Identify Clients DNS Settings

Hi,

I need to be able to identify that a visitor, visiting my site is using the correct DNS Settings.  Is there any method / script to confirm this.

Thx
Nev
LVL 1
collinsnAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ray PaseurCommented:
How do you define "correct?"  What would be some examples of correct vs. incorrect?
collinsnAuthor Commented:
We have clients that I need to validate if their Primary and Secondary DNS settings are set to ours, rather than google, e.g. 8.8.8.8 or 8.8.4.4
rfportillaCommented:
I think the best way is with firewall configuration.  This will not "validate", but it will enforce compliance.  Essentially, create a firewall rule that allows access to port 53 UDP/TCP to accepted dns servers and restrict all others.  

Depending on the firewall, you may even be able to distinguish between guests and authenticated users.  

One caveat, make sure DHCP is setup with the correct DNS settings.
OWASP Proactive Controls

Learn the most important control and control categories that every architect and developer should include in their projects.

Ray PaseurCommented:
Agree with rfportilla.  Why simply validate if what you really want is enforcement?
collinsnAuthor Commented:
Hi, this is not what I'm looking for.

Let me ask the question a different way.  How can I see what DNS a client is using when visiting my WebSite?
rfportillaCommented:
I see, web site, not physical location.

You can't.  It's like trying to figure out where someone looked up your phone number without specifically asking them.
collinsnAuthor Commented:
I know you can get their IP through PHP, so was hoping I could get all the details.
rfportillaCommented:
DNS is like a public phone book.  The browser only checks it for the IP address and then makes the request directly to the IP.  There is no protocol support (or requirement) to transmit the DNS server info.
rfportillaCommented:
If there is a specific problem related to this, maybe you should post that instead.  If you are concerned with DNS pointing to the wrong place, you can shorten the TTL of the DNS records so that clients are pulling stale records.
collinsnAuthor Commented:
I understand DNS and IP Tables Firewall, I was just hoping to find a way of confirming a user on our site has the correct DNS entries configured when using the SmartDNS services I'm providing...
Dave BaldwinFixer of ProblemsCommented:
SmartDNS services I'm providing
Are these 'public' DNS services like Google's?  Most people get DNS thru their ISP (and don't know where they are getting it either!).  I can't see that they could use your service (unless it is public) or that there is any way for you to check what they're using.
collinsnAuthor Commented:
Yes, my DNS servers are public using ACL list based on IP Address to control access. I'm just looking for a way to show the user that their DNS is correctly setup to use our DNS Service.

Thx
Nev
Dave BaldwinFixer of ProblemsCommented:
Let me ask it a different way.  Why, other than you wanting them to, why would they want to use your service or even know about it?  Most 'regular' non-technical users don't even know that there is a DNS service.
rfportillaCommented:
Without having something run on the client computer, there is no way to do this.  You can only verify that they got to the correct location (because they were able to resolve the name to the proper IP and get to your Web site).  You can't see how they resolved it (DNS, hosts file, etc.) and the browser does not provide this information.  

Moreover, the way DNS works is that as long as the first DNS server responds (bad or good), it does not go to a second.  DNS does not fail to a 2nd DNS unless it is down.  This means that you are completely on the hook for all DNS requests.  If your DNS becomes overloaded or has connection issues, you could be responsible for your customers not being able to access the Internet.
collinsnAuthor Commented:
I have worked out a way to do what I need by some clever PHP Scripting and a spare IP on the server link to a subdomain.

Unfortunately, none of the comments helped and I've had to pay a resource on freelancer to do this for me.

Nev

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rfportillaCommented:
I'm sorry we couldn't be more help.  Would you mind sharing the method by which you are doing this?
collinsnAuthor Commented:
Unfortunately, did not get the answer needed,
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.