#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2013
    Posts
    5
    Rep Power
    0

    Find the recursive DNS IP for every user


    Hi Everyone,
    I have a question that I wasn't able to find the answer to in my search in Google.
    How can I find the recursive DNS IP that i'm using?

    Let's say that I'm a user behind a corporate firewall and I get something like 192.168.1.254 when running ipconfig /all
    Of course I'm unable to access the router or firewall to see the DNS IPs at the web of the router/firewall.

    Yaniv.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2011
    Posts
    289
    Rep Power
    44
    I assume the IP address you have given us is the listed DNS server address. Having a private IP address means that you are operating behind a NAT router. More than likely, you have your system set to use DHCP to secure an IP address, and DHCP will most often assign itself as the DNS server. It will simply forward DNS requests to whatever servers it is internally configured for. You could also be using a private DNS server, which will translate internal queries and forward everything else to an outside server.

    Unless you have access to the configuration of these other devices, you do not have access to the DNS server that is being used. However, you do not have to use the default DNS that is assigned by DHCP. You can set it to anything you want, but if you need translation to internal devices on your own LAN, one of those will have to be the private server.

    J.A. Coutts
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2013
    Posts
    5
    Rep Power
    0
    Hi J.A,
    First, thank you for your reply.

    Please let me clarify what I'm searching for:
    I need a way to find for every user the recursive DNS that he is using.
    No matter if that user is working from home or from some office network.

    The numbers I gave before were just an example of office network.
    The user might be using the ISP recursive DNS or Google DNS servers for example.

    Is there a tool or a command that will give me this info?
    Tnx, Yaniv.
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2013
    Posts
    5
    Rep Power
    0
    Hi J.A,
    I found a tool that gave me what I needed:
    dnsleaktest.com

    Thank you for help.
    Yaniv.
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2011
    Posts
    289
    Rep Power
    44
    Originally Posted by yanivg11
    Hi J.A,
    I found a tool that gave me what I needed:
    dnsleaktest.com

    Thank you for help.
    Yaniv.
    I am not quite sure what you are after, but that particular web site does not offer any useful information.

    DNStest:
    IP: 154.5.240.20
    IP: 154.5.240.19

    NAT Router:
    IP: 75.153.176.9
    IP: 75.153.176.1

    Actual:
    IP: 207.102.93.157
    IP: 207.194.28.230

    Where DNSTest got it's IP addresses from I have no idea, but they bear no relationship to the recursive servers that I am actually using (verified using a packet sniffer).

    J.A. Coutts
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2013
    Posts
    5
    Rep Power
    0
    Hi J.A,
    I couldn't find the DNStest tool you were referring to
    Can you give me the URL so I can try understand what is the difference between the two tools?

    The NAT Router is not related to the DNS,
    And about the actual DNS, I think these are the IPs of the standard authorities DNS you work with and not the recursive DNS.

    As, if i'll set my DNS to Google DNS 8.8.8.8,
    The recursive DNS IPs will be different, as Google DNS servers will forward my DNS queries to their array of recursive servers - and this are the IPs i'm searching for, as this servers represent me as a client to CDN and all other GEO based systems.

    Same with every ISP, they have array of authority "standard" DNS server and also a set of recursive DNS servers, which get the queries from the authority DNS servers.

    This is the info i'm searching for.
    Yaniv.
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2011
    Posts
    289
    Rep Power
    44
    Originally Posted by yanivg11
    Hi J.A,
    I couldn't find the DNStest tool you were referring to
    Can you give me the URL so I can try understand what is the difference between the two tools?

    The NAT Router is not related to the DNS,
    And about the actual DNS, I think these are the IPs of the standard authorities DNS you work with and not the recursive DNS.

    As, if i'll set my DNS to Google DNS 8.8.8.8,
    The recursive DNS IPs will be different, as Google DNS servers will forward my DNS queries to their array of recursive servers - and this are the IPs i'm searching for, as this servers represent me as a client to CDN and all other GEO based systems.

    Same with every ISP, they have array of authority "standard" DNS server and also a set of recursive DNS servers, which get the queries from the authority DNS servers.

    This is the info i'm searching for.
    Yaniv.
    Sorry, I dropped part of the name. (www.dnsleaktest.com)

    Non-Recursive DNS servers only respond to domain queries for which they are authoritative, and will not respond to domains that they are not responsible for. Recursive servers will attempt to find the answer for all domains, and are usually set to restrict recursive service to IP addresses that are under their control. However, there are some DNS servers (such as google & openDNS) that are not restricted. Because of the heavy demand on large networks, DNS servers may be set to offload some of the background work to other servers. However, when a DNS server sends requests to other DNS servers as part of the recursion process, these requests are typically non-recursive. The answer always comes from the first server that is providing the recursion so that it can be stored in cache. Those secondary servers that are doing some of the legwork are generally not accessible to the public.

    dnsleaktest.com uses a couple of Java scripts to track the actual authoritative request for the domain ana .dnsleaktest.com. Therefore, some requests from large networks will be from the secondary servers doing the legwork and reporting back to the original recursive server. Please forgive me if I do not see the value in that information.

    What dnsleaktest.com is trying to say is that you may think you are untraceable when using a VPN, when in fact your DNS queries may still be traceable. This occurs whenever you are using the default settings provided by DHCP, whether that DHCP service comes directly from the ISP, or from a NAT router that the ISP supplied. The NAT router settings I gave you earlier are for UNBLOCK-US, and are for our TV. The TV does not support manual settings and only uses DHCP (the same is true for many portable devices). The NAT router provides the DHCP service, assigns itself as the DNS server, and relays all DNS queries to the DNS servers in its own configuration.

    The fix dnsleaktest.com provides is to use manual settings, which I personally have always done anyway.

    J.A. Coutts
  14. #8
  15. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2013
    Posts
    5
    Rep Power
    0
    Hi J.A,
    As I said, there are GEO mechanisms such as CDN systems which rely on the user's recursive DNS to determine his location (and provide him the service accordingly).
    This is the value that I get from a tool such as Dnsleaktest.com
    While this Recursive-DNS servers are restricted to the public, their IPs in some cases are used to identify the client's location.

    Yaniv.

IMN logo majestic logo threadwatch logo seochat tools logo