search

farrokhi / dnsdiag

DNS Measurement, Troubleshooting and Security Auditing Toolset
https://dnsdiag.org/
BSD 2-Clause "Simplified" License
942 stars 99 forks source link

Support DNS over TLS and DNS over HTTPS ? #70

Closed lurenJBD closed 3 years ago

lurenJBD commented 3 years ago

After being prompted for DNS hijacking while using the DNS traceroute, I learned that my ISP would hijack udp port 53.

So I searching the web and learned that DNS over TLS and DNS over HTTPS can help me solve this problem, so would you like to add TLS or HTTPS support to the tool so that I can confirm if there is still hijacking.

Thank you for writing such an easy to use DNS testing tool

I'm sure dnspython already supports TLS and HTTPS https://dnspython.readthedocs.io/en/latest/query.html#tls https://dnspython.readthedocs.io/en/latest/query.html#https

farrokhi commented 3 years ago

Technically your ISP should not be able to hijack your traffic when you are using DoH or DoT. In fact these new protocols were invented to prevent these sort of attacks. Therefore a dnstraceroute for (at least) DoH is not possible. However I am planning to add DoT and DoH support for dnsping and dnseval.

lurenJBD commented 3 years ago

Technically your ISP should not be able to hijack your traffic when you are using DoH or DoT. In fact these new protocols were invented to prevent these sort of attacks. Therefore a dnstraceroute for (at least) DoH is not possible. However I am planning to add DoT and DoH support for dnsping and dnseval.

Thank you for your reply.

Now I'm using AdGuard as my DNS server and seem to have basically no more pop-up "optimize your network" window annoyances from my ISP.

Thanks again for writing such a great tool!

farrokhi commented 3 years ago

dnsping support for DoH/HTTPS added in c8a085a5714af31343b4ce15eb49c080f4d0dd3b

farrokhi commented 3 years ago

Added in version 2.0.0 d6aab02d8301ee9c0ec97d9997932061befb903e