Send each request to a different DNS server?

Question

Send each request to a different DNS server?

Opened this issue 5 years ago · 7 comments

Is your feature request related to a problem? Please describe.
The administrator of the DNS server in use has a complete list of the sites you visit.

Describe the solution you'd like
I'm pretty ignorant here, but I think that sending each request to a randomly chosen DNS server (from a list) would help tracking mitigation. Technically, this isn't always true because your ISP would however see the content you load after the request, but since some users don't use ISP's DNS by default, it could be a good idea to add an option '--dns' which does the job. Again - not so experienced, but hopefully it helps.

Describe alternatives you've considered
This is not related to the problem before, but I don't think that putting a google site by default in the "whitelist" is in favor of privacy.

Answer 1 · 2019-04-25T10:12:38.000Z

Thank you for bringing this up, to be honest, I've never thought about a feature like the one you described, but i think it would be useful.
I googled the "problem" and luckily there's a flag for this in curl. So I'll add the feature real quick.
About google site in whitelist issue, I'm not sure if you are talking about news.google.com in partyloud.conf, but news.google.com is used only because it's a site full of links to other sites and it's one of the most visited sites in the world (also if you check badwords you will see that "google" is in there, so every site containing google is blacklisted)
Please let me know if this was of any help

Answer 2 · 2019-04-25T11:33:44.000Z

Thanks for the clarification about google!
Also, I forgot to add that if you use ping to check connectivity, you should use a domain instead of an ip, that way it exactly tells whether or not your current dns is working.
I'm thinking about this case:

Set an invented dns
Check if "ping 8.8.8.8" returns errors
No errors found, the request has been sent
or:
check if "ping debian.org" returns errors
returns errors because a valid dns has not been set

The requests that the program will send will not be through IP addresses, so it seems more accurate to use a domain as a control. I say this just because it often happens to me :)

Answer 3 · 2019-04-25T11:43:48.000Z

Thank you, an issue about connectivity check already exist. I've already switched from ping 8.8.8.8 to /dev/tcp/google.com/80 in experimental branch

Answer 4 · 2019-04-27T14:05:57.000Z

Sorry for the delay - I wouldn't want to sound grumpy, but could you use something more neutral such as 'example.com'?

Answer 5 · 2019-05-05T21:36:59.000Z

Yes, technically speaking it should be fine, but I prefer using Google because I'm sure that if I can't reach Google 99.9% the problem is on my side, plus it's only a TCP handshake, no data sent, nearly undetectable

Answer 6 · 2019-05-11T18:42:24.000Z

Hi again,
I just wanted to say that the purpose of using different DNS servers is to distribute the fake queries between providers not to spam your IP address around dozens of them. So imo you should use a far smaller list with only "trusted" providers. This is an example: (plz dont add the google one 😱)

# Cloudflare
1.1.1.1
1.0.0.1

# DNS Watch
84.200.69.80
84.200.70.40

# OpenDNS
208.67.220.220
208.67.222.222

# OpenNIC
206.125.173.29
45.32.230.225

# UncensoredDNS
91.239.100.100 
89.233.43.71 

# FreeDNS
172.104.237.57
172.104.49.100
37.235.1.174
37.235.1.177
45.33.97.5

# Quad9
9.9.9.9
149.112.112.112

Also, some other ideas are:

enforce https requests (as I've seen some with http);
maybe avoid to tell the user those found! at the beginning (as just in my opinion they're unnecessary).
If on macOS they're already installed by default you can do a "dependency installer" script for linux users which should support different package managers such as apt, dnf, pacman and eopkg;
maybe just use the TBB user agent which is Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0 (From my knowledge it should reduce the "fake browsing" detection, as it appears to be less unique);

Furthermore, this information could help reduce the detection of fake traffic https://www.whonix.org/wiki/Data_Collection_Techniques

I'm sorry to just talk without sharing the code, but I don't have much time until the end of the school.

EDIT: Sorry for my ignorance if some points aren't true 😄 , especially the last point.

Answer 7 · 2019-05-13T11:14:56.000Z

Hi,
Thank you again, I'll think about it and read the wiki.
DNS function is still in early alpha, I'm working on it, I prefer a big list of DNS servers because chance of using the same server is lower
I'll not remove software check output, it increase usability, trust me
Please do not write here anymore, it's a closed issue
You can contact me here: https://twitter.com/realTHO2