Thursday, July 24, 2008

How To Bypass DNS Log Monitoring By Your ISP

Resolving domains into human-readable IP addresses requires DNS IP addresses from your ISP. The DNS nature of resolving domain names into its equivalent IP addresses provides a lot of things to you and your ISP provider.

DNS Nature

One major thing that this DNS nature setup provides you is browsing convenience. Since DNS resolves domains into IP addresses, a user does not need to memorize all the converted IP addresses of all websites, as domain names are easy to remember.

But do you know that putting your ISP's DNS IP addresses into your network setting also allows your ISP to log all websites that you are browsing? DNS server setup by ISPs can generate logs of DNS resolutions.

This basically means, when you browse google.com website, DNS servers from ISPs resolves google.com into its equivalent IP addresses and at the same time, this process verbosely logs this DNS resolution process into server's DNS log file. Thus, system admins and DNS engineers could actually monitor and check those resolved websites by their DNS servers and they can easily tell if you are able to browse www.google.com or not.

Below are examples of websites being resolved by a DNS server.

Jul 24 16:55:24 ilovetux named[1282]: client 83.83.83.83 #60586: query: www.google.com IN A +
Jul 24 16:55:24 ilovetux named[1282]: client 83.83.83.83 #60587: query: www.bbc.com IN A +
Jul 24 16:55:24 ilovetux named[1282]: client 83.83.83.83 #60589: query: www.ilovetux.com IN A +

What if you do not want your ISP to log all websites that you are browsing?

One way to avoid this is to use alternative DNS IP addresses not managed by your current ISP setup.

Setup An Alternative DNS IP Addresses

Step One

One pair of publicly available DNS server is 198.6.1.1 and 198.6.1.2. Simply edit your network settings and change your DNS to reflect the new DNS IP addresses. In Fedora, Redhat, Centos, White OS; edit your /etc/resolv.conf

# nano -w /etc/resolv.conf

Restart DNS service

# service named restart

The above works without having an authoritative and caching DNS setup from your current linux box.

Step Two

Test your new DNS IP address from command line terminal

# nslookup yahoo.com

If the above resolves yahoo.com into its equivalent IP addresses without any errors, you should be able to start browsing the net.

Note that this scenario would work if your ISP does not block and reject any DNS query request from local clients going to any other DNS servers aside from their own DNS servers.

All is done.

0 comments:

Sign up for PayPal and start accepting credit card payments instantly.
ILoveTux - howtos and news | About | Contact | TOS | Policy