Jump to content

How To Run Your Own DNS?


whitehat
 Share

Recommended Posts

Hmm. Don't think thats going to keep "big brother" as you put it, from seeing what sites you visit. DNS is just a pointer for domain names to IP addresses. Thats it. They have nothing to do with the path your computer takes to get there, or how many hops. Run traceroute to see what I mean. You want anonymity, having your own DNS server won't be of much help. You want people to not be able to sniff your traffic however, you could use an SSH tunnel, or a VPN services, or even TOR, but your encryption only goes as far as your last exit node. A combination of the three helps, but everything leaves a trail at some point. Unless using hacked wifi from a non-disclosed location, with spoofed mac address and hardware ID, as well as hostnames, and proxied via another service, it does little to prevent anyone from seeing sites you visit. Especially, if you log into the end sites using accounts people know you by, it defeats the purpose of any encrypted or proxied connection, since someone who knows you could monitor the sites you visit for when you login and just view or intercept your traffic from there.

As for being your own DNS server, you can do so with a windows server setup as a domain controller and set to be your DNS server, but you'd till have to either download root copies of the DNS servers to serve to your local lan, and all that does is control what IP to domain names you use. In Linux and MAC, I think you would use Bind. The cheap way, is also to use a hosts file, which is more or less how the original internet worked, where everyone used a hosts file with the list of domain names and IP addresses of specific end nodes they wanted to reach. Doesn't to anything to prevent people from seeing your traffic and sites you visit though. Its merely a way to identify Domain names to IP addresses.

Link to comment
Share on other sites

Thanks Digip :)

hehe u and I have talked about VPN's and other proxy/anonymization nets many times -- i know your own DNS isn't the whole picture, it's just one piece of the puzzle and i only need it on certain machines but i do need it.

and i always love referring to Big Brother to keep it old school like Woz :)

where would i go to download the stuff if i wanna do it on Debian or the new Windows server?

Edited by whitehat
Link to comment
Share on other sites

First of all. Just like to add that you do not need a Domain Controller to run DNS on windows. ( Normaly you actualy got to install dns before making a domain controller )

For linux the most common used DNS service is BIND. It takes some work to get it setup correctly.

http://www.debian.org/doc/manuals/network-administrator/ch-bind.html

On a other note. Your DNS server will always need to connect to other dns servers. Thats just the way the protocol is written. But you can set it towards a little brother insted of the big one ;)

Link to comment
Share on other sites

Thanks for the link! It still has to be connected to other DNS servers?? :angry: Foo-y!

Is that just so that it can update? I don't want to serve anyone but myself and I was hoping to like anonymously scrape ICANN's DNS Hints file or whatever and make my own. Obviously, I need to read the link you sent on BIND and I will do so. Thanks.

*Update: I started following that guide and noticed that it says it's obsolete...

Edited by whitehat
Link to comment
Share on other sites

Its obsolete in the way that debian now got a manager/scripts to do stuff. But it still works. And give some understanding.

You could ofc download the whole DNS structure like Mubix did and put it into your dns server. But still then you will need to connect. New domains beeing created. Site ip's that change, dynamic name changes....

@Mubix great talk btw :)

@whitehat: Mayby read a little up on how DNS works.

Edited by GuardMoony
Link to comment
Share on other sites

Why not just tunnel your DNS queries through Tor? There is nothing in a DNS query packet that would link the request back to you. For sites you use commonly you can just throw their mappings in the /etc/hosts file (or Windows equivalent) on the systems you want to protect. In fact, putting sites in your hosts file will typically improve your speed because it can skip the overhead of doing a query before trying to connect.

Link to comment
Share on other sites

Why not just tunnel your DNS queries through Tor? There is nothing in a DNS query packet that would link the request back to you. For sites you use commonly you can just throw their mappings in the /etc/hosts file (or Windows equivalent) on the systems you want to protect. In fact, putting sites in your hosts file will typically improve your speed because it can skip the overhead of doing a query before trying to connect.

Tor is a option to hide it. because they will see your exit ip as request giver.

Host file is possible but impractical. This way you cant really surf around webs.

Couldn't you set your computer's DNS servers to be something completely bogus, and then keep a file on a network share drive that you link on all your computers that stands for the DNS?

In basic terms, disable public DNS and have a file on your network that all of your computers use as local DNS.

Do you actualy read post besides the main post ? This way your better of pulling your internet cable...

Mayby best solution would be a local dns server ( pref with dhcp combined for internal resolve ) that uses tor to connect to openDNS servers or other ones you like. ( dont use your ISP with tor because they probably block outside requests ). If you want to go a step further you could try and make it a gateway. That way all computers in your network that uses that server as gateway goes over the tor network. Disadvantage is your connection speed will be a lot lower ( tor isnt that fast )

Link to comment
Share on other sites

Thanks for the replies.

Yea, I know Tor is an option but asides from the slow speeds I just kind of don't like having to deal with it because there are lots of bad nodes, negative government attention, etc, etc.

I'm going to take some of the approaches mentioned. Actually, what pasteywhite and Guard Moony described is kind of precisely what I'm going for; I'm just trying to figure out where to get the entries for the DNS Hints file and how to implement it, but I think you guys just gave me some clues on how to do that. And, yes -- I have read a good bit and I'm reading more, which is why I was asking for links and reading the old manual you provided from Debian and training at ipv6.he.net.

I can always add a backup server so that if there's something wrong with my own DNS file then it can go to a public DNS server (right?). That's what I used to do with an alternate DNS root project; I had them as the first choice for DNS, then Norton, then openDNS (which is the worst service with "open" in the title I know of), and then the Beast (aka Google).

It sounds like I need to watch the Mubix video thing; I'll catch it later tonight. Thanks!

Link to comment
Share on other sites

Thanks Digip :)

hehe u and I have talked about VPN's and other proxy/anonymization nets many times -- i know your own DNS isn't the whole picture, it's just one piece of the puzzle and i only need it on certain machines but i do need it.

and i always love referring to Big Brother to keep it old school like Woz :)

where would i go to download the stuff if i wanna do it on Debian or the new Windows server?

Windows Server, setup Active Directory and make it a domain controller, and there are settings in the same admin panels form setting up active directory and the domain controller part for DNS as well. I haven't messed with it in a few years since server 2003 days, but DNS is part of the setup process when configuring everything including DHCP. I used to know all the shortcut names for them too, like services.msc, they are all mostly .msc or mmc console programs to configure everything. For the linux side, I've no clue really other than know that many people use samba, bind and dhcpd to setup a linux domain controller for their networks. Edited by digip
Link to comment
Share on other sites

  • 2 weeks later...
  • 3 weeks later...

I know TOR is very slow, but you could use a chain of VPN servers, instead of a DNS server.

It offers encryption and would increase your anonymity on the web too, but you would have to be careful with browser add-ons or plugins, as they can reveal your real IP address.

Just a thought.

Link to comment
Share on other sites

  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...