DNS requests in windows 7?

Discussion in 'other firewalls' started by tom1876, Jan 31, 2014.

Thread Status:
Not open for further replies.
  1. tom1876

    tom1876 Registered Member

    Jan 4, 2014
    i have comodo installed on my system(windows 7 ultimate;OpenDNS servers configured in network adapter settings) and i have allowed svchost for UDP connections at port 53 to opensDNS Ips only.everything else is blocked for svchost.

    i have some questions.

    1. do all DNS requests are handled by svchost only or can applications themselves make DNS request? (though i have not allowed applications to make UDP requests from commodo for now)

    2. when i use Tor (TBB),then which app handles the DNS requests?svchost or TOR itself?because what i read is that tor is not capable of UDP traffic,only TCP.
    and when i check tor connections in commodo,i dont see any UDP out connection on port 53,just TCP out at 443 and 9001 ports.I think ip related for 443 port is the tor entry node and ip related to 9001 port is dns server used.
    so how does TBB make DNS requests?

    3. the above case of TBB, which server will be used for DNS resolutions?openDNS configured in my network adapter or TOR DNS servers(if there is one)?

    4. can i make every application to make DNS requests for themselves and block it from svchost?will it be better or not?

    5. configuring DNS severs in router or in the network adapter,which is better to prevent DNS leak?

    6. as i have blocked svchost from making any other connections except OPENDNS servers ,is there a chance for DNS leak still or am i safe?

    Last edited: Jan 31, 2014
  2. Brummelchen

    Brummelchen Registered Member

    Jan 3, 2009
    windows has its dns service which is made through that exe file. since i disabled it programs need access to UDP port 53. dns service is sometimes critical and if it locks the computer (due some huge hosts file)

    443 is ssl however.

    and since tor is still infiltrated trough NSA and vulnerable for hacking you should drop it completely

    blocking svchost, not wise
    i dont have a special rule for it but "system" should fit it and this is allowed:
    - localhost (ipv4/v6)
    - multicast
    - pubMcast
    - permMcast
    - all local network
    - APIPA
    - ICMP (ping/trace)
    - UDP/53

    port 9001 - tor uses it but not for dns.

  3. tom1876

    tom1876 Registered Member

    Jan 4, 2014
    thanks Brummelchen for response :)

    so i did some research myself and it looks like Tor leaves the job of DNS resolution to the exit node and will not use my ISP or network DNS.that's good.

    anyone got any idea about other queries?
  4. FOXP2

    FOXP2 Guest

    This is the rule I've got on the top of the heap and is pretty much mirrors what I've had setup in other firewalls over the years. "everything else is blocked for svchost" is somewhat overkill IMHO. (For the purpose of this discussion, ignore the LLMNR rule.)


    Anything not-ruled evokes a real-time alert, of course, and also a log entry that I can analyze, both of which used for determinations. Eventually you can fine tune rules to reduce alerts if you happen to be one of the i-hate-alerts crew. As you can see, I happen to think there is no use for port 53 TCP.

    Google dns leaks and find several sites that will test for that. And...

Thread Status:
Not open for further replies.