How do you know your DNS is not under a MITM attack?

Discussion in 'privacy technology' started by Ulysses_, Jan 28, 2014.

Thread Status:
Not open for further replies.
  1. Ulysses_

    Ulysses_ Registered Member

    Joined:
    Jun 27, 2010
    Posts:
    207
    Using 4.2.2.4 as a DNS server throughout.

    How do you know you are connecting to the real 4.2.2.4 DNS server and not some other because of an attack similar to an ssl man-in-the-middle attack?
     
  2. Ulysses_

    Ulysses_ Registered Member

    Joined:
    Jun 27, 2010
    Posts:
    207
    Annwering my own question, you don't, unless something like DNSCrypt is used.

    Except this particular product requires faith in a third company, OpenDNS. Used to use this company as the DNS server provider in all my connections, until I noticed failed dns queries were redirected to their IP's. That's a foul in my book, who knows what else they are redirecting.

    Any better way to guarantee your DNS queries are not interfered with?

    What about this proposal: send the DNS query to 2 or 3 different DNS servers through 2 or 3 respective freeware VPN's, and if the results disagree, suspect interception. Would this work, does such a thing exist?
     
  3. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,766
    Location:
    Outer space
    I haven't heard of such a tool. If you enter IP adresses from different DNS providers in you DNS configuration, only the first one will be used unless it is not connectable afaik.

    OpenDNS's DNSCrypt is highly outdated. You can find the most recent version here which you can use with other DNS providers as well:
    http://dnscrypt.org/
     
  4. Ulysses_

    Ulysses_ Registered Member

    Joined:
    Jun 27, 2010
    Posts:
    207
    Now I saw this. Thanks for the dnscrypt link.
     
  5. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    OpenDNS's DNSCrypt is a GUI wrapped around the real, open source DNSCrypt. I think OpenDNS have actually abandoned their efforts in promoting and updating this. All they do is support the protocol on their server now.

    DNSCrypt is worked on by 1 person and to my knowledge is not funded or has any ties to OpenDNS. Recently the author has been stripping every mention of OpenDNS from his code.
     
  6. Ulysses_

    Ulysses_ Registered Member

    Joined:
    Jun 27, 2010
    Posts:
    207
    And in case the DNS servers themselves get poisoned or otherwise become untrustworthy, we could compare the results from several DNS servers and only trust them if they all agree, as proposed above.

    Tried to use a script for this. This listens to the DNS port as if it were a local DNS server. But it only responds to one DNS query, after that it does nothing. Why is that?

    Running the following as root:

    # create fifo's
    mkfifo -m 0600 "$BACK" "$SENT" "$RECEIVED"

    # Keep parsing SENT fifo to get domain name (this can then be used to query several public DNS servers with DNScrypt)
    od -c -w100 < "$SENT" | sed "s/blah blah//g" &

    # Keep parsing RECEIVED fifo to get IP
    od -t u1 -w100 < "$RECEIVED" | sed "s/blah blah//g" &

    # Keep listening and piping
    nc -ul 53 < "$BACK" | tee "$SENT" | nc -u 4.2.2.4 53 | tee "$RECEIVED" > "$BACK"
     
    Last edited: Mar 13, 2014
Loading...
Thread Status:
Not open for further replies.