Can I filter specific DNS request/packet?

Discussion in 'other firewalls' started by retolx, Mar 16, 2013.

Thread Status:
Not open for further replies.
  1. retolx

    retolx Registered Member

    Joined:
    Mar 5, 2013
    Posts:
    10
    I am trying to find a way how to filter out specific DNS request (TXT record type) on Windows. I tried to put the requested domain in win/sys32/etc/hosts but it still goes through to my DNS servers.

    One way would be to block port 53 traffic for an application, or even block all traffic to my DNS server for the application, but I'm trying to avoid that. Is there any way to filter specific packet?

    I can provide wireshark dump if it's needed, or most other information about the packets in question.
     
  2. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    If you think these particular queries would be something that others might want to block, your sharing of some specifics could be of benefit to those others.

    I believe the hosts file is used for A/AAAA & PTR lookups and thus it would be bypassed when looking up TXT records. TXT records are used for some legitimate purposes, which you may know but interested others could start at https://en.wikipedia.org/wiki/List_of_DNS_record_types.

    Perhaps someone else is aware of a Windows firewall that allows you to target specific DNS query types. I think the query type comes after query name in the DNS message so I don't think you can simply look for decimal 16 (TXT QTYPE) at a fixed offset. Edit: Unless the name is known and fixed.

    Regarding other options, one would be a DNS proxy (assuming someone has built this specific functionality into it or is willing to add it). Another would be running your own DNS server.
     
    Last edited: Mar 17, 2013
Thread Status:
Not open for further replies.