Date: Fri, 29 Nov 2019 08:02:26 +0700 From: Victor Sudakov <vas@sibptus.ru> To: freebsd-net@freebsd.org Subject: Re: Several hosts behind a caching resolver Message-ID: <20191129010226.GA68412@admin.sibptus.ru> In-Reply-To: <20191124123451.GA6593@admin.sibptus.ru> References: <20191124123451.GA6593@admin.sibptus.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--y0ulUmNC+osPPQO6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Any more opinions please if DNS queries leak information about the internal network topology and size to the resolver? It would be interesting to consider 2 separate cases: 1. The internal network is NATed. 2. The internal network is IPv6 with ipv6_privacy=3D"YES" Victor Sudakov wrote: > Dear Colleagues, >=20 > Several hosts of the local network use a FreeBSD server with BIND or > local-unbound as a caching resolver. Let's call it "Resolver A." > Resolver A forwards all queries to another resolver, e.g. 8.8.8.8 or > some other, let's call it "Resolver B." >=20 > Can the operator of Resolver B figure out how many clients there are > behind Resolver A, or obtain any other information about the hosts on > the said local network (like their operating system etc)? In other > words, does Resolver A effectively anonymize the queries, or is some > information about the internal network leaking? >=20 > --=20 > Victor Sudakov, VAS4-RIPE, VAS47-RIPN > 2:5005/49@fidonet http://vas.tomsk.ru/ --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --y0ulUmNC+osPPQO6 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJd4G4iAAoJEA2k8lmbXsY0aD0H/0BTJQ8EbfK9n0PJBbg7EevI jXKkeuippeCEqXXH5CKAKA+2uaDbGx8fCya3vpDHlxPFA2LPcWM51Cg3V9cH8Ews tMZgzj0pRInKT6jzr8j/HpewtYXayc4JRFqLEweVEFlU+uTcni/tTEQw4HdOFS+u ztS+XhhqAmrNf3L5IpsUZ4XGEPGRm0WRL/OgSKVRWknP8vsJzvGfXA4I7cqMTtTJ /Jg7l3lgD6O8olIEJzA8pbtmuHz+TJm8Ke341vtzSxFSEyY42zlkZefJCakl4eLv 53NjLqc6jEPgu9boMGxjC40Mssspbn+coLxjUDzB1YqKdGsGRw9gJ0fMvR9188M= =shfD -----END PGP SIGNATURE----- --y0ulUmNC+osPPQO6--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20191129010226.GA68412>