How does this DNS-leak-detection site discover which DNS server is being used?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Given this test for DNS leaks runs in the browser, how does it discover which DNS servers the 100 queries go to? Whatever is set as the DNS server in the network manager is irrelevant when all DNS traffic is intercepted. If you just type:
dig google.com
it does not tell you the DNS server really being used. How can the site's script tell?
Distribution: debian, lfs, whatever else i need in qemu
Posts: 268
Rep:
They have their own dns server which tcpdump | grep's for your unique hostnames under it, and sees where it comes from. in most cases it'll be coming from google but it also may come from your ISP dnses if you use those.
If you use socks5 with hostnames resolved on the proxy side then it'll return whatever proxy uses as dns.
Could you explain how their DNS server can be involved when it is a browser script that does everything? One would expect the browser only uses the DNS server you specify in the network manager unless intercepted.
Quote:
If you use socks5 with hostnames resolved on the proxy side then it'll return whatever proxy uses as dns.
Tried that too by simply running the browser in the gateway and explicitly making it go through socks5 proxy, and it does return whatever DNS server the Tor exit node uses, but how does the site know, or how does the script know?
Distribution: debian, lfs, whatever else i need in qemu
Posts: 268
Rep:
Because the website has their own domain, right? And no, not all domains are served by cloudflare in this world yet, you can actually do it yourself and simply log all requests to your DNS server to include source IPs of recursive resolvers that the socks server in question has in it's /etc/resolv.conf.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.