Secure DNS Traffic – Learning From Scott Helme

Posted on | By BusySignal

Your web traffic consists of protocols and the ports they travel over the network and some are encrypted and some are not. The “Are Not” part is the important situation I have been investigating.

When you open a web browser there are a number of different ways to connect to a site through a browser however focusing on website traffic there are two main ports.

Web Browsing Ports:

  • TCP/IP – Port 80 – Normally Not Encrypted and identified with HTTP:// in the browser
  • TCP/IP – Port 443 – Normally Encrypted and identified with HTTPs:// in the browser.
  • An additional point, most browsers are just indicate “SECURE” with a nice GREEN Lock Icon and “NOT SECURE” indicating a red lock icon

Many sites today are moving to HTTPs which is using TLS to encrypt the data between browser and hosting server that is sending you the web pages you’re requesting and the data you’re entering onto these websites.

As mentioned in the previous PiHole DNS post, the Name Server is how you get to the actual server. We cannot remember numbers for all out favorite sites and therefore Name Servers are needed. This traffic is regularly NOT Encrypted and there are/were a number of reasons for this. However the purpose of this situation and in today’s privacy conscious world – it would better if we could control this traffic like we do for Web Browsing.

DNS Ports & Control

  • UDP – Port 53 – Not encrypted – no lock, no indication of its level security.

Short Port & Protocol Discussion

You should immediately notice that HTTP Web Browsing ports are identified as TCP and the DNS ports are identified with UDP. The difference between port types are significant and I’ll link to some deeper explanations.

  • TCP/IP stands for “Transmission Control Protocol” and the IP portion refers it as a the “Internet Protocol” suite – it is a transaction based communication; it has some intelligence where it can wait and confirm data sent and received and can even request data to be resent if it can detect that there was a problem during transmission.
  • UDP stands for “User Datagram Protocol” : it is connection-less based; it will send data regardless of a response, it will send data regardless of knowing if it was received on the other end.

As I continue to work to control the network traffic and understand what is happening and being “aware” of what they are doing the one item that stood out was that the DNS requests, over their port, 53, were still not encrypted. This means that if someone were to monitor the network traffic at the ISP they could see the DNS requests being sent out. Seeing this data meant they could see what sites I was attempting to go to. If they were already this deep into network monitoring they can see the DNS and unencrypted HTTP traffic.

Scott Helme To The Rescue

Recently in searching out Twitter to find security minded people to follow I came across Scott’s post about PiHole and Encrypting the DNS Traffic. I followed his article and found it easy to use and if you are also interested in encrypting your DNS traffic I strongly suggest his tutorial:
https://scotthelme.co.uk/securing-dns-across-all-of-my-devices-with-pihole-dns-over-https-1-1-1-1/

 

Category: Network, Security | Tag: , , , , , , , , , , , ,