DNS leak testing

Discussion in 'privacy technology' started by luciddream, Aug 18, 2011.

Thread Status:
Not open for further replies.
  1. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    I've been trying to use this DNS-OARC site for a few days now, and every time I click on "Test My DNS" I get a "Server not found" message in Firefox. Is the site just down temporarily? Is this happening to anybody else?

    Is there another site that reliably tests this?
     
  2. box750

    box750 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    260
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    I got, "Transaction ID Randomness: GREAT" on that www :)

    Yes, here's another good one :thumb:
    I got “Excellent.” on GRC :) :)
     
  4. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    On that GRC site I'm getting 2 different sets of results. On image to the left "Query Source Port Distribution", I get these results:

    Max Entropy: 11.99 (Moderate)
    Lost Entropy: 0.01 (Excellent)
    Dir Bias: 1.01% (Excellent)
    Stuck Bits: 1 (Moderate)

    Then the query to the right "Query Transaction ID Distribution", I get these results:

    Max Entropy: 15.98 (Excellent)
    Lost Entropy: 0 (Excellent)
    Dir Bias: 9.09% (Excellent)
    Stuck Bits: 0 (Excellent)

    I also saw this:

    "Spoofability Mitigation Note: Even though one or more of the individual “spoofability” parameters
    shown above does indicate a worrying spoofability grade of “Moderate”, our attempt to directly query
    this server from the Internet failed. Therefore, “Kaminsky-style” cache poisoning attacks will be either
    more difficult or impossible to conduct. As long as this nameserver remains inaccessible to Internet
    queries, there is little danger of it becoming a victim of Kaminsky-style cache poisoning attacks."

    And this:

    "This nameserver has no associated domain name"

    I read through everything on the page and I'm still not exactly sure what to make of all it. I'm just relieved to not see any poor ratings.

    ... perhaps it's my VPN that's blocking OARC from working? I'll try some other time with it disconnected.
     
  5. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    Okay, it all makes sense now. I did it without my VPN and it all came back excellent. And the OARC test also worked, with ratings of "Great" all around using Comodo Secure DNS servers.

    I'm satisfied with my protection in this regard now, so I'll stop obsessing.
     
  6. rudyl

    rudyl Registered Member

    Joined:
    Jul 1, 2011
    Posts:
    30
    In the context of testing VPN services, what's relevant is simply what DNS servers GRC reports that you're using. If you're using only the VPN service's DNS server(s), that's good. If you're using your ISP's DNS server(s), that's bad -- you're leaking DNS lookups. DNS spoofability is a different issue, relating to a type of MITM attack.
     
  7. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    Yeah it was testing my VPN's DNS server. I don't use my ISP's at all, I use Comodo Secure DNS when I'm not using my VPN.
     
  8. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I get that a lot with oarc. I just click the refresh button and it works after that.
     
Loading...
Thread Status:
Not open for further replies.