DNS LEAKING AND PREVENTION PAPER


What is DNS leak?
Ans) When u visit a site even using proxy/vpn you may give info about ur dns provided by ur ISP to that site. 
And they will be one step ahead to trace u.

*** U can check whether u are leaking ur dns info or not at www.dnsleaktest.com

Now u may think that, this is no big deal. Because u can change dns address manually, so no one wud be able to 
see ur acivity. 
Here comes another story of the "Transparent DNS Proxy".

What is transparent dns proxy?
Ans) This is also a kind of dns servers provided by ur ISP(not all ISP). When u change ur dns address manually ur 
dns requests goes to and resolved by ur desired dns server, but these requests goes thrrough those dns server set 
by ur ISP (which sits between ur pc and ur desired dns server), and keep all logs
of ur requests.

pls note: I dont know about other ISPs. but I am confirmed about BSNL.

*** To check whether ur ISP has tranparent dns proxy or not, at first check ur dns server's ip @ www.dnsleaktest.com.
Then change ur dns address to some other like 8.8.8.8 or 8.8.4.4 (googles dns). After this change use 'tracert' or 
'traceroute' command to trace node's ip between ur pc and ur desired site.
for example: 
c:\>tracroute www.google.com 
 If u find address of ur ISPs dns or the network part of that ip, ur ISP is using transparent dns proxy, to log ur request.
 
 Solution:
 1) if u are using proxychains configure to use with tor. 
 Here is how https://www.youtube.com/watch?v=d91w9D1FPIk
 
 Or configure it to resolve dns requests by ur proxys.
 Here is how http://proxychains.sourceforge.net/howto.html
 
 2) Use dnscrypt (freely available) to make an encrypted channel (from ur pc to Opendns or any other dnscrypt enabled dns) 
 so ur all dns requests are encrypted and resolved only by opendns or that u have set to use. 
 *U can use it with proxy/vpn but if ur vpn is not leaking info. U dont have worry.
 
Here is how to install in ubuntu http://askubuntu.com/questions/330589/how-to-compile-and-install-dnscrypt
Written By Crish Angel
For more details pm me. :)

0 comments: