Author Topic: DNS Questions..  (Read 1968 times)

deanfourie (OP)

  • Byte
  • *
  • Posts: 11
  • Rep: 0
    • View Profile
  • Certifications: IMPCICIAMPLS
DNS Questions..
« on: July 14, 2015, 05:33:45 AM »
So ive basically labelled DNS as the most powerful protocol on the internet today...
Im not sure how true that is, but it seems to me.... Also im not sure if this post is even in the right PLACE (austech in general)

But, I have some questions regarding DNS.

1. If I set my NIC on windows to statically use DNS 8.8.8.8, does it do a direct request via 8.8.8.8, or will it send that request to the gateway and then send the DNS request via the ISP assigned DNS servers? So, in order to do a legitimate DNS request to 8.8.8.8, do I need to statically set the routers DNS server to 8.8.8.8?

2. Does anyone know about DNS leaking? and Transparent DNS proxies? Would like to talk more :)

SimonV

  • Dark Fibre
  • ****
  • Posts: 962
  • Country: be
  • Rep: 9
    • View Profile
    • Blog
  • Certifications: N+ GFL, CCNP, CCNA Wireless, JNCIS-SEC/ENT
Re: DNS Questions..
« Reply #1 on: July 14, 2015, 05:55:22 AM »
1. If I set my NIC on windows to statically use DNS 8.8.8.8, does it do a direct request via 8.8.8.8, or will it send that request to the gateway and then send the DNS request via the ISP assigned DNS servers? So, in order to do a legitimate DNS request to 8.8.8.8, do I need to statically set the routers DNS server to 8.8.8.8?

Your client will directly send it to the DNS server. Easily verifiable with Wireshark.

digitheads

  • Byte
  • *
  • Posts: 10
  • Country: us
  • Rep: 0
  • Bona Fide Old School Computer Geek
    • View Profile
  • Certifications: Too Many To List Here
Re: DNS Questions..
« Reply #2 on: July 14, 2015, 07:47:56 AM »
the DNS name resolution request goes directly to the DNS server specified, you can use more than one and they will be tried one at a time FIFO.  Without a valid DNS server, you cant surf unless you happen to be that one person that can memorize thousands of ip addresses...
"knowledge is power" - Albert Einstein

Chev Chellios

  • Byte
  • *
  • Posts: 13
  • Country: 00
  • Rep: 1
    • View Profile
  • Certifications: CCNSP, ITIL, MCP, MCDST
Re: DNS Questions..
« Reply #3 on: July 14, 2015, 09:46:46 AM »
The more I think and learn about DNS the more it blows my mind with what it actually does and how quickly it does it. Sad but true.....

deanwebb

  • Permit any any all log
  • Administrator
  • Volume Licensing
  • *****
  • Posts: 7404
  • Country: us
  • Rep: 19
  • *I* am the one who NACs.
    • View Profile
  • Certifications: FSCA: ForeScout Certified Administrator, CCNP Security, Tufin CSE, TippingPoint ASE
Re: DNS Questions..
« Reply #4 on: July 14, 2015, 11:21:58 AM »
This is why all the cool kids keep an eye on DNS. All kinds of security breaches can happen if DNS isn't kept careful track of.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!

Reggle

  • Senior Engineer
  • ****
  • Posts: 2243
  • Rep: 3
    • View Profile
  • Certifications: CCNA Security - CCNP - CCDP - RHCSA
Re: DNS Questions..
« Reply #5 on: July 14, 2015, 02:32:28 PM »
If you're that interested, I recommend you install BIND on a computer at home and experiment with it. BIND is a DNS server, relatively lightweight (it will run on a Raspberry Pi just fine) but can scale up to... Well it's used on root servers. It's Linux software.

I learned a LOT of stuff with it. By now I have a DNS-based ad-filter at home, I know how anycast DNS works, I have automated 18+ filtering, DNS resolving for all devices at home and my outgoing DNS traffic is even encrypted (so no DNS-based provider blocks).

You're right, together with BGP, DNS might just be the most powerful protocol on the internet.

Otanx

  • advipservicesk9
  • ****
  • Posts: 1643
  • Country: us
  • Rep: 8
    • View Profile
  • Certifications: CCNP
Re: DNS Questions..
« Reply #6 on: July 14, 2015, 05:03:26 PM »
I would vote that IP is the most critical and powerful protocol on the internet.  :whistle:

I second Reggle. Get a pi, or spin up a VM, and run bind. You will learn quite a bit.

-Otanx

deanwebb

  • Permit any any all log
  • Administrator
  • Volume Licensing
  • *****
  • Posts: 7404
  • Country: us
  • Rep: 19
  • *I* am the one who NACs.
    • View Profile
  • Certifications: FSCA: ForeScout Certified Administrator, CCNP Security, Tufin CSE, TippingPoint ASE
Re: DNS Questions..
« Reply #7 on: July 14, 2015, 05:31:23 PM »
DO NOT UNDERESTIMATE THE POWER OF PING!
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!

Otanx

  • advipservicesk9
  • ****
  • Posts: 1643
  • Country: us
  • Rep: 8
    • View Profile
  • Certifications: CCNP
Re: DNS Questions..
« Reply #8 on: July 14, 2015, 10:38:31 PM »
or Tracer-T

-Otanx

Reggle

  • Senior Engineer
  • ****
  • Posts: 2243
  • Rep: 3
    • View Profile
  • Certifications: CCNA Security - CCNP - CCDP - RHCSA
Re: DNS Questions..
« Reply #9 on: July 15, 2015, 03:01:40 AM »
I would vote that IP is the most critical and powerful protocol on the internet.  :whistle:
Point taken. But it's less of a challenge than the other two I mentioned :)

zarawatsonn

  • Byte
  • *
  • Posts: 11
  • Country: in
  • Rep: 0
  • Whatever the problem is....keep going!!!!!
    • View Profile
    • top 10 mobile apps development companies
Re: DNS Questions..
« Reply #10 on: May 03, 2016, 12:08:33 AM »
DNS leaking is refers to that situation when you send your data through a secure gateway, but some data is leaks outside of secure connection.
mobile application development companies | BlackBerry application development

deanwebb

  • Permit any any all log
  • Administrator
  • Volume Licensing
  • *****
  • Posts: 7404
  • Country: us
  • Rep: 19
  • *I* am the one who NACs.
    • View Profile
  • Certifications: FSCA: ForeScout Certified Administrator, CCNP Security, Tufin CSE, TippingPoint ASE
Re: DNS Questions..
« Reply #11 on: May 03, 2016, 08:30:30 AM »
DNS leaking is refers to that situation when you send your data through a secure gateway, but some data is leaks outside of secure connection.
OK...

So why post this to execute an epic gravedig...?

:zomgwtfbbq:
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!