1

If I manually change my DNS setting in the router or in Windows settings from the provider's one to, say, 8.8.4.4 by Google - will it mean that my ISP has no idea which sites I am going to? Maybe it is possible to figure out where I am going to just by analyzing my traffic?

And 1 more question. If my DNS is manually changed and I use HTTPS, then the ISP has no chance to learn what I am doing on the Internet? Where I am going to, what I am posting etc.

Asking because my VPN connection shut down due to my mistake and I visited several pages without VPN connection, but through HTTPS and with a changed DNS. So I am a bit nervous, although the site I went to was a site of a VPN provider only Not going to make my ISP know what I am doing on the Internet.

Sajjad Pourali
  • 944
  • 1
  • 10
  • 22
Pete
  • 11
  • 1

5 Answers5

1

DNS resolution packets, even if they don't go to your ISP, will always go through your ISP. They're not encrypted and they're self-contained so they're easy to track.

Not only that, but some ISPs (Sprint did this, for example, and possibly still does) intercept all DNS traffic and resolve it using their own DNS servers. So no matter what DNS server you think you're querying, your ISP is sending back their own results.

And as far as filtering and logging is concerned, it's just as easy for your ISP to log/filter DNS packets sent to any DNS server as it is to log/filter those sent to their own.

No only that, but even if you use SSL, your ISP still knows which server you're connecting to. There's only one website at Google's IP address, or Facebook's, or [insert embarrassing domain here]. And so even without knowing anything but the address to where they're routing your packets, they can still pretty readily tell exactly what you're doing.

So as far as the marginal privacy benefit of using your own DNS servers? Very low.

If you don't trust your ISP, then use it only to create a VPN to a trusted endpoint, and route all of your traffic through there.

tylerl
  • 82,665
  • 26
  • 149
  • 230
0

If I manually change my DNS setting in the router or in Windows settings from the provider's one to, say, 8.8.4.4 by Google - will it mean that my ISP has no idea which sites I am going to?

NO it does not mean that. Your ISP will still know which IP address you are connecting to. Your ISP can peform the DNS resolution on their own if they are really interested in finding out the domain of the site you are trying to visit.

If my DNS is manually changed and I use https, then the ISP has no chance to learn what I am doing on the Internet?

HTTPS does not confer anonymity. Your ISP cannot know what you are sending over the internet. But they must know where you are sending it to, otherwise how can they route your traffic and you know... be an ISP?

  • Well... if my DNS is manually changed, but my ISP still knows where I am going to, what is the sense of changing DNS and preventing DNS leaks then? I have always thought it was necessary to give my ISP no information on which sites I visit. Now you are telling the ISP knows that anyway. So...? – Pete Aug 17 '13 at 06:10
  • And 1 more question. If I use manually changed DNS and https, the ISP still knows the domain name I am going to. For example, the ISP knows I am going to https://torproject.org Does ISP know only the domain (torproject.org) or can detect I am going to a particular page there (https://torproject.org/download for example) or a subdomain like blog.torproject.org? Thank you in advance and thanks for the previous reply - very fast one! – Pete Aug 17 '13 at 06:12
  • @Pete:the ISP will know the domain that you are going to, but not specifically where in the domain. That is, unless they do traffic analysis, such as analysing the size of the web page you downloaded and attempting to figure out what web page in that domain has that size...also, if the subdomain is hosted on a different IP address than the main domain, then yes the ISP can figure out that you have navigated to a different domain, but not where in that domain. – Nasrus Sep 19 '13 at 05:56
0

Q: If I manually change my DNS setting in the router or in Windows settings from the provider's one to, say, 8.8.4.4 by Google - will it mean that my ISP has no idea which sites I am going to? Maybe it is possible to figure out where I am going to just by analyzing my traffic?

A: You are making them require one more step to find out where you are going.

Q: If my DNS is manually changed and I use https, then the ISP has no chance to learn what I am doing on the Internet? Where I am going to, what I am posting etc.

A: The answer to this depends on the situation, are you security aware enough to be safe or not. This post explains how https works and how a Man-in-the-middle attack works.

AdnanG
  • 707
  • 2
  • 8
  • 18
0

If you change your DNS, still the packets are in plain and anyone looking at the packets will know it is DNS resolution packets and can easily snoop on the hostname you are trying to resolve.

A solution for this problem is to establish an encrypted TCP connection stream through Tor first and then perform the DNS resolution over the encrypted stream. Since DNS is an application layer protocol, when it is tunneled on top of an encrypted TCP stream, the information won't leak. In order to configure your application to perform the DNS queries through the Tor network, follow the guide here.

One thing that needs to be clarified for everyone using Tor is if you use Tor for only routing HTTP/HTTPS traffic and the DNS queries are performed through your normal DNS servers (corporate or ISP), you are not achieving any anonymity. Therefore, it is important to route the DNS traffic through Tor as well.

forest
  • 65,613
  • 20
  • 208
  • 262
void_in
  • 5,541
  • 1
  • 21
  • 28
0

Much like the others, DNS Intercept List's are commonly used by ISP's to prevent the need to back haul data across their network. OpenDNS has luckily been able to avoid the interception due to large number of customer complaints across many ISP's.

This is what a DNS request looks like across the wire:

0000  00 00 00 00 00 00 00 00  00 00 00 00 08 00 45 00   ........ ......E.
0010  00 3c 51 e3 40 00 40 11  ea cb 7f 00 00 01 7f 00   .<Q.@.@. ........
0020  00 01 ec ed 00 35 00 28  fe 3b 24 1a 01 00 00 01   .....5.( .;$.....
0030  00 00 00 00 00 00 03 77  77 77 06 67 6f 6f 67 6c   .......w ww.googl
0040  65 03 63 6f 6d 00 00 01  00 01                     e.com... .. 

When you break it down, these are the parts inside:

Domain Name System (query)
    [Response In: 1852]
    Transaction ID: 0x241a
    Flags: 0x0100 (Standard query)
        0... .... .... .... = Response: Message is a query
        .000 0... .... .... = Opcode: Standard query (0)
        .... ..0. .... .... = Truncated: Message is not truncated
        .... ...1 .... .... = Recursion desired: Do query recursively
        .... .... .0.. .... = Z: reserved (0)
        .... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
    Questions: 1
    Answer RRs: 0
    Authority RRs: 0
    Additional RRs: 0
    Queries
        www.google.com: type A, class IN
            Name: www.google.com
            Type: A (Host address)
            Class: IN (0x0001)

Just like any network element which supports tapping/dumping of interface traffic, an IPcan view these requests going across their network. All they need to do is map that request to your IP address and all your activity is being tracked. This can be called metadata and forwarded along to law enforcement.

To mitigate this, use the OpenDNS servers, and apply DNSCrypt. It works similarly to HTTPS and SSL but for UDP and TCP DNS traffic.

Mike Mackintosh
  • 284
  • 2
  • 9