aashishrbhandari/dns_revisited.txt

## dns_revisited.txt
1  DNS Packet Structure
All DNS packets have a structure that is
+---------------------+
|        Header       |
+---------------------+
|       Question      | Question for the name server
+---------------------+
|        Answer       | Answers to the question
+---------------------+
|      Authority      | Not used in this project
+---------------------+
|      Additional     | Not used in this project
+---------------------+


2  DNS HeadersDNS packets have aheaderthat is shown below.  Note that requests and replies follow the sameheader format.1

                                1  1  1  1  1  1
  0  1  2  3  4  5  6  7  8  9  0  1  2  3  4  5
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|                      ID                       |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|QR|   Opcode  |AA|TC|RD|RA|   Z    |   RCODE   |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|                    QDCOUNT                    |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|                    ANCOUNT                    |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|                    NSCOUNT                    |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|                    ARCOUNT                    |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+


Tracking using Just Dns
------------------------

Like I said above, it’s easy to take the full or partial IP address info and figure out who’s asking for that web site. This means that the DNS server and anyone along the path to that DNS server — called on-path routers — can create a profile of you. They can create a record of all of the web sites that they’ve seen you look up.
And that data is valuable. Many people and companies will pay lots of money to see what you are browsing for.

Even if you didn’t have to worry about the possibly nefarious DNS servers or on-path routers, you still risk having your data harvested and sold. That’s because the resolver itself — the one that the network gives to you — could be untrustworthy.

Even if you trust your network’s recommended resolver, you’re probably only using that resolver when you’re at home. Like I mentioned before, whenever you go to a coffee shop or hotel or use any other network, you’re probably using a different resolver. And who knows what its data collection policies are?

Beyond having your data collected and then sold without your knowledge or consent, there are even more dangerous ways the system can be exploited.

Articles & Docs:
-----------------
https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
https://www.cloudflare.com/learning/dns/dns-over-tls/
https://blog.apnic.net/2018/10/12/doh-dns-over-https-explained/

Example of DOH (DNS Over HTTPS):
---------------------------------
:method = POST
:scheme = https
:authority = dnsserver.example.net
:path = /dns-query
accept = application/dns-message
content-type = application/dns-message
content-length = 33

<33 bytes represented by the following hex encoding>
abcd 0100 0001 0000 0000 0000 0377 7777
0765 7861 6d70 6c65 0363 6f6d 0000 0100
01


A DOH query and response using JSON formatting looks like the following:

$ curl -s -H 'accept: application/dns+json' \
'https://dns.google.com/resolve?name=www.potaroo.net&type=A' | jq

{
  "Status": 0,
  "TC": false,
  "RD": true,
  "RA": true,
  "AD": true,
  "CD": false,
  "Question": [{
                "name": "www.potaroo.net.",
                "type": 1
              }],
  "Answer": [{
              "name": "www.potaroo.net.",
              "type": 1,
              "TTL": 6399,
              "data": "203.133.248.2"
           }],
  "Comment": "Response from 203.133.248.2."
}
	1 DNS Packet Structure
	All DNS packets have a structure that is
	+---------------------+
	\| Header \|
	+---------------------+
	\| Question \| Question for the name server
	+---------------------+
	\| Answer \| Answers to the question
	+---------------------+
	\| Authority \| Not used in this project
	+---------------------+
	\| Additional \| Not used in this project
	+---------------------+



	2 DNS HeadersDNS packets have aheaderthat is shown below. Note that requests and replies follow the sameheader format.1

	1 1 1 1 1 1
	0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
	+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
	\| ID \|
	+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
	\|QR\| Opcode \|AA\|TC\|RD\|RA\| Z \| RCODE \|
	+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
	\| QDCOUNT \|
	+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
	\| ANCOUNT \|
	+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
	\| NSCOUNT \|
	+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
	\| ARCOUNT \|
	+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+






	Tracking using Just Dns
	------------------------

	Like I said above, it’s easy to take the full or partial IP address info and figure out who’s asking for that web site. This means that the DNS server and anyone along the path to that DNS server — called on-path routers — can create a profile of you. They can create a record of all of the web sites that they’ve seen you look up.
	And that data is valuable. Many people and companies will pay lots of money to see what you are browsing for.

	Even if you didn’t have to worry about the possibly nefarious DNS servers or on-path routers, you still risk having your data harvested and sold. That’s because the resolver itself — the one that the network gives to you — could be untrustworthy.

	Even if you trust your network’s recommended resolver, you’re probably only using that resolver when you’re at home. Like I mentioned before, whenever you go to a coffee shop or hotel or use any other network, you’re probably using a different resolver. And who knows what its data collection policies are?

	Beyond having your data collected and then sold without your knowledge or consent, there are even more dangerous ways the system can be exploited.

	Articles & Docs:
	-----------------
	https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
	https://www.cloudflare.com/learning/dns/dns-over-tls/
	https://blog.apnic.net/2018/10/12/doh-dns-over-https-explained/

	Example of DOH (DNS Over HTTPS):
	---------------------------------
	:method = POST
	:scheme = https
	:authority = dnsserver.example.net
	:path = /dns-query
	accept = application/dns-message
	content-type = application/dns-message
	content-length = 33

	<33 bytes represented by the following hex encoding>
	abcd 0100 0001 0000 0000 0000 0377 7777
	0765 7861 6d70 6c65 0363 6f6d 0000 0100
	01


	A DOH query and response using JSON formatting looks like the following:

	$ curl -s -H 'accept: application/dns+json' \
	'https://dns.google.com/resolve?name=www.potaroo.net&type=A' \| jq

	{
	"Status": 0,
	"TC": false,
	"RD": true,
	"RA": true,
	"AD": true,
	"CD": false,
	"Question": [{
	"name": "www.potaroo.net.",
	"type": 1
	}],
	"Answer": [{
	"name": "www.potaroo.net.",
	"type": 1,
	"TTL": 6399,
	"data": "203.133.248.2"
	}],
	"Comment": "Response from 203.133.248.2."
	}