Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Capture DNS leakage

Tags:

dns

I am trying to log DNS "leaks", in other words the DNS servers used by visitors to my web site.

How does one figure out which DNS server a web request came from to my server (i.e. the getting DNS leaks). This website dnsleaktest.com does it, it knows which DNS server I am coming from? How? It should only be able to know some stats about my browser, and maybe the HTTP referer. How does it know my DNS server?

What is being exploited, used? Or what is the traffic flow from my browser to this server, and where in that flow is dnsleaktest able to get this information?

like image 503
revi Avatar asked Nov 28 '12 19:11

revi


People also ask

How do I find a DNS leak?

If your browser just sends the request to your ISP anyway, that's a DNS leak. There are easy ways to test for a leak, again using websites like Hidester DNS Leak Test(Opens in a new window), DNSLeak.com(Opens in a new window), or DNS Leak Test.com(Opens in a new window).

What is a DNS leak and why should I care?

A DNS leak is a security flaw that occurs when requests are sent to an ISP's DNS servers even when a VPN is being used to protect users. A VPN is designed to encrypt a user's internet connection, which keeps their traffic in a private tunnel that hides all of their browsing activity.

How does a DNS leak test work?

A DNS leak test works by sending a number of domain names for the VPN to resolve. If at least one of the servers in the results belongs to your ISP, the VPN likely has a DNS leak.


1 Answers

That's not that easy.

What dnsleaks probably does - they have their own authoritative DNS server, javascript on their websites queries various randomly-generated subdomains of their domain, and on their DNS server they monitor where requests to those randomly-generated subdomains come from.

To do it, you need some domain hosted on your own DNS servers (not servers provided by your registrar or a hosting provider). You need to monitor queries to this server - can be done if you parse your DNS server logs or have your own DNS server software, or if your DNS server provides some API hooks to see the incoming requests. Then you write a script for your sites which queries various subdomains, and tells server-side script on your website which subdomain requests it should monitor. The server-side script in turn talks to the DNS server.

All the above is an unverified guess. I see no other way to do it.

like image 71
Sandman4 Avatar answered Sep 27 '22 18:09

Sandman4