A few VPN providers advertise a feature called Zero-Knowledge-DNS. Perfect Privacy has had this feature from the beginning. Of course we have always operated our own DNS on every server without connection protocols and activity control. We go one step further: With perfect Privacy there is also a copy of the root zone. What this means is explained in this blog post. Inexperienced users first need to understand what a DNS actually is.
DNS stands for Domain Name System. Every website on the Internet has an IP address, which works similar to a telephone number. Since people can remember names better than a multitude of numbers, the DNS was designed in 1983 by Paul Mockapetris. These names are the respective URLs of the websites. To enable this name resolution, your device sends the entered URL to a DNS server on the Internet and transforms it into the corresponding IP address and 'calls' the respective website.
Perfect Privacy operates it's own private DNS. This means that the DNS requests are fully encrypted and routed through our own VPN tunnels, which also protects the rest of your internet traffic, since we operate our own DNS on every server. This is also the basis for our advertising and tracking blocker 'TrackStop'. We simply do not resolve unwanted name requests on our name servers.
There are still many VPN providers that use third-party DNS. This means that these name resolution requests are not routed through their own encrypted VPN tunnels. This makes it easier for attackers to manipulate at this point. Especially in insecure places, like public WLAN hotspots, you can be sure that your requests with Perfect Privacy will always remain encrypted.
Since third-party DNS servers log your traffic, i.e. where you accessed a particular website and when, anyone who has access to that server could check the DNS requests that point to you. Since our VPN servers run on ram disks, these DNS requests, like all other data, are not physically stored. Therefore Zero Knowledge!
Root name servers are used for name resolution at the root of the Domain Name System in the Internet. The root zone contains all names and IP addresses of all Top Level Domains (TLD). Each computer is assigned a name server in the Internet. In the case of Perfect Privacy, these are your own. This server resolves names such as perfect-privacy.com into the corresponding IP address. If a name server has no information about the requested TLD 'com', it contacts the root server responsible for com. The root server then contacts the name server responsible for perfect-privacy.com. However, the root server stores the answers for a certain time and provides access to attackers. At Perfect Privacy we have a copy of this root zone, so that such requests remain within our fully encrypted network.