Gaurav Kansal Blog

In this post, i will talk about configuring firefox browser to use DoH and not to fallback to OS native resolver  Step 1 :- Configure DoH like the way it is mentioned here - https://support.mozilla.org/en-US/kb/firefox-dns-over-https . I am using  https://doh.nkn.in/dns-query   (which is the DoH server of https://www.nkn.in and in alpha testing stage) as my DoH server in firefox browser. Step 2 :- Check you configuration by typing  about:networking#dns in the browser address bar. Most probably, you will see something like this --  Here, the DoH Mode option handles how firefox manages your DNS queries.  This document (https://wiki.mozilla.org/Trusted_Recursive_Resolver) talks about the options available under 'DoH Mode'. So, if you want to use only DoH and not to fallback to native OS resolver, you can change the value of this parameter to '3'.  Step 3 :- For changing the value of 'DoH Mode' parameter, type  about:config in the browser's address bar and

NIC IPv6 DNS Measurement Measuring who all are querying for nic.in or gov.in domain, what they are querying for and from where they are querying. NIC had tested its IPv6 connectivity with internet peers on June 8, 2011 (World IPv6 day) and next year on World IPv6 Launch Day (June 6, 2012), we had launched our IPv6 DNS Server (having address 2405:8A00:1000::2) along with some websites.  Our IPv6 DNS Servers are live from day one onwards and today we are receiving roughly 54000 queries per hour over IPv6 for various nic.in and gov.in domains. In this paper, we are showing the following statistics:-        1. Who all are querying us     2. What they are querying for     3.    From which part of world we are getting the hits For taking out the bellow stats, we analyzed 7, 69, 00,000 (roughly 7.7 crore) IPv6 queries.     AS wise Query Statistics Autonomous System number (ASn) wise query stat gives us the unexpected results. Although we were pred

DNS Background The Domain Name System Protocol was first designed in 1980s and after that various features has been added while maintaining the compatibility with earlier versions of the protocol. DNS Packet was restricted to UDP 512 bytes in the early releases while keeping in mind the minimum MTU size is of 576 bytes in IPv4. This has been done to check the issues of packet drops, fragmentation and others. This packet size limit of 512 bytes also led to limit the number of root servers to 13 (A to M). In 1999, Paul Vixie proposed extending DNS to allow new flags and Response Codes, and to provide support for longer responses which should also be backward compatible with previous implementation. Mechanism Due to limitation of space in DNS header, no new flags can be added in it. EDNS add information to DNS message in the form of pseudo-RRs included in the ‘additional data’ section of DNS message. This section exist both in Request and Response. The pseudo-RR introduc

Google Public DNS Servers i.e., 8.8.8.8 (which are running in Anycast mode)  was hijacked on 16th of March 2014 for the Internet users of Venezuela and Brazil for nearly 22 mins. Google's Public DNS servers are used for "130 billion DNS queries on average (peaking at 150 billion) from more than 70 million unique IP addresses each day." This makes Google most popular Public DNS service in the Internet world. It is suspected that Hackers exploited a well-know vulnerability in Border Gateway Protocol. There is no-way in BGP to check if particular IP address segment belongs to a particular ISP. RPKI and BGPSEC are the solution of this flaw but these two protocols are still in initial phase and lot or works needs to be done on these protocols. In this particular case, attack kept users from using the internet but no malicious activity has been traced till yet. No redirection of DNS traffic to rogue servers has been traced. This lead to suspect that someone might