Security/Privacy risk - leaking DNS

Thanks again for a great program, just a little question.

It looks like this program is leaking DNS requests. this is of course be a serious privacy/security issue.

DNS requests are not sent to the proxyadress that's entered in the program, could this be changed in the future, so that it either goes to the proxy IP you specify in the program or could you have the possibility to add a separate proxy for DNS requests.

Does anyone have suggestion for a good program(for Windows XP/Vista/Windows2003, 32 or 64 bit) to catch these DNS requests in the meantime until this can be fixed

Hi,
from
[java.sun.com]

Quote

Host Name Resolution
Host name-to-IP address resolution is accomplished through the use of a combination of local machine configuration information and network naming services such as the Domain Name System (DNS) and Network Information Service(NIS). The particular naming services(s) being used is by default the local machine configured one. For any host name, its corresponding IP address is returned.

Reverse name resolution means that for any IP address, the host associated with the IP address is returned.

The InetAddress class provides methods to resolve host names to their IP addresses and vice versa.

So it means that it depends on your machine configuration. Your DNS servers will be used. Even you would be right, there is no option to change any behaviour.

-------------------------------------

Vity Wrote:
-------------------------------------------------------
> Hi,
> from
> [java.sun.com]
> tAddress.html
>
> Host Name Resolution
> Host name-to-IP address resolution is accomplished
> through the use of a combination of local machine
> configuration information and network naming
> services such as the Domain Name System (DNS) and
> Network Information Service(NIS). The particular
> naming services(s) being used is by default the
> local machine configured one. For any host name,
> its corresponding IP address is returned.
>
> Reverse name resolution means that for any IP
> address, the host associated with the IP address
> is returned.
>
> The InetAddress class provides methods to resolve
> host names to their IP addresses and vice versa.
>
> So it means that it depends on your machine
> configuration. Your DNS servers will be used. Even
> you would be right, there is no option to change
> any behaviour.


Does this mean it's a limitation for all programs built in java, and that it cannot be solved internally in the program ?

If that is the case, what program do you recommend(for Windows XP) people to use to catch these DNS requests to send to the IP (and port) of there choice if you don't want it sent to the standard DNS you have set on your windows XP machine.

Yes. It means that your system DNS settings is used. Do you know any other application, which supports what you want?

>> If that is the case, what program do you recommend(for Windows XP) people to use to catch these DNS requests to send to the IP (and port) of there choice if you don't want it sent to the standard DNS you have set on your windows XP machine.
I don't know.

-------------------------------------

Yes of course i do.Just to mention a few that supports safe DNS requests over proxy:

WebBrowsers: Firefox, Opera, Konqueror
Mail: Thunderbird, Fetchmail
Instant messaging: qip, ICQ, Pidgin, Konversation, Kopete, Psi, Miranda, Bitlbee, Gadu-Gadu, Gajim
IRC/SILC: weechat,X-Chat, mIRC,Trillian, KVIrc
Filesharing: Emule, µTorrent, Azureus
FTP: FileZilla, Wget (FTP), Firefox, SmartFTP, gFTP 2, LFTP

It basically depends on if your program supports socks proxy 4, 4a or 5.
Basically 4a would do the trick, if program uses 5 it could go wrong if the programmer hasn't been carefully, the application should then NOT try to resolve address .locally first.
on.

SOCKS proxy is not supported directly by FRD. But you can search for java.net system properties to setup socksProxy.

-------------------------------------





Edited 1 time(s). Last edit at 08/26/2009 11:24AM by Vity.