• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Safe DNS Project

Status
Not open for further replies.

Solaris17

Super Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
25,743 (3.79/day)
Location
Alabama
System Name Rocinante
Processor I9 13900ks
Motherboard EVGA z690 Dark KINGPIN
Cooling EK-AIO Elite 360 D-RGB
Memory 64GB Gskill Trident Z5 DDR5 6000 @6400
Video Card(s) MSI SUPRIM Liquid X 4090
Storage 1x 500GB 980 Pro | 1x 1TB 980 Pro | 1x 8TB Corsair MP400
Display(s) Odyssey OLED G9 G95SC
Case Lian Li o11 Evo Dynamic White
Audio Device(s) Moondrop S8's on Schiit Hel 2e
Power Supply Bequiet! Power Pro 12 1500w
Mouse Lamzu Atlantis (White)
Keyboard Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD Quest 3
Software Windows 11
Benchmark Scores I dont have time for that.
Hey everyone! I am running a usability experiment to see how naive it might be to provide everyday users the ability to browse the internet in a safer manner.

To accomplish this I am running a public DNS server that is running Pi-Hole with extended definitions.

This experiment ties in directly with the guide im currently writing here:

https://www.techpowerup.com/forums/threads/guide-global-network-dns-blacklisting-pi-hole.233545/

To do this, I am hosting a small virtual server on Digital Ocean. I am using my own funds to give it a shot.

The Pi-Hole software is free and currently we are here with functionality.



I run some extra definition lists on the PI which caches and remembers its DNS requests, whenever the PI doesnt know something I take this a step further and the forward addresses point to OpenDNS family safe servers. Which according to openDNS block the following:

What does FamilyShield Block?

The service blocks pornographic content, including our “Pornography,” “Tasteless,” and “Sexuality” categories, in addition to proxies and anonymizers (which can render filtering useless). It also blocks phishing and some malware.

The goal of this is simple.

  • Can I or another organization or entity use free products to provide a safer internet to users without charging them a ludicrous amount of money?
  • How effective is it?
  • Can it be done at a low or no cost?
To answer these questions I would like to invite feedback on the project if you decide to join. I am looking for the following.

  • Response time ok
  • false positives
  • does this inhibit your browsing habits within reason?
Here are some examples of what this blocks.

  • Telemetry
  • malware domains
  • ad domains
  • pornographic and other none PG domains
DNS in itself isnt a perfect system, but I would REALLY like to understand how feasible a project like this could be. If you would like to join the DNS server IP in question is this.

45.55.35.57

(I currently only route IPV4)
I DO NOT keep any private or identifying information.
 
Last edited:

Kursah

Super Moderator
Staff member
Joined
Oct 15, 2006
Messages
14,664 (2.30/day)
Location
Missoula, MT, USA
System Name Kursah's Gaming Rig 2018 (2022 Upgrade) - Ryzen+ Edition | Gaming Laptop (Lenovo Legion 5i Pro 2022)
Processor R7 5800X @ Stock | i7 12700H @ Stock
Motherboard Asus ROG Strix X370-F Gaming BIOS 6203| Legion 5i Pro NM-E231
Cooling Noctua NH-U14S Push-Pull + NT-H1 | Stock Cooling
Memory TEAMGROUP T-Force Vulcan Z 32GB (2x16) DDR4 4000 @ 3600 18-20-20-42 1.35v | 32GB DDR5 4800 (2x16)
Video Card(s) Palit GeForce RTX 4070 JetStream 12GB | CPU-based Intel Iris XE + RTX 3070 8GB 150W
Storage 4TB SP UD90 NVME, 960GB SATA SSD, 2TB HDD | 1TB Samsung OEM NVME SSD + 4TB Crucial P3 Plus NVME SSD
Display(s) Acer 28" 4K VG280K x2 | 16" 2560x1600 built-in
Case Corsair 600C - Stock Fans on Low | Stock Metal/Plastic
Audio Device(s) Aune T1 mk1 > AKG K553 Pro + JVC HA-RX 700 (Equalizer APO + PeaceUI) | Bluetooth Earbuds (BX29)
Power Supply EVGA 750G2 Modular + APC Back-UPS Pro 1500 | 300W OEM (heavy use) or Lenovo Legion C135W GAN (light)
Mouse Logitech G502 | Logitech M330
Keyboard HyperX Alloy Core RGB | Built in Keyboard (Lenovo laptop KB FTW)
Software Windows 11 Pro x64 | Windows 11 Home x64
I'll have to check it out. Thanks for taking the effort to do this. DNS hosting can get complex and I'm curious to see how well your VM holds up. I think forwarding non-authoritative queries to OpenDNS is also a solid move...that's what I've been using as my home site's DNS for years now.

Solaris DNS Security Services. Kinda has a good ring to it. :toast:
 

Solaris17

Super Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
25,743 (3.79/day)
Location
Alabama
System Name Rocinante
Processor I9 13900ks
Motherboard EVGA z690 Dark KINGPIN
Cooling EK-AIO Elite 360 D-RGB
Memory 64GB Gskill Trident Z5 DDR5 6000 @6400
Video Card(s) MSI SUPRIM Liquid X 4090
Storage 1x 500GB 980 Pro | 1x 1TB 980 Pro | 1x 8TB Corsair MP400
Display(s) Odyssey OLED G9 G95SC
Case Lian Li o11 Evo Dynamic White
Audio Device(s) Moondrop S8's on Schiit Hel 2e
Power Supply Bequiet! Power Pro 12 1500w
Mouse Lamzu Atlantis (White)
Keyboard Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD Quest 3
Software Windows 11
Benchmark Scores I dont have time for that.
I'll have to check it out. Thanks for taking the effort to do this. DNS hosting can get complex and I'm curious to see how well your VM holds up. I think forwarding non-authoritative queries to OpenDNS is also a solid move...that's what I've been using as my home site's DNS for years now.

Solaris DNS Security Services. Kinda has a good ring to it. :toast:

Thanks! Its's definitely going to be a technical challenge for certain. I stand to learn alot myself I think from this exercise.
 

Kursah

Super Moderator
Staff member
Joined
Oct 15, 2006
Messages
14,664 (2.30/day)
Location
Missoula, MT, USA
System Name Kursah's Gaming Rig 2018 (2022 Upgrade) - Ryzen+ Edition | Gaming Laptop (Lenovo Legion 5i Pro 2022)
Processor R7 5800X @ Stock | i7 12700H @ Stock
Motherboard Asus ROG Strix X370-F Gaming BIOS 6203| Legion 5i Pro NM-E231
Cooling Noctua NH-U14S Push-Pull + NT-H1 | Stock Cooling
Memory TEAMGROUP T-Force Vulcan Z 32GB (2x16) DDR4 4000 @ 3600 18-20-20-42 1.35v | 32GB DDR5 4800 (2x16)
Video Card(s) Palit GeForce RTX 4070 JetStream 12GB | CPU-based Intel Iris XE + RTX 3070 8GB 150W
Storage 4TB SP UD90 NVME, 960GB SATA SSD, 2TB HDD | 1TB Samsung OEM NVME SSD + 4TB Crucial P3 Plus NVME SSD
Display(s) Acer 28" 4K VG280K x2 | 16" 2560x1600 built-in
Case Corsair 600C - Stock Fans on Low | Stock Metal/Plastic
Audio Device(s) Aune T1 mk1 > AKG K553 Pro + JVC HA-RX 700 (Equalizer APO + PeaceUI) | Bluetooth Earbuds (BX29)
Power Supply EVGA 750G2 Modular + APC Back-UPS Pro 1500 | 300W OEM (heavy use) or Lenovo Legion C135W GAN (light)
Mouse Logitech G502 | Logitech M330
Keyboard HyperX Alloy Core RGB | Built in Keyboard (Lenovo laptop KB FTW)
Software Windows 11 Pro x64 | Windows 11 Home x64
I look forward to reading up on your results as well, hopefully this'll be a good lesson in experience and practice. And who knows, you could be the next authoritative DNS filtering service out there if you really get into it. :)
 
Joined
Aug 3, 2016
Messages
151 (0.05/day)
System Name Ryzen 3 Build
Processor Ryzen 5 5600x
Motherboard Gigabyte Aorus Elite b550
Memory GSkill Ripjaws V (2x16GB)
Video Card(s) MSI GeForce RTX 3080 Trio 10GB
Storage SSD (250GB) + SSD (500GB) + HDD (1TB)
Case Phanteks Enthoo Pro PH-ES614P
Power Supply EVGA SuperNova 750W 80+ Gold
Software Windows 10 64Bit
Pi-Hole claims to block ads in phone apps as well :eek:
Hmm.. but I do like porn
How can anyone make these kinds of decisions with confidence.

I took a look at your other thread, is it finished? It seems to end abruptly.
 

Solaris17

Super Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
25,743 (3.79/day)
Location
Alabama
System Name Rocinante
Processor I9 13900ks
Motherboard EVGA z690 Dark KINGPIN
Cooling EK-AIO Elite 360 D-RGB
Memory 64GB Gskill Trident Z5 DDR5 6000 @6400
Video Card(s) MSI SUPRIM Liquid X 4090
Storage 1x 500GB 980 Pro | 1x 1TB 980 Pro | 1x 8TB Corsair MP400
Display(s) Odyssey OLED G9 G95SC
Case Lian Li o11 Evo Dynamic White
Audio Device(s) Moondrop S8's on Schiit Hel 2e
Power Supply Bequiet! Power Pro 12 1500w
Mouse Lamzu Atlantis (White)
Keyboard Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD Quest 3
Software Windows 11
Benchmark Scores I dont have time for that.
This experiment ties in directly with the guide im currently writing here:

Pi-Hole claims to block ads in phone apps as well :eek:
Hmm.. but I do like porn
How can anyone make these kinds of decisions with confidence.

I took a look at your other thread, is it finished? It seems to end abruptly.

Not yet soon! Lots of data to cover.

How can anyone make these kinds of decisions with confidence.

how do you mean?
 
Last edited:
Joined
Jul 16, 2014
Messages
8,109 (2.29/day)
Location
SE Michigan
System Name Dumbass
Processor AMD Ryzen 7800X3D
Motherboard ASUS TUF gaming B650
Cooling Artic Liquid Freezer 2 - 420mm
Memory G.Skill Sniper 32gb DDR5 6000
Video Card(s) GreenTeam 1080 Gaming X 8GB
Storage Samsung EVO 500gb & 1Tb, 2tb HDD, 500gb WD Black
Display(s) 1x Nixeus NX_EDG27, 2x Dell S2440L (16:9)
Case Phanteks Enthoo Primo w/8 140mm SP Fans
Audio Device(s) onboard (realtek?) - SPKRS:Logitech Z623 200w 2.1
Power Supply Corsair HX1000i
Mouse Steeseries Esports Wireless
Keyboard Corsair K100
Software windows 10 H
Benchmark Scores https://i.imgur.com/aoz3vWY.jpg?2
Will this be for a browser add-on or standalone?
 

Solaris17

Super Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
25,743 (3.79/day)
Location
Alabama
System Name Rocinante
Processor I9 13900ks
Motherboard EVGA z690 Dark KINGPIN
Cooling EK-AIO Elite 360 D-RGB
Memory 64GB Gskill Trident Z5 DDR5 6000 @6400
Video Card(s) MSI SUPRIM Liquid X 4090
Storage 1x 500GB 980 Pro | 1x 1TB 980 Pro | 1x 8TB Corsair MP400
Display(s) Odyssey OLED G9 G95SC
Case Lian Li o11 Evo Dynamic White
Audio Device(s) Moondrop S8's on Schiit Hel 2e
Power Supply Bequiet! Power Pro 12 1500w
Mouse Lamzu Atlantis (White)
Keyboard Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD Quest 3
Software Windows 11
Benchmark Scores I dont have time for that.
Will this be for a browser add-on or standalone?

This is just a DNS server. This is not like extensions and add-ons I will be going more into this in the guide im writing. They function in the same basic way, but add-ons can sometimes modify webpages so you cant "see" where an add would be. DNS servers cannot do this.
 
Joined
Jul 16, 2014
Messages
8,109 (2.29/day)
Location
SE Michigan
System Name Dumbass
Processor AMD Ryzen 7800X3D
Motherboard ASUS TUF gaming B650
Cooling Artic Liquid Freezer 2 - 420mm
Memory G.Skill Sniper 32gb DDR5 6000
Video Card(s) GreenTeam 1080 Gaming X 8GB
Storage Samsung EVO 500gb & 1Tb, 2tb HDD, 500gb WD Black
Display(s) 1x Nixeus NX_EDG27, 2x Dell S2440L (16:9)
Case Phanteks Enthoo Primo w/8 140mm SP Fans
Audio Device(s) onboard (realtek?) - SPKRS:Logitech Z623 200w 2.1
Power Supply Corsair HX1000i
Mouse Steeseries Esports Wireless
Keyboard Corsair K100
Software windows 10 H
Benchmark Scores https://i.imgur.com/aoz3vWY.jpg?2
This is just a DNS server. This is not like extensions and add-ons I will be going more into this in the guide im writing. They function in the same basic way, but add-ons can sometimes modify webpages so you cant "see" where an add would be. DNS servers cannot do this.

OK so how about using this project so we can add it here instead:

 

Solaris17

Super Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
25,743 (3.79/day)
Location
Alabama
System Name Rocinante
Processor I9 13900ks
Motherboard EVGA z690 Dark KINGPIN
Cooling EK-AIO Elite 360 D-RGB
Memory 64GB Gskill Trident Z5 DDR5 6000 @6400
Video Card(s) MSI SUPRIM Liquid X 4090
Storage 1x 500GB 980 Pro | 1x 1TB 980 Pro | 1x 8TB Corsair MP400
Display(s) Odyssey OLED G9 G95SC
Case Lian Li o11 Evo Dynamic White
Audio Device(s) Moondrop S8's on Schiit Hel 2e
Power Supply Bequiet! Power Pro 12 1500w
Mouse Lamzu Atlantis (White)
Keyboard Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD Quest 3
Software Windows 11
Benchmark Scores I dont have time for that.
Joined
Oct 17, 2012
Messages
9,781 (2.35/day)
Location
Massachusetts
System Name Americas cure is the death of Social Justice & Political Correctness
Processor i7-11700K
Motherboard Asrock Z590 Extreme wifi 6E
Cooling Noctua NH-U12A
Memory 32GB Corsair RGB fancy boi 5000
Video Card(s) RTX 3090 Reference
Storage Samsung 970 Evo 1Tb + Samsung 970 Evo 500Gb
Display(s) Dell - 27" LED QHD G-SYNC x2
Case Fractal Design Meshify-C
Audio Device(s) on board
Power Supply Seasonic Focus+ Gold 1000 Watt
Mouse Logitech G502 spectrum
Keyboard AZIO MGK-1 RGB (Kaith Blue)
Software Win 10 Professional 64 bit
Benchmark Scores the MLGeesiest

Kursah

Super Moderator
Staff member
Joined
Oct 15, 2006
Messages
14,664 (2.30/day)
Location
Missoula, MT, USA
System Name Kursah's Gaming Rig 2018 (2022 Upgrade) - Ryzen+ Edition | Gaming Laptop (Lenovo Legion 5i Pro 2022)
Processor R7 5800X @ Stock | i7 12700H @ Stock
Motherboard Asus ROG Strix X370-F Gaming BIOS 6203| Legion 5i Pro NM-E231
Cooling Noctua NH-U14S Push-Pull + NT-H1 | Stock Cooling
Memory TEAMGROUP T-Force Vulcan Z 32GB (2x16) DDR4 4000 @ 3600 18-20-20-42 1.35v | 32GB DDR5 4800 (2x16)
Video Card(s) Palit GeForce RTX 4070 JetStream 12GB | CPU-based Intel Iris XE + RTX 3070 8GB 150W
Storage 4TB SP UD90 NVME, 960GB SATA SSD, 2TB HDD | 1TB Samsung OEM NVME SSD + 4TB Crucial P3 Plus NVME SSD
Display(s) Acer 28" 4K VG280K x2 | 16" 2560x1600 built-in
Case Corsair 600C - Stock Fans on Low | Stock Metal/Plastic
Audio Device(s) Aune T1 mk1 > AKG K553 Pro + JVC HA-RX 700 (Equalizer APO + PeaceUI) | Bluetooth Earbuds (BX29)
Power Supply EVGA 750G2 Modular + APC Back-UPS Pro 1500 | 300W OEM (heavy use) or Lenovo Legion C135W GAN (light)
Mouse Logitech G502 | Logitech M330
Keyboard HyperX Alloy Core RGB | Built in Keyboard (Lenovo laptop KB FTW)
Software Windows 11 Pro x64 | Windows 11 Home x64
You could add it to your NIC in Windows, to your Router's DNS, to your DHCP server (server or router) to hand out to devices.

What I would recommend is using OpenDNS or GoogleDNS as a secondary DNS server just to make sure DNS is resolving should a failure or outage from adjustment occur. I imagine Sol will do his best to maintain maximum uptime though.

For those not entirely familiar with what DNS is, check out the video below.


Simply put, DNS is the yellow pages of the Internet, it takes an IP address, puts an A-Record on it (www.google.com) and when you type that in your browser, you see Google.com, but you're taken to the IP address that is resolved from the DNS server you got the information from. There's A LOT more depth to it, but on the face if it, not all that complex with the simple execution of DNS.

So when you use a service like Solaris DNS or OpenDNS, you're getting DNS services just like your ISP provides, or Google, or even your router/server for your LAN. But the exception here, is filtered DNS services block entries and requests that are known to be bad, malicious or containing certain content that has been chosen to be filtered, instead, redirecting you to a page that explains the situation of that site not being permitted to be accessed. This can be huge for home and business security and is a great mitigation to localized security deployments and web filters.

DNS won't block everything and isn't actively modifying itself, it is very much managed in record keeping, like a rolodex or directory. Every address has a record that tells a computer where that address is supposed to point. So if someone wants to make Warez.com to go a DNS Site Blocked page instead of its actual page, they simply update the record. If you're using their DNS server, you get the blocked page. If you use ISP DNS services, you can get to that page properly and potentially infect your PC or worse.

DNS management can be a lot of busy work depending on how it is managed, and it should be busy work if properly managed because there's too much happening and changing to have nothing to do IMHO. So Sol could be quite busy with this, I'll have to look further into his deployment methods and see how he is managing DNS records and updates. Regardless, we need more services like this out there and I appreciate a fellow TPU-er testing and offering such a service for all of us to test and use.

I'm sure Sol can do a better job of explaining this project a nutshell, I just felt inclined to donate my 2 cents to make sure folks have an opportunity to better understand what the point is here. :)
 
Joined
Oct 17, 2012
Messages
9,781 (2.35/day)
Location
Massachusetts
System Name Americas cure is the death of Social Justice & Political Correctness
Processor i7-11700K
Motherboard Asrock Z590 Extreme wifi 6E
Cooling Noctua NH-U12A
Memory 32GB Corsair RGB fancy boi 5000
Video Card(s) RTX 3090 Reference
Storage Samsung 970 Evo 1Tb + Samsung 970 Evo 500Gb
Display(s) Dell - 27" LED QHD G-SYNC x2
Case Fractal Design Meshify-C
Audio Device(s) on board
Power Supply Seasonic Focus+ Gold 1000 Watt
Mouse Logitech G502 spectrum
Keyboard AZIO MGK-1 RGB (Kaith Blue)
Software Win 10 Professional 64 bit
Benchmark Scores the MLGeesiest
What I would recommend is using OpenDNS or GoogleDNS as a secondary DNS

yeah i use that currently, but i was thinking that solaris was looking for "testers" & id gladly lend a hand to that end if it is what was being asked:toast:
 

Solaris17

Super Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
25,743 (3.79/day)
Location
Alabama
System Name Rocinante
Processor I9 13900ks
Motherboard EVGA z690 Dark KINGPIN
Cooling EK-AIO Elite 360 D-RGB
Memory 64GB Gskill Trident Z5 DDR5 6000 @6400
Video Card(s) MSI SUPRIM Liquid X 4090
Storage 1x 500GB 980 Pro | 1x 1TB 980 Pro | 1x 8TB Corsair MP400
Display(s) Odyssey OLED G9 G95SC
Case Lian Li o11 Evo Dynamic White
Audio Device(s) Moondrop S8's on Schiit Hel 2e
Power Supply Bequiet! Power Pro 12 1500w
Mouse Lamzu Atlantis (White)
Keyboard Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD Quest 3
Software Windows 11
Benchmark Scores I dont have time for that.
So this would just be added to my DNS list in my Asus router firmware? Then id be using your server?

Yup thats it! or you can do so in windows by going to your network settings. Remember this is an experiment! If you run into any odd issues let me know!

I imagine Sol will do his best to maintain maximum uptime though.

You bet but better safe than sorry of course!
 

Solaris17

Super Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
25,743 (3.79/day)
Location
Alabama
System Name Rocinante
Processor I9 13900ks
Motherboard EVGA z690 Dark KINGPIN
Cooling EK-AIO Elite 360 D-RGB
Memory 64GB Gskill Trident Z5 DDR5 6000 @6400
Video Card(s) MSI SUPRIM Liquid X 4090
Storage 1x 500GB 980 Pro | 1x 1TB 980 Pro | 1x 8TB Corsair MP400
Display(s) Odyssey OLED G9 G95SC
Case Lian Li o11 Evo Dynamic White
Audio Device(s) Moondrop S8's on Schiit Hel 2e
Power Supply Bequiet! Power Pro 12 1500w
Mouse Lamzu Atlantis (White)
Keyboard Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD Quest 3
Software Windows 11
Benchmark Scores I dont have time for that.


So far going well. Performance is great and the box isnt loaded at all. She does in between 50-60k DNS requests a day with the people onboard.

Notable mentions. A few servers are running it in a business setting. Its going well.

Other mentions. Shame on MS. some of the telemetry domains tie in with things like Windows updates. Dont want pop-up ads in apps? no problem. but you also cant have updates.
 

Solaris17

Super Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
25,743 (3.79/day)
Location
Alabama
System Name Rocinante
Processor I9 13900ks
Motherboard EVGA z690 Dark KINGPIN
Cooling EK-AIO Elite 360 D-RGB
Memory 64GB Gskill Trident Z5 DDR5 6000 @6400
Video Card(s) MSI SUPRIM Liquid X 4090
Storage 1x 500GB 980 Pro | 1x 1TB 980 Pro | 1x 8TB Corsair MP400
Display(s) Odyssey OLED G9 G95SC
Case Lian Li o11 Evo Dynamic White
Audio Device(s) Moondrop S8's on Schiit Hel 2e
Power Supply Bequiet! Power Pro 12 1500w
Mouse Lamzu Atlantis (White)
Keyboard Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD Quest 3
Software Windows 11
Benchmark Scores I dont have time for that.
Fighting my first DDoS DNS amplification attack.

In the wee hours of the morning last night I was logging into my sister server that I also run the same project on. This server specifically is more than just a few numbers. This one has an actual domain name attached to it.

Upon logging in I discovered this.


Excited it was getting some use I glanced over at the users. Several domains and IPs were showing up. However something caught me off guard. The queries blocked had not changed much which is odd of DNS queries of this magnitude. The graph also took a different turn skyrocketing in what appeared to be minutes.

I decided to dig in to the query logs and found that these "users" were making thousands of queries a min to a domain called leth.cc. After a quick visit it appeared to be innocent enough, however it also didn't seem popular enough to warrant the connections.

I decided to take a further look and ran a search on the domain. someone else had also noted that they were getting thousands of DNS queries to the same domain. My first thought was that this might be some kind of gaming network. Possibly some kind of multiplayer card game or something. This still struck me as odd since they would certainly have there own infrastructure and would not rely on 3rd party DNS server like my own to support them. Looking into them further revealed they were nothing of the sort.

At this point I was looking at numbers around 1million. Then something occurred to me. This wasn't an oddity or a lucky send off for what could be a successful DNS service built from my desk. This was a reflection attack and I was sending thousands of unsolicited DNS queries to some random website.

Having already been in the middle of my company's maintenance window and working on company infrastructure on top of being exhausted I decided to do the only thing I had the energy left to do. I blocked the URL preventing the requests from reaching the host. While I was probably one one of hundreds or thousands of open DNS servers targeting this poor companies website I certainly wasn't going to let that statistic continue. My server wasn't breathing too heavy even with these numbers and legit queries weren't slowed, I black listed the site and started off to bed. My ending numbers looked like this.



In the morning the company is open for a few hours so I have a small window in which I don't need to worry about my infrastructure. I decided to take a look at DNS server to see what the damage was.

I don't have pictures but the attack had continued over night. from around 1:30AM EST to 8:30AM EST I had generated more than 5.3 million blocked queries 99% of them being this one domain.

By this time things had started to get bad. The system was still very much responsive but disk I/O was high causing all lookups to take an abnormally long time. almost a full second. This meant the browsing experience was slow since the cached lookups were having a hard time responding. The amount of queries coming in per second was causing expiration times to not matter. They were being added faster than they were being purged.

At tis point in time I had a choice. My upstream provider had not caught this and as such was not being filtered. I had blocked forwards to that specific domain so I was no longer contributing to whatever attack they may be under. However my own services were starting to suffer because of the attack.

A few things sprung to mind. This isn't MY particular area of security and as such I'm pretty inexperienced in the more advanced protections for DNS. Specifically provider level. The things that came to mind were:

  • Disable IPV6 traversing on this server since thousands of requests were coming from IPV6 clients.
  • Limit my EDNS packets to 512bytes (They normally carry LARGE data sets)
  • Limit my query times per requestor
  • Block ANY requests via DNS
  • IDS/IPS blacklist hosts
All of this would help mitigate the issue however some of it was too deep for me to jump into right away given this service is currently providing for a few key test clients.

To temporarily fix this I had to change its nature from a free/open DNS service to a private service.

To do this I had to deny all port 53 (DNS) access on my firewall and instead get the specific IPs (thankfully static) of my clients and whitelist those as being able TO access port 53.

This worked immediately and queries dropped. However I now need to go into how to properly secure the server from being abused since I already make sure the clients are safe.

The internet is a scary place when you look at the logs. MAybe it was providing a domain name to the server itself that made it so easily found by bots?

THIS DID NOT AFFECT THE SERVER DISPLAYED ABOVE
 
Joined
Jul 16, 2014
Messages
8,109 (2.29/day)
Location
SE Michigan
System Name Dumbass
Processor AMD Ryzen 7800X3D
Motherboard ASUS TUF gaming B650
Cooling Artic Liquid Freezer 2 - 420mm
Memory G.Skill Sniper 32gb DDR5 6000
Video Card(s) GreenTeam 1080 Gaming X 8GB
Storage Samsung EVO 500gb & 1Tb, 2tb HDD, 500gb WD Black
Display(s) 1x Nixeus NX_EDG27, 2x Dell S2440L (16:9)
Case Phanteks Enthoo Primo w/8 140mm SP Fans
Audio Device(s) onboard (realtek?) - SPKRS:Logitech Z623 200w 2.1
Power Supply Corsair HX1000i
Mouse Steeseries Esports Wireless
Keyboard Corsair K100
Software windows 10 H
Benchmark Scores https://i.imgur.com/aoz3vWY.jpg?2
A few things sprung to mind. This isn't MY particular area of security and as such I'm pretty inexperienced in the more advanced protections for DNS. Specifically provider level. The things that came to mind were:

  • Disable IPV6 traversing on this server since thousands of requests were coming from IPV6 clients.
  • Limit my EDNS packets to 512bytes (They normally carry LARGE data sets)
  • Limit my query times per requestor
  • Block ANY requests via DNS
  • IDS/IPS blacklist hosts

AFAIK, which really aint much here, if you can block duplicate, before the "ANY", requests per [*insert* time frame] that may help reduce a few numbers without being too limiting. If you can trace the source of requests, I dont why you cant add specific IPs to your blacklisting, even if temporary.
 

Solaris17

Super Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
25,743 (3.79/day)
Location
Alabama
System Name Rocinante
Processor I9 13900ks
Motherboard EVGA z690 Dark KINGPIN
Cooling EK-AIO Elite 360 D-RGB
Memory 64GB Gskill Trident Z5 DDR5 6000 @6400
Video Card(s) MSI SUPRIM Liquid X 4090
Storage 1x 500GB 980 Pro | 1x 1TB 980 Pro | 1x 8TB Corsair MP400
Display(s) Odyssey OLED G9 G95SC
Case Lian Li o11 Evo Dynamic White
Audio Device(s) Moondrop S8's on Schiit Hel 2e
Power Supply Bequiet! Power Pro 12 1500w
Mouse Lamzu Atlantis (White)
Keyboard Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD Quest 3
Software Windows 11
Benchmark Scores I dont have time for that.
Its been a few months and I got some of the data I need. For now I am going to shut this project down. Thanks to all who participated!
 
Status
Not open for further replies.
Top