Solved

Identify Clients DNS Settings

Posted on 2014-03-28
17
208 Views
Last Modified: 2014-04-05
Hi,

I need to be able to identify that a visitor, visiting my site is using the correct DNS Settings.  Is there any method / script to confirm this.

Thx
Nev
0
Comment
Question by:collinsn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 2
  • +1
17 Comments
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 39961316
How do you define "correct?"  What would be some examples of correct vs. incorrect?
0
 
LVL 1

Author Comment

by:collinsn
ID: 39961341
We have clients that I need to validate if their Primary and Secondary DNS settings are set to ours, rather than google, e.g. 8.8.8.8 or 8.8.4.4
0
 
LVL 9

Expert Comment

by:rfportilla
ID: 39961355
I think the best way is with firewall configuration.  This will not "validate", but it will enforce compliance.  Essentially, create a firewall rule that allows access to port 53 UDP/TCP to accepted dns servers and restrict all others.  

Depending on the firewall, you may even be able to distinguish between guests and authenticated users.  

One caveat, make sure DHCP is setup with the correct DNS settings.
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 
LVL 110

Expert Comment

by:Ray Paseur
ID: 39961401
Agree with rfportilla.  Why simply validate if what you really want is enforcement?
0
 
LVL 1

Author Comment

by:collinsn
ID: 39961589
Hi, this is not what I'm looking for.

Let me ask the question a different way.  How can I see what DNS a client is using when visiting my WebSite?
0
 
LVL 9

Expert Comment

by:rfportilla
ID: 39961612
I see, web site, not physical location.

You can't.  It's like trying to figure out where someone looked up your phone number without specifically asking them.
0
 
LVL 1

Author Comment

by:collinsn
ID: 39961618
I know you can get their IP through PHP, so was hoping I could get all the details.
0
 
LVL 9

Expert Comment

by:rfportilla
ID: 39961616
DNS is like a public phone book.  The browser only checks it for the IP address and then makes the request directly to the IP.  There is no protocol support (or requirement) to transmit the DNS server info.
0
 
LVL 9

Expert Comment

by:rfportilla
ID: 39961623
If there is a specific problem related to this, maybe you should post that instead.  If you are concerned with DNS pointing to the wrong place, you can shorten the TTL of the DNS records so that clients are pulling stale records.
0
 
LVL 1

Author Comment

by:collinsn
ID: 39961764
I understand DNS and IP Tables Firewall, I was just hoping to find a way of confirming a user on our site has the correct DNS entries configured when using the SmartDNS services I'm providing...
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39962430
SmartDNS services I'm providing
Are these 'public' DNS services like Google's?  Most people get DNS thru their ISP (and don't know where they are getting it either!).  I can't see that they could use your service (unless it is public) or that there is any way for you to check what they're using.
0
 
LVL 1

Author Comment

by:collinsn
ID: 39963465
Yes, my DNS servers are public using ACL list based on IP Address to control access. I'm just looking for a way to show the user that their DNS is correctly setup to use our DNS Service.

Thx
Nev
0
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 250 total points
ID: 39964005
Let me ask it a different way.  Why, other than you wanting them to, why would they want to use your service or even know about it?  Most 'regular' non-technical users don't even know that there is a DNS service.
0
 
LVL 9

Assisted Solution

by:rfportilla
rfportilla earned 250 total points
ID: 39966505
Without having something run on the client computer, there is no way to do this.  You can only verify that they got to the correct location (because they were able to resolve the name to the proper IP and get to your Web site).  You can't see how they resolved it (DNS, hosts file, etc.) and the browser does not provide this information.  

Moreover, the way DNS works is that as long as the first DNS server responds (bad or good), it does not go to a second.  DNS does not fail to a 2nd DNS unless it is down.  This means that you are completely on the hook for all DNS requests.  If your DNS becomes overloaded or has connection issues, you could be responsible for your customers not being able to access the Internet.
0
 
LVL 1

Accepted Solution

by:
collinsn earned 0 total points
ID: 39967433
I have worked out a way to do what I need by some clever PHP Scripting and a spare IP on the server link to a subdomain.

Unfortunately, none of the comments helped and I've had to pay a resource on freelancer to do this for me.

Nev
0
 
LVL 9

Expert Comment

by:rfportilla
ID: 39967445
I'm sorry we couldn't be more help.  Would you mind sharing the method by which you are doing this?
0
 
LVL 1

Author Closing Comment

by:collinsn
ID: 39979862
Unfortunately, did not get the answer needed,
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
can i read my emails on lamp ftp 4 70
What kind of script/language created this graph? 6 65
SSL on Apache 2... config file 1 33
Doubt with angularJs with PHP 4 20
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question