View previous topic :: View next topic |
Author |
Message |
trikmik n00b
Joined: 06 Nov 2017 Posts: 62
|
Posted: Tue Nov 14, 2017 10:16 pm Post subject: How to check dns |
|
|
I want to prevent DNS poisoning, so I set openDNS in /etc/resolv.conf
How do I check what DNS is actually being used? |
|
Back to top |
|
|
szatox Advocate
Joined: 27 Aug 2013 Posts: 3137
|
Posted: Tue Nov 14, 2017 11:06 pm Post subject: |
|
|
Setup tpdump/wireshark on 53/udp and inspect traffic when you resolve some domains.
Or block it on firewall (-I OUTPUT -j DROP -p udp --dport 53 -d <DNS IP> ) and check how long the query takes (Should fail after like 10 seconds to timeout). Obviously, you will have to revert that after testing.
Or just log and block all DNS traffic besides those IPs you trust. |
|
Back to top |
|
|
SP2340 n00b
Joined: 01 Nov 2016 Posts: 50 Location: KeyStoneState
|
Posted: Thu Nov 16, 2017 6:46 pm Post subject: Re: How to check dns |
|
|
trikmik wrote: | I want to prevent DNS poisoning, so I set openDNS in /etc/resolv.conf
How do I check what DNS is actually being used? |
You could check with dig or nslookup. Both show what server they queried for the answer. Look for 'SERVER:' in the answer.
As szatox stated if you are paranoid then just setup your firewall to only allow queries to the servers you trust. _________________ --
Regards
Robert
Smile, it increases your face value. |
|
Back to top |
|
|
|