Answered: DNS security scan

MikeTO

Junior Member
I am not using PP DNS due to the lack of security compared to my isp dns or dsn advantage dns servers. I had tried several dns servers and it seems someone is attacking dns servers to play games with me.
If you take a look external pings and external queries are ignored. I have tried to convince other vpn provider of this problem but they didn't take it seriously. So with that issue and another issue they had I came here.

I am hoping this problem will be solved.
First two pics are dns scans of my ISP and the the last two is with dns advantage. This isn't the case with PP's dns servers.
https://imgur.com/a/9drqU

I have scanned with Steve Gibson dns scanner to check dns vulnerabilities.

https://www.grc.com/dns/
 
Solution
I don't really get it..

All PP servers show "Anti-Spoofing Safety : Excellent" in the screenshot you submitted.
Why do you think that reacting to pings is a problem? We want our DNS ips to be pingable.
Also rejecting external querys is nicer than just ignoring them.
I don't see how these 2 points are related so security, please elaborate if you think this is a security problem.

Regards
Lars
I don't really get it..

All PP servers show "Anti-Spoofing Safety : Excellent" in the screenshot you submitted.
Why do you think that reacting to pings is a problem? We want our DNS ips to be pingable.
Also rejecting external querys is nicer than just ignoring them.
I don't see how these 2 points are related so security, please elaborate if you think this is a security problem.

Regards
Lars
 
Solution
I guess there's a possibility with dns poisoning attack. I have a hacker following me. First I used strongvpn then they used their dns server weakeness but also with their weak vpn weak keys. I moved to ivpn.net and I had the same problem. Although I'm not 100% sure. Strongvpn and ivpn both disable external pings. Strong vpn had a very slow internet connection due to the external queries replies. Users were complaining about slow connect. Eventually they did change to ignore external queries and the problem stopped.

Ignoring pings according to the web site reduces possibility of dns poisoning. As you can see my ISP ignores both external queries and pings. For example I had issues with google dns where a hacker would simply disconnect me at my router level. Mind you they accepted external queries. In the end I ended up using dns advantage and I haven't had problems since.
 
  • According to the website.
  • "

  • External Ping:
    This is the classic “ping” (ICMP Echo) test to which most Internet appliances of any type will reply. Ignoring external pings (pings originating from outside the ISP's own local network) renders devices somewhat less visible, especially if the server also ignores external DNS queries.
  • External Query:
    Any DNS resolver that only resolves DNS queries on behalf of its own ISP's network clients, while ignoring resolution queries originating from the Internet outside of the ISP's network, will be significantly more difficult, if not impossible, to spoof. If your ISP's resolvers ignore external queries you may have nothing to worry about — period."
https://www.grc.com/dns/dns.htm
 
Back
Top