Solved

Identify Clients DNS Settings

Posted on 2014-03-28
17
206 Views
Last Modified: 2014-04-05
Hi,

I need to be able to identify that a visitor, visiting my site is using the correct DNS Settings.  Is there any method / script to confirm this.

Thx
Nev
0
Comment
Question by:collinsn
  • 7
  • 6
  • 2
  • +1
17 Comments
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 39961316
How do you define "correct?"  What would be some examples of correct vs. incorrect?
0
 
LVL 1

Author Comment

by:collinsn
ID: 39961341
We have clients that I need to validate if their Primary and Secondary DNS settings are set to ours, rather than google, e.g. 8.8.8.8 or 8.8.4.4
0
 
LVL 9

Expert Comment

by:rfportilla
ID: 39961355
I think the best way is with firewall configuration.  This will not "validate", but it will enforce compliance.  Essentially, create a firewall rule that allows access to port 53 UDP/TCP to accepted dns servers and restrict all others.  

Depending on the firewall, you may even be able to distinguish between guests and authenticated users.  

One caveat, make sure DHCP is setup with the correct DNS settings.
0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 
LVL 109

Expert Comment

by:Ray Paseur
ID: 39961401
Agree with rfportilla.  Why simply validate if what you really want is enforcement?
0
 
LVL 1

Author Comment

by:collinsn
ID: 39961589
Hi, this is not what I'm looking for.

Let me ask the question a different way.  How can I see what DNS a client is using when visiting my WebSite?
0
 
LVL 9

Expert Comment

by:rfportilla
ID: 39961612
I see, web site, not physical location.

You can't.  It's like trying to figure out where someone looked up your phone number without specifically asking them.
0
 
LVL 1

Author Comment

by:collinsn
ID: 39961618
I know you can get their IP through PHP, so was hoping I could get all the details.
0
 
LVL 9

Expert Comment

by:rfportilla
ID: 39961616
DNS is like a public phone book.  The browser only checks it for the IP address and then makes the request directly to the IP.  There is no protocol support (or requirement) to transmit the DNS server info.
0
 
LVL 9

Expert Comment

by:rfportilla
ID: 39961623
If there is a specific problem related to this, maybe you should post that instead.  If you are concerned with DNS pointing to the wrong place, you can shorten the TTL of the DNS records so that clients are pulling stale records.
0
 
LVL 1

Author Comment

by:collinsn
ID: 39961764
I understand DNS and IP Tables Firewall, I was just hoping to find a way of confirming a user on our site has the correct DNS entries configured when using the SmartDNS services I'm providing...
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39962430
SmartDNS services I'm providing
Are these 'public' DNS services like Google's?  Most people get DNS thru their ISP (and don't know where they are getting it either!).  I can't see that they could use your service (unless it is public) or that there is any way for you to check what they're using.
0
 
LVL 1

Author Comment

by:collinsn
ID: 39963465
Yes, my DNS servers are public using ACL list based on IP Address to control access. I'm just looking for a way to show the user that their DNS is correctly setup to use our DNS Service.

Thx
Nev
0
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 250 total points
ID: 39964005
Let me ask it a different way.  Why, other than you wanting them to, why would they want to use your service or even know about it?  Most 'regular' non-technical users don't even know that there is a DNS service.
0
 
LVL 9

Assisted Solution

by:rfportilla
rfportilla earned 250 total points
ID: 39966505
Without having something run on the client computer, there is no way to do this.  You can only verify that they got to the correct location (because they were able to resolve the name to the proper IP and get to your Web site).  You can't see how they resolved it (DNS, hosts file, etc.) and the browser does not provide this information.  

Moreover, the way DNS works is that as long as the first DNS server responds (bad or good), it does not go to a second.  DNS does not fail to a 2nd DNS unless it is down.  This means that you are completely on the hook for all DNS requests.  If your DNS becomes overloaded or has connection issues, you could be responsible for your customers not being able to access the Internet.
0
 
LVL 1

Accepted Solution

by:
collinsn earned 0 total points
ID: 39967433
I have worked out a way to do what I need by some clever PHP Scripting and a spare IP on the server link to a subdomain.

Unfortunately, none of the comments helped and I've had to pay a resource on freelancer to do this for me.

Nev
0
 
LVL 9

Expert Comment

by:rfportilla
ID: 39967445
I'm sorry we couldn't be more help.  Would you mind sharing the method by which you are doing this?
0
 
LVL 1

Author Closing Comment

by:collinsn
ID: 39979862
Unfortunately, did not get the answer needed,
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
This article discusses four methods for overlaying images in a container on a web page
The viewer will learn how to count occurrences of each item in an array.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question