DNS identfication and mitigation for Android phone

Jonathan Camacho
Jonathan Camacho used Ask the Experts™
on
What are some reasons for not being able to ID my DNS server (specifically on my android phone)? My isp is At&t.  It's not that I don't have an address to lookup. It's more so that the windows nslookup command and the website https://www.whatsmydns.net/ yield no results.
Also, if someone could provide some mitigation steps or useful references  .

Much appreciated
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
nociSoftware Engineer
Distinguished Expert 2018

Commented:
The site you mention just checks if your name is still in some caches with old values instead of new ones, after your update your master DNS.
This would only work for PUBLIC dns records, never for private ones.

It can only tell you your DNS server if you ask for NS records.

The site works...
If you try that site with names with global coverage like google.com / fb.com you will see interesting results for IP addresses... they all differ.

So exactly are you trying to accomplish.
Jonathan CamachoInfrastructure Support Specialist

Author

Commented:
I would like to verify the DNS server IP information I have to see if it does in fact belong to my mobile At&t ISP I use and that I'm not being redirected to a malicious or suspicious one.  It's not my personal/private DNS server. Could it be that my At&t mobile ISP has a private DNS server that I can not verify? Is this common for ISP?


Thanks
Software Engineer
Distinguished Expert 2018
Commented:
I have no idea what IP information you have... here are some tools.

verify DNS:
dig +trace ns host.name.to.check
dig +short a host.name.to.check
dig +short aaaa host.name.to.check

IP Address:
https://whatismyipaddress.com/

If a site has a certificate:
curl -v https://host.name.to.check
(curl is a command line web tool, obtainable through

SSL Labs Certificate tester:
https://www.ssllabs.com/ssltest/analyze.html

From a client access a known server and verify through it's logs the IP addresses match....
For a target server dns trace can help, as well as https  certificate info.

Your ISP MAY use a different DNS server to send you the info if they like.
And they might transparantly pass traffic to known services though their own proxy, nothing can be done about that.
Without DNSSEC and SSL and a lot of things protected by VALID  (= matching certificates) encryption and possibly also use a different ISP to see if there are differences that are hard to explain... (f.e.  one site having two different signing CA's)  things are hard.

Only using Encryption done in the right way on ALL data transfers might get things right.
Using TOR might help as that also requires things to match elsewhere, then again not all sites are  accessible through TOR.
OWASP: Threats Fundamentals

Learn the top ten threats that are present in modern web-application development and how to protect your business from them.

Jonathan CamachoInfrastructure Support Specialist

Author

Commented:
Thank you very much for time and effort.
nociSoftware Engineer
Distinguished Expert 2018

Commented:
curl is available on: https://curl.haxx.se/   (that part went missing appearantly).
Jonathan CamachoInfrastructure Support Specialist

Author

Commented:
I'll brush up on this new resource.

Mean time if you don't mind retrieving some information from this private DNS server IP ( 172.26.38.1).

Thanks

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial