Solved

Identify Clients DNS Settings

Posted on 2014-03-28
17
201 Views
Last Modified: 2014-04-05
Hi,

I need to be able to identify that a visitor, visiting my site is using the correct DNS Settings.  Is there any method / script to confirm this.

Thx
Nev
0
Comment
Question by:collinsn
  • 7
  • 6
  • 2
  • +1
17 Comments
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 39961316
How do you define "correct?"  What would be some examples of correct vs. incorrect?
0
 
LVL 1

Author Comment

by:collinsn
ID: 39961341
We have clients that I need to validate if their Primary and Secondary DNS settings are set to ours, rather than google, e.g. 8.8.8.8 or 8.8.4.4
0
 
LVL 9

Expert Comment

by:rfportilla
ID: 39961355
I think the best way is with firewall configuration.  This will not "validate", but it will enforce compliance.  Essentially, create a firewall rule that allows access to port 53 UDP/TCP to accepted dns servers and restrict all others.  

Depending on the firewall, you may even be able to distinguish between guests and authenticated users.  

One caveat, make sure DHCP is setup with the correct DNS settings.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 39961401
Agree with rfportilla.  Why simply validate if what you really want is enforcement?
0
 
LVL 1

Author Comment

by:collinsn
ID: 39961589
Hi, this is not what I'm looking for.

Let me ask the question a different way.  How can I see what DNS a client is using when visiting my WebSite?
0
 
LVL 9

Expert Comment

by:rfportilla
ID: 39961612
I see, web site, not physical location.

You can't.  It's like trying to figure out where someone looked up your phone number without specifically asking them.
0
 
LVL 1

Author Comment

by:collinsn
ID: 39961618
I know you can get their IP through PHP, so was hoping I could get all the details.
0
 
LVL 9

Expert Comment

by:rfportilla
ID: 39961616
DNS is like a public phone book.  The browser only checks it for the IP address and then makes the request directly to the IP.  There is no protocol support (or requirement) to transmit the DNS server info.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 9

Expert Comment

by:rfportilla
ID: 39961623
If there is a specific problem related to this, maybe you should post that instead.  If you are concerned with DNS pointing to the wrong place, you can shorten the TTL of the DNS records so that clients are pulling stale records.
0
 
LVL 1

Author Comment

by:collinsn
ID: 39961764
I understand DNS and IP Tables Firewall, I was just hoping to find a way of confirming a user on our site has the correct DNS entries configured when using the SmartDNS services I'm providing...
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 39962430
SmartDNS services I'm providing
Are these 'public' DNS services like Google's?  Most people get DNS thru their ISP (and don't know where they are getting it either!).  I can't see that they could use your service (unless it is public) or that there is any way for you to check what they're using.
0
 
LVL 1

Author Comment

by:collinsn
ID: 39963465
Yes, my DNS servers are public using ACL list based on IP Address to control access. I'm just looking for a way to show the user that their DNS is correctly setup to use our DNS Service.

Thx
Nev
0
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 250 total points
ID: 39964005
Let me ask it a different way.  Why, other than you wanting them to, why would they want to use your service or even know about it?  Most 'regular' non-technical users don't even know that there is a DNS service.
0
 
LVL 9

Assisted Solution

by:rfportilla
rfportilla earned 250 total points
ID: 39966505
Without having something run on the client computer, there is no way to do this.  You can only verify that they got to the correct location (because they were able to resolve the name to the proper IP and get to your Web site).  You can't see how they resolved it (DNS, hosts file, etc.) and the browser does not provide this information.  

Moreover, the way DNS works is that as long as the first DNS server responds (bad or good), it does not go to a second.  DNS does not fail to a 2nd DNS unless it is down.  This means that you are completely on the hook for all DNS requests.  If your DNS becomes overloaded or has connection issues, you could be responsible for your customers not being able to access the Internet.
0
 
LVL 1

Accepted Solution

by:
collinsn earned 0 total points
ID: 39967433
I have worked out a way to do what I need by some clever PHP Scripting and a spare IP on the server link to a subdomain.

Unfortunately, none of the comments helped and I've had to pay a resource on freelancer to do this for me.

Nev
0
 
LVL 9

Expert Comment

by:rfportilla
ID: 39967445
I'm sorry we couldn't be more help.  Would you mind sharing the method by which you are doing this?
0
 
LVL 1

Author Closing Comment

by:collinsn
ID: 39979862
Unfortunately, did not get the answer needed,
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
The viewer will learn how to dynamically set the form action using jQuery.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now