Security

DNS privacy issues

Until recently I though that having DNS subdomain entries provides enough obscurity thus should it be secure. If your DNS server does not offer transfering domain to another place then any subdomains should be hidden from public sight. Transfers, if enabled (or rather misconfigured) could be made by:

dig -t axfr example.com

Second thing is querying for ANY option, but it does not mean “all”:

dig example.com any

So, with disabled transfers and lack of exactly private entries while quering for any, you would think that you are on a safe side. And that is actually wrong. There are two 3 options on a table:

  • Someone run crawler and scrap websites for domain names, possibly there are plenty of such systems as I see them quite often in HTTP server logs
  • Someone hacked your network perimeter and changed your DNS addresses for their own, this affects all the clients connected to such network if you would be able to force such traffic. This is of course a malicious and intrusive procedure, not happening on every day manner.
  • You are using public/private/provider DNS server and it is saving your requests building a database. Of course it could be either DNS forwarder or resolver or any in DNS query chain with similar configuration.

As far as I know for the most of domains there is no possibility of transfering or exposing too much with “any”. Not every domain was ever present on any other website so it could have been automatically crawled. Is everyone hacked or the most popular public DNS server are involved in building domains list database? There are plenty of subdomains or even domains that are way too complicated to be guessed. I do not think that those information leak from domain registrars but there is a chance.

So there is this domainsproject.org. They say that they use crawling and DNS checks, but I do not bother even to check their code as it seems to be fugazi (fake). How on earth could they check for some random text put in subdomains. It is for sure coming from DNS queries that should stay at those servers safe. Fortunately it does not include every subdomain configured.

Today thinking should be changed a little bit. If you put something on the internet then it is not safe or hidden by default. Maybe I just assumed too naively, and took for granted that people running public DNS servers share the feeling about privacy things as myself.