Mar 27 2020 02:17 PM
Hi,
As we all know, the DNS is one of the services which is leaking information out from the organizations. I have read some plans to have possibilities to do filtering how much DNS servers are leaking data out. But in case your workstation is living two two different life: VPN and without VPN.
So normally when workstation is having VPN established, all the DNS queries are of course traveling through the VPN.
But when domain joined workstation is starting without VPN it is shooting many different internal DNS queries to the first available DNS server. And as we all know, those queries are plain text on the wire.
Has any on here tried to solve this issue somehow? Having own DNS client for VPN and closing down OS's own DNS client? Or filtering DNS queries for internal domains by local FW?
Apr 02 2020 01:51 AM
Oh! I was sure to get quick solution for this from here 🙂
Just though (or wild idea), as Windows defender cannot filter unwanted DNS queries (?). Would it be the only option to install a local DNS server to all of the workstations and force a dns client to use that. In the local DNS server we could define forwarders for the internal domains. This way internal queries are not sent out.
For not internal DNS queries, we need to query the DNS servers from the DHCP and forward the rest of the DNS queries to those DNS servers.
May 18 2020 07:11 AM
Hi there
I am still thinking about a proper solution... But frankly speaking, it is difficult 🙂
However, if you route all the traffic through the VPN you could leave the dns servers blank and only add the url(s) needed for the vpn connection to the local hosts file. Everything else would then be resolved via the DNS servers provided through the vpn connection.
But either way (hosts file oder local dns resolver) seems to be more like a workaround than a proper solution...
May 25 2020 10:53 AM
Move to the services tab, and Locate DNS Client from the available services. If you wish to Disable DNS Client Service, untick the checkbox of the same. And To keep the service enabled, simply click on the checkbox to keep the tick mark.
May 25 2020 02:03 PM
Hi @Smith_J ,
I'm not sure could that do what I asked? I do not want to disable DNS as that is core component in computer world. The problem is, when you do not have VPN connection established your workstation is sending a lot of DNS queries to the DNS server on your NIC configuration. I was only hunting a possibility to block our internal FQDNs to be sent to external DNS server when VPN is not ready yet.
Obviously our internal FQDNs are not resolvable on public network, but also if someone listening the traffic they could learn our infrastructure (data leaking), but also sometime even user IDs are sent out.
Would be nice to be able to setup a conditional forwarders for our internal domains to known internal DNS servers only. Unfortunately such a term as "conditional forwarder" is an option only on DNS servers and not for DNS clients. But if that could be possible, then when the VPN is not established, those internal DNS queries are not sent out as internal DNS servers are not reachable, until VPN is working again.