How can I check if my ISP is intercepting DNS queries sent to alternative DNS servers?

networking router dns internet isp
5,997

I have posted a detailed answer here because the questions are similar and that one is older.

In a nutshell:

  1. The easiest method is to use Netalyzr (retired) android app or the Namebench windows software by Google. They will inform you if your ISP is using a DNS proxy. You don't need any technical knowledge for this.

  2. Perform a DNS lookup to an authoritative nameserver and check if the reply is authoritative. For this example I will use dig. You can also use nslookup too. If the reply is authoritative, dig will display the aa flag in the reply. Now, a.ns.facebook.com is the authoritative NS of fb.me. If your ISP intercepts and redirects the request, you won't get an authoritative reply.

    dig @a.ns.facebook.com fb.me

  3. specify an IP address where no DNS server is running, as the DNS server while performing dig or nslookup. You will still receive reply if your ISP intercepts your request. Otherwise you will get Time Out.

  4. Use nmap on random IP addresses. You will always see port 53 open, if your ISP redirects all port 53 requests.

  5. Change your computer network settings and use Google public DNS or OpenDNS or Cloudflare DNS IP (Use one provider type at a time). Then go to Dns Leak Test website and notice if any different provider(s) is(are) appearing.

Share:
5,997

Related videos on Youtube

user68740
Author by

user68740

Updated on September 18, 2022

Comments

  • user68740
    user68740 over 1 year

    Previously I had a router setup to use ISP provided DNS servers, but as of recently I setup two local DNS servers with forwarders set yo google's public dns. Whenever I visit a website which I assume is not yet cached in local DNS router reports a whole bunch of unreplied connections from local DNS server to google's dns server. At the same time internet speed is lagging until router stops reporting unreplied connections.

    From what I have read this may be caused by ISP intercepting DNS queries, which I would love to check.

    • Ramhound
      Ramhound about 9 years
      If you suspect your ISP is intercepting DNS queries stop using their DNS servers.Previous questions on this topic have been asked before.There is easy enough command you can use and lots of other results on this topic.
    • user68740
      user68740 about 9 years
      Not using their DNS servers is exactly what I am trying to do, but if they are intercepting DNS queries to public DNS servers and resolving those queries on their end then there isn't much I can do. Ever since switching back to ISP DNS servers as forwarders, there are also no unreplied connections and no issues with internet connections. Therefore, I assume, ISP is fiddling with DNS queries intended for any but their servers, but I was hoping to find a way to get more concrete evidence. Edit: I might try routing DNS queries through remote site using VPN, but that again wont prove much
    • Zoredache
      Zoredache about 9 years
      @Ramhound he is talking about an ISP using something like NAT or route trickery to make something like Google's DNS be redirected to the ISP DNS servers. Something like this. serverfault.com/questions/672472/…
    • Zoredache
      Zoredache about 9 years
      I would start by doing a traceroute to the servers you think may be intercepting. I think there are even tools that could do a UDP based traceroute with the port set to 53. See where the replies come from.
    • Ramhound
      Ramhound about 9 years
      @Zoredache - I know what the author is talking about.
    • user68740
      user68740 about 9 years
      @Zoredache I have tried tracert random websites that aren't cached in local dns yet with google's and ISP's dns servers set as forwarders. With ISP's DNS, there is no delay nor unreplied connections, whereas with google's there is a slight delay and unreplied connections. Regardless of which dns servers are used, first couple hops are the same. Another stupid test I did "nslookup website.com 8.8.8.8" is not consistent in timing, some requests taking longer than ever and again router reporting unreplied connections. Doesn't happen with ISP's DNS in place of 8.8.8.8
    • Scott - Слава Україні
      Scott - Слава Україні about 9 years
      user68740: Zoredache isn't talking about running tracert to random websites, he's talking about running tracert to 8.8.8.8.
    • Julian Knight
      Julian Knight about 9 years
      Have you also tried OpenDNS instead of Googles DNS to see whether you have a poor route. I know from experience that sometimes Google's DNS is slower and sometimes OpenDNS is slower.
    • Sourav Ghosh
      Sourav Ghosh almost 6 years

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Rerouting all internet traffic for more direct path and lower ping
How to redirect custom urls to some local IPs with pfSense
Connect to two networks simultaneously
Access Windows machines from Ubuntu on local network by hostname
Problem with internet. Certain website do not load at all. 12.04
Manually edit DNS in Ubuntu 14.04
Slow DNS Resolution
How to redirect a URL to a custom IP address?
ping 8.8.8.8 works but ping www.google.com doesn't
Why am I getting "Curl (6) Could not resolve host" after I did a "yum -y update"?