FYI - Chrome bypasses your DNS Resolvers

Question

FYI - Chrome bypasses your DNS Resolvers

TraderStf opened this issue 5 years ago · 5 comments

Hello,

Block (www.)facebook.com in routeur, /etc/hosts, littlesnitch...
All DNS Resolvers are set to e.g. : 1.1.1.1 ip4/6
8.8.8.8 or others google DNS IP4/6 are NOT existing anywhere
No VPN...

Click on a facebook.com link.

After few seconds, FaceCrooK can't be reached
LittleSnitch displays Chrome wants to connect to 8.8.8.8, Deny, 8.8.8.4

Chrome bypasses user/router/mac settings 👎

To disable this:

Chrome prefs
Google-Sync
Disable ~'display site suggestions if it can not be reached'

Thanks

MC & HNY ⛄️

Answer 1 · 2019-12-23T17:23:01.000Z

Good eye, may make sense to sinkhole traffic to those addresses with PF as well.

Answer 2 · 2019-12-23T17:59:54.000Z

Will test few others. wonder if it's chrome or chromium.

Should make a sinkhole for internet apps: chrome, ff, safari, mail...

I think to all the checking included in them: update, safe site, pw stolen... and more obvious one like 'remote-fonts' and all those little 'nice trackers' provided for our security 👀

Answer 3 · 2019-12-23T19:26:24.000Z

FYI, for the sinkhole
https://developers.google.com/speed/public-dns/docs/dns64

Answer 4 · 2019-12-26T17:35:32.000Z

FYI, don't want to create a new case. We should have some kind of blabla case/posts.

This might perhaps interest you
https://www.sentinelone.com/blog/macos-red-team-calling-apple-apis-without-building-binaries/

I will post asap the connections made by most browsers.

Answer 5 · 2020-02-06T01:17:44.000Z

Updated with 7aa6381