually better-off from security perspective, as IBM does filter DNS queries using their threat intelligence platform. So the probability of accessing malware-loaded sites or tripping CNC is reduced.
It's the assumption of complete DNS security and privacy specifically, when relying on simple NS configuration changes, that are dangerous.
Thank-you vt100! I appreciate your post. I've been researching DNS security and auditing and it is definitely a problem area. I've looked at products like Infoblox that mitigate data leakage where the DNS stream is utilized to exfiltrate data. I'd love to see more information in this area.
@rpenner You are quite welcome!
Yes, DNS is the major vector for C&C, data exfiltration and a side-channel communication. Interestingly enough, it was used to some degree for the delivery of the updates in restricted environments by some vendors and, subsequently, by some VPN vendors to circumvent traditional firewalls.
These days, practically all UDP based protocols are being used for nefarious purposes as they are seldom afforded same degree of scrutiny as TCP.
Traditional firewall vendors do not like to tackle DNS, as it directly impacts listed performance of their appliances and are often limiting their threat prevention for DNS to a subset of common exploits.
From the point of view of performance and security, cloud-based DNS specific security solutions are probably the best at addressing these issues.