whitehat Posted November 26, 2012 Share Posted November 26, 2012 I want to have my own DNS Hints file and run my own DNS so that Big Brother can't see all the sites I visit. How do I do it? I use Linux, Windoze, and OSX, so instructions for any/all would help. Quote Link to comment Share on other sites More sharing options...
digip Posted November 26, 2012 Share Posted November 26, 2012 Hmm. Don't think thats going to keep "big brother" as you put it, from seeing what sites you visit. DNS is just a pointer for domain names to IP addresses. Thats it. They have nothing to do with the path your computer takes to get there, or how many hops. Run traceroute to see what I mean. You want anonymity, having your own DNS server won't be of much help. You want people to not be able to sniff your traffic however, you could use an SSH tunnel, or a VPN services, or even TOR, but your encryption only goes as far as your last exit node. A combination of the three helps, but everything leaves a trail at some point. Unless using hacked wifi from a non-disclosed location, with spoofed mac address and hardware ID, as well as hostnames, and proxied via another service, it does little to prevent anyone from seeing sites you visit. Especially, if you log into the end sites using accounts people know you by, it defeats the purpose of any encrypted or proxied connection, since someone who knows you could monitor the sites you visit for when you login and just view or intercept your traffic from there. As for being your own DNS server, you can do so with a windows server setup as a domain controller and set to be your DNS server, but you'd till have to either download root copies of the DNS servers to serve to your local lan, and all that does is control what IP to domain names you use. In Linux and MAC, I think you would use Bind. The cheap way, is also to use a hosts file, which is more or less how the original internet worked, where everyone used a hosts file with the list of domain names and IP addresses of specific end nodes they wanted to reach. Doesn't to anything to prevent people from seeing your traffic and sites you visit though. Its merely a way to identify Domain names to IP addresses. Quote Link to comment Share on other sites More sharing options...
whitehat Posted November 27, 2012 Author Share Posted November 27, 2012 (edited) Thanks Digip :) hehe u and I have talked about VPN's and other proxy/anonymization nets many times -- i know your own DNS isn't the whole picture, it's just one piece of the puzzle and i only need it on certain machines but i do need it. and i always love referring to Big Brother to keep it old school like Woz :) where would i go to download the stuff if i wanna do it on Debian or the new Windows server? Edited November 27, 2012 by whitehat Quote Link to comment Share on other sites More sharing options...
GuardMoony Posted November 27, 2012 Share Posted November 27, 2012 First of all. Just like to add that you do not need a Domain Controller to run DNS on windows. ( Normaly you actualy got to install dns before making a domain controller ) For linux the most common used DNS service is BIND. It takes some work to get it setup correctly. http://www.debian.org/doc/manuals/network-administrator/ch-bind.html On a other note. Your DNS server will always need to connect to other dns servers. Thats just the way the protocol is written. But you can set it towards a little brother insted of the big one ;) Quote Link to comment Share on other sites More sharing options...
whitehat Posted November 27, 2012 Author Share Posted November 27, 2012 (edited) Thanks for the link! It still has to be connected to other DNS servers?? Foo-y! Is that just so that it can update? I don't want to serve anyone but myself and I was hoping to like anonymously scrape ICANN's DNS Hints file or whatever and make my own. Obviously, I need to read the link you sent on BIND and I will do so. Thanks. *Update: I started following that guide and noticed that it says it's obsolete... Edited November 27, 2012 by whitehat Quote Link to comment Share on other sites More sharing options...
GuardMoony Posted November 27, 2012 Share Posted November 27, 2012 (edited) Its obsolete in the way that debian now got a manager/scripts to do stuff. But it still works. And give some understanding. You could ofc download the whole DNS structure like Mubix did and put it into your dns server. But still then you will need to connect. New domains beeing created. Site ip's that change, dynamic name changes.... @Mubix great talk btw :) @whitehat: Mayby read a little up on how DNS works. Edited November 27, 2012 by GuardMoony Quote Link to comment Share on other sites More sharing options...
Sitwon Posted November 27, 2012 Share Posted November 27, 2012 Why not just tunnel your DNS queries through Tor? There is nothing in a DNS query packet that would link the request back to you. For sites you use commonly you can just throw their mappings in the /etc/hosts file (or Windows equivalent) on the systems you want to protect. In fact, putting sites in your hosts file will typically improve your speed because it can skip the overhead of doing a query before trying to connect. Quote Link to comment Share on other sites More sharing options...
pasteeywhitecoder Posted November 27, 2012 Share Posted November 27, 2012 Couldn't you set your computer's DNS servers to be something completely bogus, and then keep a file on a network share drive that you link on all your computers that stands for the DNS? In basic terms, disable public DNS and have a file on your network that all of your computers use as local DNS. Quote Link to comment Share on other sites More sharing options...
Pwnd2Pwnr Posted November 27, 2012 Share Posted November 27, 2012 I remember bindshell.net... :( Quote Link to comment Share on other sites More sharing options...
GuardMoony Posted November 27, 2012 Share Posted November 27, 2012 Why not just tunnel your DNS queries through Tor? There is nothing in a DNS query packet that would link the request back to you. For sites you use commonly you can just throw their mappings in the /etc/hosts file (or Windows equivalent) on the systems you want to protect. In fact, putting sites in your hosts file will typically improve your speed because it can skip the overhead of doing a query before trying to connect. Tor is a option to hide it. because they will see your exit ip as request giver. Host file is possible but impractical. This way you cant really surf around webs. Couldn't you set your computer's DNS servers to be something completely bogus, and then keep a file on a network share drive that you link on all your computers that stands for the DNS? In basic terms, disable public DNS and have a file on your network that all of your computers use as local DNS. Do you actualy read post besides the main post ? This way your better of pulling your internet cable... Mayby best solution would be a local dns server ( pref with dhcp combined for internal resolve ) that uses tor to connect to openDNS servers or other ones you like. ( dont use your ISP with tor because they probably block outside requests ). If you want to go a step further you could try and make it a gateway. That way all computers in your network that uses that server as gateway goes over the tor network. Disadvantage is your connection speed will be a lot lower ( tor isnt that fast ) Quote Link to comment Share on other sites More sharing options...
whitehat Posted November 27, 2012 Author Share Posted November 27, 2012 Thanks for the replies. Yea, I know Tor is an option but asides from the slow speeds I just kind of don't like having to deal with it because there are lots of bad nodes, negative government attention, etc, etc. I'm going to take some of the approaches mentioned. Actually, what pasteywhite and Guard Moony described is kind of precisely what I'm going for; I'm just trying to figure out where to get the entries for the DNS Hints file and how to implement it, but I think you guys just gave me some clues on how to do that. And, yes -- I have read a good bit and I'm reading more, which is why I was asking for links and reading the old manual you provided from Debian and training at ipv6.he.net. I can always add a backup server so that if there's something wrong with my own DNS file then it can go to a public DNS server (right?). That's what I used to do with an alternate DNS root project; I had them as the first choice for DNS, then Norton, then openDNS (which is the worst service with "open" in the title I know of), and then the Beast (aka Google). It sounds like I need to watch the Mubix video thing; I'll catch it later tonight. Thanks! Quote Link to comment Share on other sites More sharing options...
digip Posted November 28, 2012 Share Posted November 28, 2012 (edited) Thanks Digip :) hehe u and I have talked about VPN's and other proxy/anonymization nets many times -- i know your own DNS isn't the whole picture, it's just one piece of the puzzle and i only need it on certain machines but i do need it. and i always love referring to Big Brother to keep it old school like Woz :) where would i go to download the stuff if i wanna do it on Debian or the new Windows server? Windows Server, setup Active Directory and make it a domain controller, and there are settings in the same admin panels form setting up active directory and the domain controller part for DNS as well. I haven't messed with it in a few years since server 2003 days, but DNS is part of the setup process when configuring everything including DHCP. I used to know all the shortcut names for them too, like services.msc, they are all mostly .msc or mmc console programs to configure everything. For the linux side, I've no clue really other than know that many people use samba, bind and dhcpd to setup a linux domain controller for their networks. Edited November 28, 2012 by digip Quote Link to comment Share on other sites More sharing options...
justapeon Posted November 28, 2012 Share Posted November 28, 2012 A lot of routers support dnsmasq, but storage space is limited. Quote Link to comment Share on other sites More sharing options...
whitehat Posted November 28, 2012 Author Share Posted November 28, 2012 Thanks again; this is all great info. Quote Link to comment Share on other sites More sharing options...
GuardMoony Posted December 7, 2012 Share Posted December 7, 2012 found this article. http://www.aboutdebian.com/dns.htm Quote Link to comment Share on other sites More sharing options...
whitehat Posted December 7, 2012 Author Share Posted December 7, 2012 thanks Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted December 25, 2012 Share Posted December 25, 2012 I know TOR is very slow, but you could use a chain of VPN servers, instead of a DNS server. It offers encryption and would increase your anonymity on the web too, but you would have to be careful with browser add-ons or plugins, as they can reveal your real IP address. Just a thought. Quote Link to comment Share on other sites More sharing options...
logicalconfusion Posted January 7, 2013 Share Posted January 7, 2013 TOR is crap. The service depends on the exit node for "onion routing" which can be tracked. I actually hidemyasss by using anonymous proxies when visiting questionable sites. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.