DNS Settings

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
#1
Thank you for the great project.

According to the documentation, when unchecking "the box Use defined DNS as redirectors" on the Miscellaneous settings, the settings used in DNS 1 & 2 are ignored and DNS queries are not relayed. Further KB documentation says "DNS queries will be directly redirected to the root DNS servers on the Internet."

For clarification, is this essentially the same as "Unbound DNS"?

Also, in the DNS and Gateway settings page, under DNS 1 I have an entry 127.0.0.1 which I believe does in fact indicate Unbound DNS is active.

However, I am confused whether or not this entry is active or ignored due to the unchecked box mentioned above in Miscellaneous settings. Can I please have some clarification on these settings? Thank you
Reply
#1
Thank you for the great project.

According to the documentation, when unchecking "the box Use defined DNS as redirectors" on the Miscellaneous settings, the settings used in DNS 1 & 2 are ignored and DNS queries are not relayed. Further KB documentation says "DNS queries will be directly redirected to the root DNS servers on the Internet."

For clarification, is this essentially the same as "Unbound DNS"?

Also, in the DNS and Gateway settings page, under DNS 1 I have an entry 127.0.0.1 which I believe does in fact indicate Unbound DNS is active.

However, I am confused whether or not this entry is active or ignored due to the unchecked box mentioned above in Miscellaneous settings. Can I please have some clarification on these settings? Thank you
Reply
#2
The DNS server used by Keexybox is not unbound but bind9.

For example : If DNS1 & DNS2 are defined to 8.8.8.8 and 8.8.4.4




When "Use defined DNS as redirectors" box is checked, the DNS query will be redirected as follow :




Quote:Device -> KeexyBox (Bind9) -> 8.8.8.8 or 8.8.4.4 -> recursive DNS query from DNS ROOT servers


If it is unchecked

Quote:Device -> KeexyBox (Bind9) -> recursive DNS query from DNS ROOT servers



If "Redirect DNS queries to TOR" is checked in the profile the DNS query will be as follow :



Quote:Device -> KeexyBox (Bind9) -> Keexybox (Tor) -> Tor Network -> recursive DNS query from DNS ROOT servers
Reply
#2
The DNS server used by Keexybox is not unbound but bind9.

For example : If DNS1 & DNS2 are defined to 8.8.8.8 and 8.8.4.4




When "Use defined DNS as redirectors" box is checked, the DNS query will be redirected as follow :




Quote:Device -> KeexyBox (Bind9) -> 8.8.8.8 or 8.8.4.4 -> recursive DNS query from DNS ROOT servers


If it is unchecked

Quote:Device -> KeexyBox (Bind9) -> recursive DNS query from DNS ROOT servers



If "Redirect DNS queries to TOR" is checked in the profile the DNS query will be as follow :



Quote:Device -> KeexyBox (Bind9) -> Keexybox (Tor) -> Tor Network -> recursive DNS query from DNS ROOT servers
Reply
#3
Thank you very much for the detailed reply. I now have a good understanding of how KeexyBox is implementing DNS.

I do have one follow up question. When I am redirecting DNS queries to TOR, I have noticed that I occassionally will see what appears to be a DNS leak when checking on browserleaks.com. To be clear, about 10% of the time I run a DNS leak test, I will see my ISP DNS server along with TOR exit nodes. The other 90% of the time I will see only the TOR exit note as expected.

Is there anyway to prevent this? Or is this even a problem from a privacy standpoint as the queries are going to the DNS root servers anyway?

Thanks again

Edit: I checked my router settings and noticed my WAN DNS was not set to Keexybox. I only had LAN DNS set to KB. Once I made that change, I haven't seen my ISP DNS used.

Edit 2: Despite above, I am now seeing DNS leaks again. Any advice would be appreciated. 
[Image: Screenshot-20210304-222414-1.png]
Reply
#3
Thank you very much for the detailed reply. I now have a good understanding of how KeexyBox is implementing DNS.

I do have one follow up question. When I am redirecting DNS queries to TOR, I have noticed that I occassionally will see what appears to be a DNS leak when checking on browserleaks.com. To be clear, about 10% of the time I run a DNS leak test, I will see my ISP DNS server along with TOR exit nodes. The other 90% of the time I will see only the TOR exit note as expected.

Is there anyway to prevent this? Or is this even a problem from a privacy standpoint as the queries are going to the DNS root servers anyway?

Thanks again

Edit: I checked my router settings and noticed my WAN DNS was not set to Keexybox. I only had LAN DNS set to KB. Once I made that change, I haven't seen my ISP DNS used.

Edit 2: Despite above, I am now seeing DNS leaks again. Any advice would be appreciated. 
[Image: Screenshot-20210304-222414-1.png]
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)