I’m pretty surprised it can detect the name server I set up on my router side. I also set VPN on my router side, not using a VPN software on my PC.
I’m a programmer, when I use the fetch API to fetch a URL, the browser will send the domain name to the DNS I configured on my OS (which pointed to my router), and then an IP address will be sent back, so that the request can be made to the returned IP address. But the whole process should be transparent to my webpage, it shouldn’t have any knowledge of which name server I use.
If you open Dev Tools of Chrome, you will see it makes 50 requests to some randomly generated domains, each of them returns the DNS server you use to resolve these domains. How can this be possible?
Moreover, some sites can even guess my real IP. I want to know the theory behind it, the truth and details.
SAFETY NOTICE: Reddit does not protect you from scammers. By posting on this subreddit asking for help, you may be targeted by scammers (example?). Here’s how to stay safe:
Never accept chat requests, private messages, invitations to chatrooms, encouragement to contact any person or group off Reddit, or emails from anyone for any reason. Moderators, moderation bots, and trusted community members cannot protect you outside of the comment section of your post. Report any chat requests or messages you get in relation to your question on this subreddit (how to report chats?how to report messages?how to report comments?).
Immediately report anyone promoting paid services (theirs or their “friend’s” or so on) or soliciting any kind of payment. All assistance offered on this subreddit is 100% free, with absolutely no strings attached. Anyone violating this is either a scammer or an advertiser (the latter of which is also forbidden on this subreddit). Good security is not a matter of ‘paying enough.’
Never divulge secrets, passwords, recovery phrases, keys, or personal information to anyone for any reason. Answering cybersecurity questions and resolving cybersecurity concerns never require you to give up your own privacy or security.
It’s a clever trick - the site generates unique random domain names and makes your browser send a request to them. Your DNS server doesn’t know these domains so it will pass the request further, all the way to some DNS owned by BrowserLeaks. BrowserLeak records where this is coming from and sends the data back to the frontend.
The DNS request is first sent to the DNS server configured on my router, since there is no cache for this brand-new domain, the request will go all the way up to my DNS server, two questions:
When the request reaches to my DNS server, will it know all the IP addresses of DNS servers on the way, that is `DNS server`, `DNS server A`, `DNS server B`, and `DNS server C`?
Is it possible to tell the domain registry to use my own DNS server? Is this easy to achieve?
After all this, the browser will get the IP of `My server`, then `My server` will ask `My DNS server` which DNS servers have asked it to resolve the random domain, am I right?
Frankly I’m not sure, DNS is pretty complicated with multiple kinds of DNS servers that serve different purposes and how they communicate in detail is out of my depth.
From what I understand the communication is intentionally minimal and your DNS server negotiates the request inside the infrastructure on your behalf so everything else communicates only with it, and the result is then returned to you by the same server. It would explain why BrowserLeaks can see your DNS making that request as it would be the only relevant information available to it and some kind of full route passing wouldn’t be a concern.
My understanding might be wrong or incomplete so you best research this further.