Several hosts behind a caching resolver
Eugene Grosbein
eugen at grosbein.net
Sun Nov 24 15:55:25 UTC 2019
24.11.2019 19:34, Victor Sudakov wrote:
> Dear Colleagues,
>
> Several hosts of the local network use a FreeBSD server with BIND or
> local-unbound as a caching resolver. Let's call it "Resolver A."
> Resolver A forwards all queries to another resolver, e.g. 8.8.8.8 or
> some other, let's call it "Resolver B."
>
> Can the operator of Resolver B figure out how many clients there are
> behind Resolver A, or obtain any other information about the hosts on
> the said local network (like their operating system etc)? In other
> words, does Resolver A effectively anonymize the queries, or is some
> information about the internal network leaking?
No anonymization via unencrypted DNS.
The query itself reveals most data about clients. Windows OSes send queries
for MS-specific domains periodically, Android for its domains,
FreeBSD for pkg.freebsd.org or svn.freebsd.org etc.
If a there are multiple recursive queries for both of MS/Androis/MacOS-specific domains,
this means there are many clients behind this local resolver.
More information about the freebsd-net
mailing list