Blocking traffic in port 53 prevents DNS leaks (or any kind of DNS traffic) ??
- Inicie sesión o regístrese para enviar comentarios
Like I said, is blocking port 53 enough to prevent DNS requests on my local DNS? Or can somehow a DNS request be made through port 80/443 and lead to a DNS leak?
I have vlc set to use socks proxy in 127.0.0.1:9150 which I do to use it through Tor Browser Bundle (using the Tor process that TBB starts). I am not certain if vlc will respect proxy settings for DNS requests, so I made a few tests closing port 53 on gufw. However I am unfamiliar with how Trisquel (any GNU/Linux distro actually) will handle DNS requests, and would like some insight from some more experienced users :)
Btw, I did the tests like this:
TBB running, vlc set to proxy, port 53 blocked, tried to access http live stream, and it worked.
TBB not running, vlc set to proxy, port 53 blocked, tried to access http live stream, it fails.
TBB not running, vlc not set to proxy, port 53 blocked, tried to access http live stream, it fails.
TBB not running, vlc not set to proxy, port 53 open, tried to access http live stream, it works.
lsof -i usually gave me the expected results too (vlc set to proxy vlc connects to 9150, vlc not set to proxy vlc connects directly to stream ip). That is a good sign right?
Sorry, I know this is related to general GNU/Linux firewall settings, but just Trisquel's, but since I am using Trisquel and some people here know more about this than me, thought I would ask :)
Thanks in advance!
Thanks, but I will your post soon later.
Today I had a related issue. When I was using openVPN to visit a invalid hostname (a written mistake), I found the 404.html was returned by my ISP (the ISP-made 404.html which was easy to identify).
I had already set my laptop's nameserver as 8.8.8.8 that I thought I could circumvent the censorship from ISP on the user's info to/from DNS. Now it didn't make it.
I thought I didn't specify DNS servers on my openvpn configuration.
So there is the question: can ISP censor and hi-jack all 404 messages on any of the DNS anywhere?
(When I use VPN I shouldn't use my ISP's DNS,right?)
Hi GNUsern
When you have configurated your Network Manager
to import a saved OpenVPN configuration(keys)
CA.cert /User.key/ta.key
and the file containing OpenVPN Client Configuration
(Gateway,Protocol & DNS server) which sets your DNS (From your VPN provider)
In no way should your DNS be your ISP's DNS.
without your VPN activated
#ifconfig
#route
then with your VPN activated
"Route"will show your your default DNS
Check with Gnome-System Log (syslog)the VPN connections & messages
IceCat/Abrowser & Iceweasel leak DNS by default due to WebRTC leak one must disable WebRTC as indicated
https://www.privacytools.io/
How to disable WebRTC in Firefox
once done
https://ipleak.net/
Your IP address - WebRTC detection
&
DNS Address detection
to change DNS without VPN this here is in French
https://trisquel.info/fr/wiki/changer-les-dns
https://wikileaks.org/wiki/Alternative_DNS
Thanks a million, Mangy!
This is very useful and helped me.(Fow now there are no WebRTC leak or DNS leak with my openVPN as I had checked it)
However, this remind me another problem:
I found there may be a transparent DNS proxy from my ISP, even though I set my laptop (Debian) using Google's DNS as well as on my router's DHCP settings.
It turned out to be useless when I got a test on https://www.dnsleaktest.com/ -- still the DNS server from my ISP.....
sad...is it really unavoidable ? (if without using a VPN)
Gracias
This may help
DNS configuration
https://www.howtoforge.com/debian-static-ip-address
I don't want to sound rude, but this was my thread, which got hijacked :-P
Seriously though, I am happy GNUsercn got his answer, could someone please try to answer the original post?
Thanks
I'm so sorry
Don't be :)
I am just hoping someone will actually help me too.
I am glad your issue is now solved :)
LOL :-P
lol...
SuperTramp83 or Crocodile Dundee ??!
GNUuser i'm no network specialist and there is some by far more experienced members here that use iptables and have webservers ect.
Port 53 is DNS
80 443 HTTP/HTTPS
https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
http://blog.simple-help.com/2011/12/ports-vs-protocols-80-and-443/
Quote:DNS can’t tell you what port a web server is on, only the IP address, so your browser always has to assume that the web browser is going to be there on port 80. When you have another protocol like HTTPS, it specifies its own default port (443) so that means when you use HTTPS to connect to a website your browser is again always going to have to just assume its going to be there on port 443.
https://doc.pfsense.org/index.php/Blocking_DNS_queries_to_external_resolvers
https://unix.stackexchange.com/questions/209926/how-to-check-my-dns-chain
Thanks for your reply anyway.
From the looks of it, I think blocking port 53 should be enough. BUT not sure.
You can do a tcpdump on Port 53
# tcpdump -n -s 1500 -i eth0 udp port 53
Ex:I opened Synaptic Package Manager & clicked on Reload
root@Host-001:# tcpdump -n -s 1500 -i eth0 udp port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 1500 bytes
17:50:56.418269 IP xxx.x.x.xx.60188 > xx.x.x.x.x: 18737+ A? archive.gnewsense.org. (39)
17:50:56.418687 IP x.x.x.x.60188 > x.x.x.x.x: 31483+ AAAA? archive.gnewsense.org. (39)................ect
http://serverfault.com/questions/243877/how-to-monitor-traffic-at-port-53-dns
https://nsrc.org/workshops/2005/pre-SANOG-VI/bc/dns/dns1-02-exercise.html
http://www.binarytides.com/tcpdump-tutorial-sniffing-analysing-packets/
Tried to install tcpdump and synaptic warned me that the package couldn't be authenticated!
Could it mean a problem with Trisquel repo??
- Inicie sesión o regístrese para enviar comentarios