Several hosts behind a caching resolver
Victor Sudakov
vas at sibptus.ru
Sun Nov 24 16:02:47 UTC 2019
Eugene Grosbein wrote:
> >
> > Several hosts of the local network use a FreeBSD server with BIND or
> > local-unbound as a caching resolver. Let's call it "Resolver A."
> > Resolver A forwards all queries to another resolver, e.g. 8.8.8.8 or
> > some other, let's call it "Resolver B."
> >
> > Can the operator of Resolver B figure out how many clients there are
> > behind Resolver A, or obtain any other information about the hosts on
> > the said local network (like their operating system etc)? In other
> > words, does Resolver A effectively anonymize the queries, or is some
> > information about the internal network leaking?
>
> No anonymization via unencrypted DNS.
>
> The query itself reveals most data about clients. Windows OSes send queries
> for MS-specific domains periodically, Android for its domains,
> FreeBSD for pkg.freebsd.org or svn.freebsd.org etc.
This is a good point.
>
> If a there are multiple recursive queries for both of MS/Androis/MacOS-specific domains,
> this means there are many clients behind this local resolver.
If there are multiple recursive queries for MS domains only, do you think
the operator of Resolver B can tell if there are 10 or 100 MS clients
behind Resolver A?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20191124/c7598268/attachment.sig>
More information about the freebsd-net
mailing list