⚠️ Prevent DNS πŸ”“ Leaks On Hidden Networ ...

⚠️ Prevent DNS πŸ”“ Leaks On Hidden Networks (Tor / I2P)

Aug 17, 2023

Shared early on blog before channels (public after thumbnail completion)


πŸ“™ DNS: πŸ“ž PHONEBOOK FOR THE πŸ–₯️ INTERNET

D.N.S. standing for: Domain Name System


IP Address: set of numbers in the format of xxx.xxx.xxx.xxx when IPV4 (IPV6 making up hex combination, letters / numbers).


DNS: application layer of TCP/IP converting easy to remember domains (ie: yahoo.com) to their appropriate server IP addresses (for your network based applications).


πŸ“– Think Of DNS As "Phonebook" For The Internet.


Your ISP sees DNS requests (capturing domain under default DNS settings).

In the past, we covered how Verizon used a company called "Barefruit", named as an "advertising partner" (ask yourself: is this the only interested party?).

Note: This appears to have changed. Read previous post for more information on the story.


⭐ RECOMMENDED READ: PREVIOUS POST WITH MORE DNS DETAILS HERE


DEMO: BLOCK DNS TO PREVENT I2P LEAKS (IN BROWSER)

(Peertube below)

image

WATCH IN PAGE:

https://youtu.be/VHmJP19gHAo


Operating systems hold their own DNS settings (Windows, GNU / Linux, Apple).

For example, in GNU / Linux, NetworkManager handles DNS using /etc/resolv.conf.

Here, nameservers are stored in list format:

CONTENTS OF /etc/resolv.conf:

#xx.xx.xx.xx representing DNS IP address

nameserver xx.xx.xx.xx # nameserver #3
nameserver xy.xy.xy.xy # nameserver #2


⚠️ WARNING: Not the only location / process handling DNS...


Did you know certain applications (ie: browser) can sometimes hold their own dedicated DNS settings (bypassing system DNS settings)?

Your applications may use an entirely different set of DNS servers, as operating system.

(common in browsers) and this means... potential domain leaks in the clear.


πŸ“Ά DNS ON HIDDEN NETWORKS?

TIP: starting with something "ready to use" is ideal (minor mistake mitigation). Outside this, you can block DNS via firewall settings per application / systemwide, dependent on use case.

πŸ§… Tor

For Tor, DNS resolves (properly setup) are performed by the relevant exit node. When done correctly, your computer / phone is not performing DNS requests, when using Tor (unless settings incorrect).

The correct way to use Tor, is ensuring DNS is proxied through socks proxy / Tor settings.

Settings for this can be found in proxychains, browser, etc:

image

The absolute safest route is to use properly setup browser (Tor Browser -- official), operating systems like Tails, Whonix - as this is much less likely to lead to a mistake (using firewall routing).


πŸ§„ I2P

I2P in fact does not need DNS at all. DNS turned on in I2P based applications may become liability.

Today we demonstrate, using default web browser settings example:

https://youtu.be/VHmJP19gHAo

In the above video, we first (purposely) enable DNS, to show .i2p site leaking to dns servers when not disabled (clarity: DNS disabled in I2P-desktop, as always).

For testing requests / leaks, we use a Pihole / Unbound DNS server (above video).

This allows capture of dns requests as etc/resolv.conf is set to use pihole on my setup.

(DNS has always been disabled on I2P-desktop: temporarily enabled only for the demo)

This speaks to the dangers in manual setup browser profiles. If you aren't sure about what you are doing, it is recommended to use pre-setup browser profile (or try Prestium - Tails-like OS for I2P).

If you are setting up an I2P profile by hand, open about:config and disable DNS:

image


I2P-desktop (tor browser link) comes with DNS disabled by default. This means your .i2p sites won't leak to outside servers. Video only temporarily enables DNS, for demonstration purposes on what not to do.


πŸ’‘ SOLUTION

It's very simple: use ready made solutions, wherever possible. Use something you feel you can trust.

It's that simple.

Whonix / Tails for Tor.

Prestium OS, or idk's private i2p browsing, or I2P-desktop.


I2P-Desktop: all in one desktop shortcut starts (java) i2prouter for you on browser open, automatically stops (java) i2prouter on browser close, offers (optional) remote i2pd shortcut option.


Another I2P Profile Option: (idk I2P browsing option)


(tutorials, videos, public servers (gitea onion / privatebin onion), support, here)

Another excellent way (to support this) is by sharing videos / posts (social media, etc).


Shared early with monthly coffee members, few days back (thank you!). Now on blog for all.

Follow for early content / tips (free to follow).


always appreciate your feedback / comments. Leave one / email.

πŸ“ COMMENTS / FEEDBACK πŸ’¬

Vous aimez cette publication ?

Achetez un cafΓ© Γ  πŸ₯· (RTP) Privacy Tech Tips πŸ“‘

Plus de πŸ₯· (RTP) Privacy Tech Tips πŸ“‘