Jump to content

OpenDNS problems!


Recommended Posts

Hi guys,

so today I did recognize some strange issues during surfing on internet. I wanted to visit few webpages I visit once everyday and I got some different certificate errors in Firefox and could not visit the website also not in not SSL 443 mode. Just did wonder what it is. Later I got some redirection to block.openDNS website telling me the site is blocked in my network etc but I did not block anything. After that I tried using different VPN AddOns in Firefox and two of them did fail to give me a VPN IP and I still got my own IP. Then I was using other VPN AddOn and did check the IP and this worked and then it was also working to visit my websites normally =? Now I tried it again from the start without VPN stuff and just changing the DNS server address in my network adapter from OpenDNS (I use normally) to Cloudflare and after the change everything was working again and also the 2 VPN AddOns did work too. So what is the problem now? Just getting this strange problem when using OpenDNS server addresses. Did they changed anything? On internet I found this site to make some tests....

https://dnschecker.org/

...and when using one of the website addresses which are not working with OpenDNS I get results that its blacklisted by dnsbl.spfbl.net = YES. Does it mean that OpenDNS does work with that site together and checking domain addresses whether they are blacklisted and if yes they do not allow to access them? Just have a look here...

https://dnschecker.org/all-dns-records-of-domain.php?query=www.nsaneforums.com&rtype=ALL&dns=opendns

....I get 4 blocks for 2 IP4 & 2 IP6 addresses of that website (IP blocked by dnsbl.spfbl.net). Does it mean the address of that website forum are into spam container / blacklisted and OpenDNS will not handle it anymore and just prints some block info on screen in browser? Can that be or whats the problem here. Maybe anyone of you can test it to see what the problem is and explain it to me.

greetz

Link to comment
  • 4 weeks later...

Hi again,

just have a new question about DNS. I was playing around in Firefox & Brave browser settings about DNS and tried using different DNS providers and I found out that in Brave browser I can not enter any custom DNS address like I can do in Firefox!=? Why this? How to enter the DNS in Brave browser?

Example: I was trying to enter a Quad9 DNS address of 9.9.9.9 what is working Firefox without problems but when I try to enter same DNS address in Brave then I get a red marked info called "Enter a correctly formatted URL" !!! Whats that!? Does Brave/Chrome browser does handle it else than Firefox & system settings where you can enter the first DNS? At the moment I can just choose the present DNS providers from drop down list in Brave. :( Maybe anyone can help and tell me how to enter the DNS address correctly in Brave to get it accepted. Otherwise its really stupid when Brave should use any custom format style etc.

Another question: In Firefox I found only Cloudflare and NextDNS providers I can choose from drop down list. Just would like to know what DNS address has the NextDNS provider (ip4 & ip6) like the others have. Just can not find it on internet only all others. Whats the DNS ips of NextDNS?

greetz

Link to comment

Hi again,

I made a image in Chrome trying to change DNS manually and getting a format URL error whatever it means.

DNS_2022-08-18_213157.png.7c5f81d8dbf6bc748c9d2c4c08477fd1.png

How to enter the DNS in Chrome? In Firefox it works 1A as it should....

DNS2_2022-08-18_213157.png.ca8e8216f848fcce5bfd1dc1c9393b80.png

....just don't understand why Chrome acts again so strange in simple things.

PS: I wanna change DNS in browser (local) and not on system / adapter settings (global).

greetz

Link to comment

You're mixing up 2 entirely different things: classic dns (which is done in plaintext over port 53, using servers like 8.8.8.8) and secure dns, also called DoH ("dns over https") using resolver urls like https://cloudflare-dns.com/dns-query

Chrome uses the latter, so you must provide DoH resolver url there...

  • Like 1
Link to comment

Ah ok and thanks for the info kao. :)

Found also this site now...

https://github.com/curl/curl/wiki/DNS-over-HTTPS

....there are tons of it! One more question, so I also found this test webpage..

https://www.cloudflare.com/ssl/encrypted-sni/

...to check status of DNS/Browser. So if I run the test with Cloudflare using as DNS in FF & Chrome then I get good results back for Secure DNS, DNSSEC and TLS 1.3 but the last one called Secure SNI is failed (red X). On internet I found anyone told that its not important or used anymore etc. Should I care about this SNI test or not? Just asking. I also found this info how to trun it on in FF..

https://www.ghacks.net/2019/04/29/check-if-your-browser-uses-secure-dns-dnssec-tls-1-3-and-encrypted-sni/

....but even this flag called "network.security.esni.enabled" is no more to find in FF what makes me think that its no more important to use / enable / create or so. Can you confirm that? Thanks.

greetz

Link to comment
  • 3 weeks later...

Hi again,

just have another question about DNS resolving. A while ago I found this tool...

https://github.com/bitbeans/SimpleDnsCrypt

....to crypt the DNS requests. I tried this tool out a longer while ago but didn't used it later. My question is whether this tool is obsolete already? Normally when using Browser like Firefox I have enabled the DNS over HTTPS option what does it already (think so) or? Just wanna know whether it is same or not (using tool or Firefox with enabled DoH)? That means I don't need to use a extra tool for that right? Just wanna know whether it makes sense what I said or not. :) Otherwise it only works for HTTPS requests only and not for HTTP ones. On internet are still sites just can be accessed over HTTP only. No idea why they not change that. Maybe you can say something about it.

greetz

Link to comment
Teddy Rogers
3 hours ago, LCF-AT said:

like Firefox I have enabled the DNS over HTTPS option

If you only want to encrypt DNS requests in the browser over DoH then it reads like you are all good to go and will not require SimpleDnsCrypt.

If it is system level then you need to install additional software (like SimpleDnsCrypt) or use one of the preferred DNS resolvers over DoH in Windows (I think it is still limited to Cloudflare, Quad9 and Google). The other option is to use your router, if it supports DoH, and send unencrypted DNS requests over your local network to on forward the request over DoH to your resolver...

Ted.

  • Like 2
Link to comment

Hi Ted,

ok, so you mean if I want to encrypt all DNS request of my system then I need to use that SimpleDnsCrypt tool or similar or resolver with DoH. Not sure whether my router has a support for DoH (don't think so). On internet I found this info image about resolvers using DoH...

DoH_2022-09-06_211426.png.09de01edf45cda19b6a2aab504270771.png

....and I can see those 3 resolvers you mention them already Ted. So it means if I use any of them (direct IP addresses you can see above for ip4 & ip6) on my system / browser / network adapter then my requests getting send with DoH right? Does it mean for all other reslovers...

https://github.com/curl/curl/wiki/DNS-over-HTTPS

....who support DoH I have to use the dns-query URLs in browser and not the direct IPs on system = no support for system (only choice to make it work is using such extra tools like SimpleDnsCrypt).

Example:

I want to use DNS Resolver for system
--------------------------------------------------
A) Use any ready DNS DoH resolver
- Google, CloundFlare, Quad 9 (see image above)

B) Use extra tools / SimpleDnsCrypt and choose any 
 other custom DNS you like

C) All other Public DNS Servers with direct IPs 
 do not support DoH = raw sending (naked / blank)

I did check out what DNS I could use and which one is the fastest for me. Below my results on the image...

DNSTest_2022-09-06_211426.png.caff3ac9e098c19b7efe2d9a44e71a21.png

....some of them failed. In this case the first one is "Hurricane Electric" DNS using IP of "74.82.42.42" (no DoH). When I check this DNS on the list here..

https://github.com/curl/curl/wiki/DNS-over-HTTPS

...then I find it too...

DNS3_2022-08-18_213157.png.bc3cf88348b4c04fe0d7d88b231c8db9.png

...with the dns-query URL I can use in browser settings as DNS only. You see its supports just DoT (no secure). So the question is whether it makes any sense / difference using the Base URL for dns-query or using the direct IP address "74.82.42.42" on system? Maybe somehow confusing a little but intersting of course. :)

PS: By the way, how to setup the browser Firefox / Chrome using the DNS reslover I did set on my system? Just see I need to enter any DNS and see no option to disable / use system DNS etc you know.

greetz

Link to comment

hi LCF,

bleepingcomputer.com/news/microsoft/how-to-enable-dns-over-https-doh-in-windows-10/

4sysops.com/archives/secure-dns-requests-over-https-doh-in-windows-1011/

  • Like 1
Link to comment

Hi wk,

thanks for the links. I'am using a older Win10 build 21H1 "19043.xxxx" and must update the MS build to higher / latest version. Never done this manually yet. Some comments saying this...

Quote

I’m using 21H2 but it doesn’t include the DoH feature? Why?

Most likely because Microsoft wants people to upgrade to Windows 11.It’s been stuck in preview builds for Windows 10, so they’ll probably gonna wait another 2 years or just not release it for Windows 10 because of the above reason.

i’m using windows 11, and still no DoH feature

...not sure whether to make that build update and having not the DoH feature after. On internet I found this video how to update build...

https://www.youtube.com/watch?v=BeVfC3ylnyI

...using that link...

https://www.microsoft.com/en-us/software-download/windows10

...and pressing update now button etc. Not sure whether its so simple or not. Otherwise I also don't know whether this latest build would work good or not = trouble or something etc. What do you say?

greetz

Link to comment

Hi again,

Ok I did upgrade Windows10 version "21H1 19043.xxxx" to "21H2 19044.1889" = latest and now I was checking my network adapter settings but the option to select a encryption menu etc. I found this site...

https://stealthbits.com/blog/dns-over-https/

...and a image...

image-20.png

...but this I don't have. I can not choose any encrypted DNS etc. I also created the DWORD in registry "EnableAutoDoh"  and reboot but still no menu to see. Where is it? Seems that the comments I did post before about "21H2 but it doesn’t include the DoH feature" are true! Damn! Any hints?

greetz

Link to comment

From the description of the image you posted:

Quote

To enable DNS over HTTPS in the Settings > Network & Internet menu (Build 20185 or higher):

Also, from the same article:

Quote

To enable DNS over HTTPS in the Windows 10 registry (Build 19628 or higher):

 

So, it looks like your Windows 10 build is too old for either option.

 

  • Like 1
Link to comment

Hi kao,

but the MS site gave me this tool...

Windows10Upgrade9252.exe

...to download and I did update to latest version. When I start it again it tells me I'am up to date. Why?

By the way, after the update my sound options was changed and they don't work anymore so I can change anything but nothing happens except to loudness. :( What a SH*T!!!

Sound_2022-09-08_002050.png.1e1dedb1bcbf520f39eacdfcaa5cf36d.png

greetz

Link to comment

I tried to update sound driver etc but now is the tab missing!=?

Sound2_2022-09-08_002050.png.602d813016fe1f9487d5ef54177d547b.png

Also tried to install audio new "DRV_Audio_RTK_SZ_RTK_TSD_W10_64_V6090501_20210226R" but it also brings not back the tab and also wants to re-install again & again after reboot. Uhhhmmmmmmm!!!!!! Damn SH*T MS CRAP!!!

EDIT: Ok Sound works again. :) I found this new app in app list called "Realtek Audio Console" what looks like windows setting window etc. In this window I can see equalizer and all other stuff. Seems they don't show it anymore in the tab as before. No idea why.

Edited by LCF-AT
Sound is back
Link to comment
Teddy Rogers
On 9/7/2022 at 5:22 AM, LCF-AT said:

so you mean if I want to encrypt all DNS request of my system then I need to use that SimpleDnsCrypt tool or similar or resolver with DoH

Yes, if you want to encrypt all DNS requests sent on your computer. Do note, some software can designate to use its own resolver (like VPN's).

On 9/7/2022 at 5:22 AM, LCF-AT said:

Not sure whether my router has a support for DoH (don't think so)

Any half decent modern router should have an option for DoH or DoT. Some even allow you to host your own DNS server where they will cache the result for x period.

On 9/7/2022 at 5:22 AM, LCF-AT said:

So it means if I use any of them (direct IP addresses you can see above for ip4 & ip6) on my system / browser / network adapter then my requests getting send with DoH right?

DoH should be entered as a URL and not IP numbers. Check out one of my old topics...

On 9/7/2022 at 5:22 AM, LCF-AT said:

You see its supports just DoT (no secure)

DoT is secure. A down side to using DoT is that requests are sent on dedicated Port 853 which can be monitored. Depending on your adversary they will know you are making requests, how many and how often. Where DoH is sent over Port 443 with all other encrypted HTTPS traffic.

On 9/7/2022 at 5:22 AM, LCF-AT said:

By the way, how to setup the browser Firefox / Chrome using the DNS reslover I did set on my system?

In your browser either choose no proxy or use system proxy settings. Disable DoH or delete the entry.

Alternatively enter the destination IP address of the local or router DNS resolver, e.g. 192.168.1.0.

Ted.

  • Like 2
Link to comment

Hi Ted,

thanks again for your answer. So I wanted to try Windows 10 itself to use encrypt DNS but the latest update I got of Win10 21H2 Build 19044.xxxx does not have this feature whats pretty stupid because the articles to enable DNS DoH is from 2020 and since that day they still didn't add this feature in any update/s. :( Seems I only get this when I install Win11 someday (if possible).

Ok, one more time. So in my case I have to use "SimpleDnsCrypt" to encrypt all DNS requests from my system except VPN (what happens here then? Do they also use encryption DoH or not? How to find this out?). Lets say I'm using SimpleDnsCrypt on my system so how can I verify it whether it works? On internet is a webpage to test the browser itself...

https://www.cloudflare.com/ssl/encrypted-sni/

....and to see results after of "Secure DNS" but how to test requests from system?

About my router, so its not possible to set any own custom DNS address. :( Pretty limited because its router from my ISP and not my own. Also found a czechia manual about the router model & firmware and there is written how to setup DNS on Windows XY itself. :) No DNS settings on router software itself what mean I can use auto DNS of ISP / Rounter or any other I do setup on Windows as I did already but in both cases I'am naked / pants down sending anything from system so far except using browser with enabled DoH.

One more question: Is it possible to bypass location checks without using VPN / Proxy IP? You know some sites using locaction checks and do not allow users to access their site if you visit them from country XY and in this case you need to use any other country IP manually or using VPN etc what can be really bugging if you just want to check a site quickly about some news or something. Is there no way to bypass this anyhow by sending any other IP / range quickly? Just don't understand this politics for geo blockings / IP ranges scan in normal working countries. When I try to access some German sites using a NOT German IP then I also get blocked (TV channels for example) but what is if I'am outside of germany and want to visit those sites then I can not do this and need to use VPN & Co tools. Somehow this entire geo blocking thing is really stupid.

greetz

Link to comment
Teddy Rogers
12 hours ago, LCF-AT said:

except VPN (what happens here then?

If you are using a VPN they generally handle DNS requests, you do not want an IP address in China with a DNS resolver in Germany. If that happens it can raise suspicion if, for example, the website implements geo-blocking.

12 hours ago, LCF-AT said:

Do they also use encryption DoH or not?

Most likely they will be unencrypted which generally doesn't matter since you are using the VPN's IP and likely the VPN's resolver. If they wanted to they can easily log and monitor all your traffic.

12 hours ago, LCF-AT said:

How to find this out?

Some VPN clients have an option to set a custom DNS address. If you don't see one assume its unencrypted.

12 hours ago, LCF-AT said:

Lets say I'm using SimpleDnsCrypt on my system so how can I verify it whether it works?

Some DNS resolvers have their own dedicated page to check if everything is working as it should, e.g. Cloudflare connection check. Browserleaks is another site that is not specific to any resolver. That page checks for DNS leaks, DNS resolvers that should not be there.

12 hours ago, LCF-AT said:

Is it possible to bypass location checks without using VPN / Proxy IP?

No.

Ted.

  • Like 1
Link to comment

Hi Ted,

thanks for the new infos. :) Just have one more question about DNS encryption. So today "wk" did post a infos about "Cloudflare Warp" on the news thread. On internet I found some videos whats showing how to use it etc to make your DNS requests private / encrypted / own protocol. What do you think about that?

https://cloudflarewarp.com/

Seems that its similar as SimpleDnsCrypt just having the encryption of cloudflare. Maybe I should try this out.

greetz

Link to comment
Teddy Rogers

WARP uses more modern protocols and standards, like WireGuard. It isn't alone in that regard. I would think SimpleDnsCrypt would now include some of these to access similar services, though I have not used it in many years.

Choose a DNS resolver you would be most comfortable knowing it has logs of all the websites you visit. The same applies to all VPN services...

Ted.

  • Like 1
Link to comment

Hey Ted,

I'am using / testing (again) Simple DnsCrypt with auto resolvers at the moment. The buttons view (only view) is somehow pretty bad and the letters are so tiny to read anything good. There is also no search mask to find any xy DNS I'am looking for quickly. Its showing me over 80 and you need a magnifying glass to read them. Anyway, so cloudflare I found already at the top. Windows seems to have problems to recognize the internet connection when using Simple DnsCrypt with localhost IP in IP4 settings. Its just not updating the internet icon in tray (network / no internet) but its there and working.

greetz

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...