Date: Sun, 24 Nov 2019 22:54:46 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: Victor Sudakov <vas@sibptus.ru>, freebsd-net@freebsd.org Subject: Re: Several hosts behind a caching resolver Message-ID: <d726b6af-f731-ae36-9407-87e740ba5a0c@grosbein.net> In-Reply-To: <20191124123451.GA6593@admin.sibptus.ru> References: <20191124123451.GA6593@admin.sibptus.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
24.11.2019 19:34, Victor Sudakov wrote: > Dear Colleagues, > > Several hosts of the local network use a FreeBSD server with BIND or > local-unbound as a caching resolver. Let's call it "Resolver A." > Resolver A forwards all queries to another resolver, e.g. 8.8.8.8 or > some other, let's call it "Resolver B." > > Can the operator of Resolver B figure out how many clients there are > behind Resolver A, or obtain any other information about the hosts on > the said local network (like their operating system etc)? In other > words, does Resolver A effectively anonymize the queries, or is some > information about the internal network leaking? No anonymization via unencrypted DNS. The query itself reveals most data about clients. Windows OSes send queries for MS-specific domains periodically, Android for its domains, FreeBSD for pkg.freebsd.org or svn.freebsd.org etc. If a there are multiple recursive queries for both of MS/Androis/MacOS-specific domains, this means there are many clients behind this local resolver.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d726b6af-f731-ae36-9407-87e740ba5a0c>