search

AdguardTeam / AdGuardHome

Network-wide ads & trackers blocking DNS server
https://adguard.com/adguard-home.html
GNU General Public License v3.0
24.78k stars 1.79k forks source link

Are these your DNS Servers? #110

Closed ingber closed 7 years ago

ingber commented 7 years ago

I posted this to https://forum.adguard.com/index.php?threads/adguard-dns-beta.12162 , but it seems that this is the proper place to address this topic.

Thanks very much for this service. I've put this on my Ubuntu 16.04 VPS running an OpenVPN-2.4 Server, and OpenVPN-2.4 clients on: a dd-wrt router, two Windows 10 x64 Pro PCs, and two Android 7.1.1 phones.

The lags relative to OpenDNS are not as bad at all as I expected.

I have some concerns about DNS resolutions that I see on the following two sites, accessed from a Windows PC, and would appreciate some explanation, i.e., are these really the DNS servers you use:

dnsleak.net: NS Addresses detection - 64 servers found. 93.158.156.137 Russian Federation Russian Federation YANDEX LLC - Residential 93.158.156.136 Russian Federation Russian Federation YANDEX LLC - Residential 208.69.35.19 Netherlands Netherlands - Noord-Holland OpenDNS, LLC - Residential 74.125.72.15 United States United States - Iowa Google - Business 173.194.90.24 United States United States - Iowa 173.194.90.10 United States United States - Iowa Google - Business 74.125.72.146 United States United States - Iowa Google - Business 74.125.183.68 United States United States - Iowa Google - Residential 208.69.35.21 Netherlands Netherlands - Noord-Holland OpenDNS, LLC - Residential 74.125.183.70 United States United States - Iowa Google - Residential 208.69.35.17 Netherlands Netherlands - Noord-Holland OpenDNS, LLC - Residential 208.69.35.11 Netherlands Netherlands - Noord-Holland OpenDNS, LLC - Residential 74.125.113.144 United States United States - California 173.194.90.22 United States United States - Iowa 74.125.74.11 Finland Finland - Southern Finland Google - Business 173.194.103.5 United States United States - North Carolina Google - Business 74.125.113.129 United States United States - California 74.125.44.88 United States United States - Georgia Google - Residential 74.125.113.141 United States United States - California 93.158.156.135 Russian Federation Russian Federation YANDEX LLC - Residential 173.194.103.7 United States United States - North Carolina Google - Business 173.194.103.2 United States United States - North Carolina Google - Business 74.125.72.3 United States United States - Iowa Google - Business 74.125.113.145 United States United States - California 74.125.183.72 United States United States - Iowa Google - Residential 74.125.19.15 United States United States - North Carolina Google - Residential 74.125.113.143 United States United States - California 173.194.98.1 Finland Finland - South Karelia 74.125.72.150 United States United States - Iowa Google - Business 173.194.90.1 United States United States - Iowa Google - Business 173.194.98.2 Finland Finland - Southern Finland Google - Business 74.125.113.134 United States United States - California 74.125.46.11 Finland Finland - Southern Finland Google - Residential 173.194.103.9 United States United States - North Carolina Google - Business 74.125.44.82 United States United States - Georgia Google - Residential 74.125.72.131 United States United States - Iowa Google - Business 74.125.72.142 United States United States - Iowa Google - Business 74.125.72.148 United States United States - Iowa Google - Business 74.125.72.135 United States United States - Iowa Google - Business 173.194.103.8 United States United States - North Carolina Google - Business 173.194.103.13 United States United States - North Carolina Google - Business 74.125.72.145 United States United States - California Google - Business 74.125.44.65 United States United States - Georgia Google - Residential 74.125.74.5 Finland Finland - Southern Finland Google - Business 173.194.90.2 United States United States - Iowa Google - Business 74.125.183.66 United States United States - Iowa Google - Residential 208.69.35.15 Netherlands Netherlands - Noord-Holland OpenDNS, LLC - Residential 173.194.98.4 Finland Finland - South Karelia 74.125.19.1 United States United States - North Carolina Google - Residential 74.125.72.152 United States United States - Iowa Google - Business 74.125.44.135 United States United States - Georgia Google - Residential 74.125.19.3 United States United States - North Carolina Google - Residential 74.125.44.74 United States United States - Georgia Google - Residential 74.125.113.133 United States United States - California 74.125.72.7 United States United States - Iowa Google - Business 74.125.19.8 United States United States - North Carolina Google - Residential 74.125.113.132 United States United States - California 74.125.72.147 United States United States - Iowa Google - Business 74.125.113.138 United States United States - California 74.125.19.10 United States United States - North Carolina Google - Residential 74.125.183.78 United States United States - Iowa Google - Residential 74.125.72.136 United States United States - Iowa Google - Business 74.125.72.11 United States United States - Iowa Google - Business 74.125.183.77 United States United States - Iowa Google - Residential

dnsleaktest.com: IP Hostname ISP Country 74.125.19.7 m9.ams.opendns.com Google United States 208.69.35.19 m11.ams.opendns.com OpenDNS, LLC United States 208.69.35.21 m1.ams.opendns.com OpenDNS, LLC United States 74.125.19.3 none Google United States 208.69.35.11 none OpenDNS, LLC Netherlands 74.125.19.6 m5.ams.opendns.com Google United States 37.9.72.201 none YANDEX LLC Russian Federation 173.194.98.11 none Google Finland 37.9.72.211 none YANDEX LLC Russian Federation 74.125.44.133 none Google United States 74.125.46.3 none Google Finland 74.125.44.73 none Google United States 74.125.19.14 none Google United States 74.125.74.3 none Google Finland 74.125.19.8 none Google United States 74.125.44.144 none Google United States 74.125.44.83 none Google United States 74.125.44.72 none Google United States 74.125.44.131 none Google United States 74.125.19.12 none Google United States 74.125.44.85 none Google United States 173.194.98.2 none Google Finland 37.9.72.209 none YANDEX LLC Russian Federation 208.69.35.15 ext-resolve13g.ht.yandex.net OpenDNS, LLC United States 74.125.19.5 ext-resolve11g.ht.yandex.net Google United States 74.125.44.130 ext-resolve06g.ht.yandex.net Google United States

ameshkov commented 7 years ago

Our server is recursive and not authoritative, so there are quite a few DNS servers in rotation in upstream. It depends on the server location. For instance, Yandex can be used from RU servers only, it'd be odd to use it from US servers.

It's important to note, though, that requests to upstream servers are made on behalf of our own server, and then cached on our side.

ingber commented 7 years ago

Hi. Thanks for your reply.

Since I have not seen DNS servers outside the US used for requests from within the US, using other sets of DNS settings (Linode, Norton, OpenDNS, Google, Zenmate, Verizon, etc.), I still am surprised that several non-US servers show up under dnsleak.net and dnsleaktest.com?

From your reply, this should not be happening?

ameshkov commented 7 years ago

From your reply, this should not be happening?

More than this, most of the IP addresses listed above aren't used directly by us at all. I am not sure how precise is methodology used by dnsleak to detect all of this above.

On the other hand, we can be using some recursive DNS server (like opendns for instance), which, in turn, uses other recursive DNS, and who knows where this chain may lead.

uBlock-user commented 7 years ago

They could be using Geocast methodology for multiple DNS resolution entries.

ameshkov commented 7 years ago

Guys, let me please explain how dnsleak does the check.

  1. They make your browser to load something from a unique domain name, generated just for this test purposes. Something like blahblasdashdashs1023102931.dnsleak.net
  2. Then they go through all known DNS servers and check if this unique domain name is cached by any of them.
  3. First DNS server found is considered to be yours.

The problem is that they don't have Adguard DNS in their known servers list. So they simply cannot detect us, and due to this they detect one of upstream DNS servers instead.

versavius commented 7 years ago

Can we close this one as it looks like the question has been answered or am i wrong ?

ameshkov commented 7 years ago

Yeah, closing it, thank you!

TPS commented 7 years ago

Another example of such detection: https://www.grc.com/dns/dns.htm

  1. Then they go through all known DNS servers and check if this unique domain name is cached by any of them.
  2. First DNS server found is considered to be yours.

The problem is that they don't have Adguard DNS in their known servers list. So they simply cannot detect us, and due to this they detect one of upstream DNS servers instead.

@ameshkov The explanation from the GRC test seems much simpler:

GRC DNS Test diagram

So GRC's Spoofability testing system (4) “sees” the queries coming from the one or more resolving nameservers (3) and reports their IPs.

ameshkov commented 7 years ago

@ameshkov The explanation from the GRC test seems much simpler:

Nice explanation! AG DNS is number two on this image.