DNS Service - Technical FAQ

What is DNS service?
How can I get the service?
What names do Belnet name servers have?
What are the primary and secondary name servers?
What is a recursive name server for?
How Belnet provides redundancy with DNS service?
What is DNSSEC for? 

Belnet Intelligent DNS

What are the prices?
How Belnet Intelligent DNS works?

DNS over HTTPS (DoH)

What is DNS over HTTPS?
How to enable DNS over HTTPS in Firefox?
Does split horizon DNS work with DNS over HTTPS?
Does filtered DNS work?
What about privacy?

What is DNS service?

Domain Name Servers (DNS) are the Internet's equivalent of a phone book. They maintain a directory of domain names and translate them to Internet Protocol (IP) addresses. Your browser or Internet provider views the DNS associated with the domain name, translates it into a IP address and directs your Internet connection to the correct website.

With DNS Service, Belnet provides you secure domain name servers, adapted to your infrastructure projects, for optimal performance. Your oganisation's access to the internet Domain Name Servers are essentials.

How can I get the service?

There is no administrative procedure to follow and no agreement to sign. The DNS Service is free. You just need to be an organization connected to our network.

What names do Belnet name servers have?

Belnet has 3 nameservers:

  • ns1.belnet.be: 193.190.198.14 / 2001:6a8:3c80::14
  • ns2.belnet.be: 193.190.182.40 / 2001:6a8:3c80:c000::40
  • ns3.belnet.be: 145.0.7.163 / 2001:610:188:441:145:0:7:163 (hosted at SurfNet in the Netherlands)

The name servers function autonomously on different networks in different data centers. Thus, we can guarantee your domain names to be active continuously.

What are the primary and secondary name servers?

Each domain name needs at least two authoritative name servers (primary and secondary name servers) to translate domain names into IP addesses. One or more recursive name servers are needed per computer. Belnet manages primary, secondary and recursive name servers. The recursive name servers concern our DNS service only.

What is a recursive name server for?

Each computer that looks up a domain name makes use of a recursive name server. The recursive server interrogates a number of name servers until it finds a name server that is able to translate the required domain name into an IP address.

How Belnet provides redundancy with DNS service?

To ensure redundancy, Belnet offers three recursive servers. These recursive DNS servers are available to all organisations connected to the network:

- 193.190.198.10
- 193.190.198.2
- 193.190.67.53

- 2001:6a8:3c80::10
- 2001:6a8:3c80::20
- 2001:6a8:a40::53

What is DNSSEC for?

DNSSEC increases the security of the DNS system. DNSSEC is an extension of the DNS system that helps protect the Internet against various attacks (such as poisoning the DNS cache used for fishing). DNSSEC ensures the completeness of the data of domain names.

This protocol is available for different domain names such as ".be", ".org" and ".se". For Belnet, this security is important and that is why its own domain names are protected with DNSSEC.

What are the prices?

Belnet Intelligent DNS is free.

How Belnet Intelligent DNS works?

  1. CCB receives information about potentially malicious websites.
  2. CCB scans for possible malicious websites.
  3. A list of websites recognized as unreliable is regularly downloaded by Belnet and implemented in its DNS servers.
  4. If any of your end users tries to access such a site, the DNS query will not be resolved and a warning page will be displayed to keep the user protected.

What is DNS over HTTPS?

Normally the DNS queries sent by your computer to the DNS resolver are sent over an unencrypted connection. Anyone with access to your network can listen to these queries. Nowadays most internet traffic is sent encrypted, like websites using https instead of http. This is why DNS over HTTPS (DoH) was developed.

Some browsers, like Firefox and Chrome, already have support for DNS over HTTPS. Soon they will start to enable DoH by default. For those that prefer not to use the default DoH servive provided by Cloudflare in Firefox, Belnet has created its own DoH service. It's available to anyone, not only our customer. You can configure it.

How to enable DNS over HTTPS in Firefox?

Check this page from Firefox: https://support.mozilla.org/en-US/kb/firefox-dns-over-https

Go to Preferences Network Settings and "Enable DNS over HTTPS". Choose custom provider, and enter "https://dns.belnet.be/dns-query". There are more options in about:config (filter on 'trr'). Some interesting option:

  • network.trr.mode: enable doh with failover (2), or without failover (3)
  • network.trr.excluded-domains: domains that will not be resolved via DoH

Does Split horizon DNS work with DNS over HTTPS?

Split horizon DNS is used when a domain name resolves differently depending on the network you are on: eg fw.belnet.be only resolves when you are within Belnet office and use internal DNS servers.

When you are using DoH, split horizon will possibly not work. (depend on your trr.mode in Firefox). You can bypass this issue by adding domains to 'network.trr.excluded-domains', so they will use the default DNS resolver.

Does filtered DNS work?

You can implement a different URI that has DNS filtering.

What about privacy?

Because DoH was developed to protect your privacy, we decided not to log your individual queries.

For performance monitoring and statistics we do some logging:

  • Your IP, response code, protocol and response time are logged (not the DNS query).
  • Queries are logged anonymized by our recurive DNS servers.

Copyright © 2021 Belnet.