Discussion in 'Windows 10' started by Yen, Aug 4, 2015.
You need to login to view this posts content.
You need to login to view this posts content.
ArsTechnica also made its own measurements and discovered further findings that Windows 10 bypasses a socket proxy connection through communication with CDN servers, which is a huge security issue when you rely on proxy and Windows 10 in the meantime calls from behind a live IP address your connection to the Microsoft cloud somewhere. So the fact that you set up something in the Windows GUI in the settings panel, it suddenly somehow misses the sense and especially the functionality. It's basically a "placebo effect" to make you think you've set up something and Windows is not calling anywhere.
That's a great idea, just make sure it respects already present DNS proxies from the user.
Well I thought rather that the tool would allow the user to specify an upstream DNS address, so if the user wants to use somethign own he just has to setup it.
So Priv10 DNS would be set up directly with windows and any additional DNS would be setup in priv10.
I think this is the best way as of cause one would want the DNS to always take and when adding a new network card or setting up a new VPN connection, one may easy forget to configure it to also use the local DNS. Priv10 has a mechanism to auto detect changes to the network cards and it could use it to always automatically apply the DNS configuration to any new NIC found.
Also you can not run priv10 dns and an other dns server on the same machine as booth need to listen on port 53 but at any one time only one can.
Well, port 53 is just the default port for DNS, actually it works on every port (otherwise, I could not have chain-loaded two DNS programs together). As it is the case with any other service, a non-default port must be specified, while the default one doesn't need to.
(Also, technically, it is not possible listening on ports, only on sockets. So, priv10 DNS could very well listen on 192.168.1.1:53 and another DNS could listen on 192.168.1.2:53, at the same time (any machine can have multiple IPs). Sockets are unique and exclusive, ports aren't.)
I'm sure we'll find a good solution. Maybe Win10 will eventually become, well, acceptable.
I'm using Version 0.9.30 released on February 15, 2016 and runs very stable for 3 Years now.
Yea but all that means its work for the user to set it up properly, what you asked for was
And naturally the last DNS which is set up with windows would use port 53 as there is no GUI option in windows to set a non default port as far as I remember.
So respecting a user preset would be challenging, not every user would have more than one active network card at any given time and setting up virtual NIC's to make the new DNS listen on is quite an overkill.
You are right, I've just noticed Windows does not provide any means to enter a non-default port (Registry might work, though). My Acrylic proxy runs on 0.0.0.0:53 and [::]:53, but, unbound uses a different port. So, it is definitely possible serving DNS from sockets using non-default ports.
All I asked for is the tool detecting a configured DNS server in the OS and prompting if it should be used. For default Auto DNS setting, the tool should use its own solution. Everything's better as the default DNS served by Windows 10.
You don't need any further NICs. In Windows, you can define any number of IPs you want, even for only one NIC. It's a rarely used feature for IPv4, but standard behavior of IPv6.
In the Windows's GUI you can enter additional IP addresses only when you disable DHCP, so for a notebook that is being used in different WiFi's this is not an option.
Not sure if one could workaround that limitation by editing the registry directly, but in any case that would not be a pretty solution imho.
Well there are 2 issues with that:
1. you can open a socket and bind it to all ip addresses on a system by specifying 0.0.0.0 or ::1 as the bind address, so if the already installed 3rd party dns proxy does that you can not spin up an own dns proxy on port 53 in any way, hence you can not set it up with windows. To make it work you would need to edit the 3rd party dns proxy's Config...
2. What do we do if we find multiple NICs with different dns's manually set, sure that's not very likely but what than? We could show a combo box to the user to pick one, but that's error prone with new users.
I think the best way is to let the user take care of re configuring his other DNS's proxies manually to work with priv10.
Using a manual setup would also allow one to set priv10 in the middle and have an other tool set up with windows directly...
Well, again, all I want Sledgehammer to do is not to f**k up my own existing DNS solution, by setting up its own service automatically. As long as I can continue using my DNS setup, there are no objections.
As for detection, as long as there are no manually entered DNS IP addresses in the OS, setting up the priv10 DNS is safe. If there is at least one IP entered (most probably a localhost or LAN address), you need to be cautious to not overwrite that, or else we'll see some torches and pitchforks on the horizon...
Well i plan to implement settings like this:
If the user clicks "Setup DNS Proxy as ..." its pretty clear what it will do and that if he wants to continue using his 3rd party DNS solution he will have to set it up appropriately.
I think at this stage a additional confirmation dialog for the setting is not required.
Also the dns setting feature is implemented such that it backups the original configuration to unchecking the checkbox will return the configuration to its original state what ever it may have been.
I have twinkered around with Windows 10, found it fun and all that, but after getting a raspberry pi 4 (poc computer), its like upgraded hardware in my brain, super fun and you learn alot
I advise you guys to use a pi4 as your main pc
Will done at christmas if Santa Claus is nice with me
Explains the telemetry, opt-out methods and provides some Whireshark/Burp dumps in order to see what MS really transmit