Eugene Grosbein wrote: > > > > Several hosts of the local network use a FreeBSD server with BIND or > > local-unbound as a caching resolver. Let's call it "Resolver A." > > Resolver A forwards all queries to another resolver, e.g. 8.8.8.8 or > > some other, let's call it "Resolver B." > > > > Can the operator of Resolver B figure out how many clients there are > > behind Resolver A, or obtain any other information about the hosts on > > the said local network (like their operating system etc)? In other > > words, does Resolver A effectively anonymize the queries, or is some > > information about the internal network leaking? > > No anonymization via unencrypted DNS. > > The query itself reveals most data about clients. Windows OSes send queries > for MS-specific domains periodically, Android for its domains, > FreeBSD for pkg.freebsd.org or svn.freebsd.org etc.
This is a good point. > > If a there are multiple recursive queries for both of > MS/Androis/MacOS-specific domains, > this means there are many clients behind this local resolver. If there are multiple recursive queries for MS domains only, do you think the operator of Resolver B can tell if there are 10 or 100 MS clients behind Resolver A? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
