Last active
June 27, 2020 05:21
-
-
Save aashishrbhandari/2cd6221decfbb43d3cb86f1a07f8451e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 DNS Packet Structure | |
All DNS packets have a structure that is | |
+---------------------+ | |
| Header | | |
+---------------------+ | |
| Question | Question for the name server | |
+---------------------+ | |
| Answer | Answers to the question | |
+---------------------+ | |
| Authority | Not used in this project | |
+---------------------+ | |
| Additional | Not used in this project | |
+---------------------+ | |
2 DNS HeadersDNS packets have aheaderthat is shown below. Note that requests and replies follow the sameheader format.1 | |
1 1 1 1 1 1 | |
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 | |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | |
| ID | | |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | |
|QR| Opcode |AA|TC|RD|RA| Z | RCODE | | |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | |
| QDCOUNT | | |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | |
| ANCOUNT | | |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | |
| NSCOUNT | | |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | |
| ARCOUNT | | |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | |
Tracking using Just Dns | |
------------------------ | |
Like I said above, it’s easy to take the full or partial IP address info and figure out who’s asking for that web site. This means that the DNS server and anyone along the path to that DNS server — called on-path routers — can create a profile of you. They can create a record of all of the web sites that they’ve seen you look up. | |
And that data is valuable. Many people and companies will pay lots of money to see what you are browsing for. | |
Even if you didn’t have to worry about the possibly nefarious DNS servers or on-path routers, you still risk having your data harvested and sold. That’s because the resolver itself — the one that the network gives to you — could be untrustworthy. | |
Even if you trust your network’s recommended resolver, you’re probably only using that resolver when you’re at home. Like I mentioned before, whenever you go to a coffee shop or hotel or use any other network, you’re probably using a different resolver. And who knows what its data collection policies are? | |
Beyond having your data collected and then sold without your knowledge or consent, there are even more dangerous ways the system can be exploited. | |
Articles & Docs: | |
----------------- | |
https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ | |
https://www.cloudflare.com/learning/dns/dns-over-tls/ | |
https://blog.apnic.net/2018/10/12/doh-dns-over-https-explained/ | |
Example of DOH (DNS Over HTTPS): | |
--------------------------------- | |
:method = POST | |
:scheme = https | |
:authority = dnsserver.example.net | |
:path = /dns-query | |
accept = application/dns-message | |
content-type = application/dns-message | |
content-length = 33 | |
<33 bytes represented by the following hex encoding> | |
abcd 0100 0001 0000 0000 0000 0377 7777 | |
0765 7861 6d70 6c65 0363 6f6d 0000 0100 | |
01 | |
A DOH query and response using JSON formatting looks like the following: | |
$ curl -s -H 'accept: application/dns+json' \ | |
'https://dns.google.com/resolve?name=www.potaroo.net&type=A' | jq | |
{ | |
"Status": 0, | |
"TC": false, | |
"RD": true, | |
"RA": true, | |
"AD": true, | |
"CD": false, | |
"Question": [{ | |
"name": "www.potaroo.net.", | |
"type": 1 | |
}], | |
"Answer": [{ | |
"name": "www.potaroo.net.", | |
"type": 1, | |
"TTL": 6399, | |
"data": "203.133.248.2" | |
}], | |
"Comment": "Response from 203.133.248.2." | |
} |
Author
aashishrbhandari
commented
Jun 27, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment