Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Capture DNS leakage

Tags:

dns

I am trying to log DNS "leaks", in other words the DNS servers used by visitors to my web site.

How does one figure out which DNS server a web request came from to my server (i.e. the getting DNS leaks). This website dnsleaktest.com does it, it knows which DNS server I am coming from? How? It should only be able to know some stats about my browser, and maybe the HTTP referer. How does it know my DNS server?

What is being exploited, used? Or what is the traffic flow from my browser to this server, and where in that flow is dnsleaktest able to get this information?

like image 503
revi Avatar asked Nov 28 '12 19:11

revi

People also ask

How do I find a DNS leak?

If your browser just sends the request to your ISP anyway, that's a DNS leak. There are easy ways to test for a leak, again using websites like Hidester DNS Leak Test(Opens in a new window), DNSLeak.com(Opens in a new window), or DNS Leak Test.com(Opens in a new window).

What is a DNS leak and why should I care?

A DNS leak is a security flaw that occurs when requests are sent to an ISP's DNS servers even when a VPN is being used to protect users. A VPN is designed to encrypt a user's internet connection, which keeps their traffic in a private tunnel that hides all of their browsing activity.

How does a DNS leak test work?

A DNS leak test works by sending a number of domain names for the VPN to resolve. If at least one of the servers in the results belongs to your ISP, the VPN likely has a DNS leak.

1 Answers

That's not that easy.

What dnsleaks probably does - they have their own authoritative DNS server, javascript on their websites queries various randomly-generated subdomains of their domain, and on their DNS server they monitor where requests to those randomly-generated subdomains come from.

To do it, you need some domain hosted on your own DNS servers (not servers provided by your registrar or a hosting provider). You need to monitor queries to this server - can be done if you parse your DNS server logs or have your own DNS server software, or if your DNS server provides some API hooks to see the incoming requests. Then you write a script for your sites which queries various subdomains, and tells server-side script on your website which subdomain requests it should monitor. The server-side script in turn talks to the DNS server.

All the above is an unverified guess. I see no other way to do it.

like image 71
Sandman4 Avatar answered Sep 27 '22 18:09

Sandman4
Sign in to Comment

Related questions

CNAME for Azure application causes email problems with MX and A records ignored
non-blocking network address resolution (gethostbyname or getaddrinfo)?
Update DNS for domain name in AJAX request
Subdomain of custom domain on Github pages
How do I use Amazon Route 53 with a Digital Ocean droplet?
Which domain-name should I bake into my IoT device as IoT MQTT endpoint?
dns_get_record(): A temporary server error occurred.
How to link my Google Domain to a custom HTML webpage
Can you add multiple custom domains to multiple Github repositories?
Android emulator doesn't use Windows host file?
IO domain registry [closed]
Resolve-DnsName - Formatting and Error Catching
How to create an "alias target" A DNS record in Route53 for an elasticache replication group
How do HTTP/2 and CNAME work together?
Rails - Configuring DNS to host with Heroku (123-reg)
How to use Docker swarm DNS/Service names in Nginx upstream
Using "System.Net.Dns.GetHostEntry()" to get the IP address for a website, will give different results compared to some online IP checker sites
Load balancer and API Gateway confusion
Does the PHP mail() function work if I don't own the MX record
Programmatically join Windows machine to AD domain

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!