Resolver: Automating the security of dns resolutions.

Posted: Nov 11, 2019 - [ 637 Words ] - [ es ]

Table of contents

What is resolver?

Resolver is a small script that configures the name resolution of our system. If installed, also configure dnsmasq, tor and stubby to provide encrypted and secure name resolution.

  • Filter web pages with malware, publicity, inappropriate content, … using the Steven Black hosts file.

  • Reduce the footprints of user DNS requests using the dnsmasq cache and the “dnsmasq addn-hosts” option to resolve names locally. It also saves bandwidth and data.

  • Darkens and protects browsing history if is used with “DNS over TLS with round_robin_upstreams” of stubby and Prevents Dnsleak and Dnshijacking, also escaping from DNS-based content filters.

  • Together with Tor and [Firefox-private.sh] (https://viellosero.github.io/es/posts/5-firefox-privacy/) automate the configuration to navigate a little safer and more privately.

Installation

apt-get install tor dnsmasq stubby

Download resolver in “/usr/sbin/”.

root@kali:~# wget https://raw.githubusercontent.com/VielLosero/scripts/master/resolver/resolver -O /usr/sbin/resolver 
--2019-11-17 18:34:56--  https://raw.githubusercontent.com/VielLosero/scripts/master/resolver/resolver
Resolviendo raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.128.133, 151.101.192.133, 151.101.0.133, ...
Conectando con raw.githubusercontent.com (raw.githubusercontent.com)[151.101.128.133]:443... conectado.
Petición HTTP enviada, esperando respuesta... 200 OK
Longitud: 20695 (20K) [text/plain]
Grabando a: “/usr/sbin/resolver”

/usr/sbin/resolver                      100%[=============================================================================>]  20,21K  --.-KB/s    en 0,03s   

2019-11-17 18:34:57 (616 KB/s) - “/usr/sbin/resolver” guardado [20695/20695]
root@kali:~#

Verify checksum

root@kali:~# sha256sum /usr/sbin/resolver 
f996cfd52468e9798914250ed0a6c6f04ae38e667232ac57a8b3f2e7b7041e95  /usr/sbin/resolver
root@kali:~#

Change permissions

root@kali:~# chmod 700 /usr/sbin/resolver

Execute

root@kali:~# resolver 
Usage: /usr/sbin/resolver {info|install|start|stop|status|update|restart|remove}
root@kali:~# resolver update
Usage: /usr/sbin/resolver {update hosts|update cache|update dns}
root@kali:~#

Usage

Usage: /usr/sbin/resolver {info|install|start|stop|status|update|restart|remove}

  • resolver info
    • Show script information.
  • resolver install
    • Create the working directory “.resolver”.
    • Backup if there are any of the files: hosts, resolv.conf, dnsmasq, torrc, stubby.yml.
    • Download the hosts.filter file with the antimalware filter and copy it to hosts.
    • Configure the DNS to implement the most private and secure solution using hosts, resolv.conf, resolv.dnsmasq, torrc, stubby.yml.
  • resolver start
    • Start daemons resolver, dnsmasq, tor and stubby if installed.
  • resolver stop
    • Stop daemons resolver, dnsmasq, tor y stubby.
  • resolver status
    • Show the status.
  • resolver update hosts
    • hosts: Update the hosts file with anti-malware updates.
  • resolver update cache
    • Update the dnsmasq.hosts file with the new dns requests for cache addn-hosts.
  • resolver update dns
    • Update the resolv, conf or resolv.dnsmasq file with new random dns from the list.
  • resolver restart
    • Start and Stop services.
  • resolver remove
    • Restore backup files.
    • Delete resolver work dir “.resolver”.

Files

Description of the files used in the work directory.

root@kali:~# ls -la .resolver/
total 3824
drwxr-xr-x  2 root root     234 nov 16 20:01 .
drwxr-xr-x 40 root root    4096 nov 17 16:44 ..
-rw-r--r--  1 root root   30579 nov 16 18:24 dnsmasq.conf		--> Backup
-rw-r--r--  1 root root  370785 nov 17 16:26 dnsmasq.hosts		--> Archivo usado por dnsmasq addn-hosts para resolver
-rw-r--r--  1 root root 1295751 nov 17 16:26 dnsmasq.hosts.new		--> Archivo con las peticiones dns nuevas
-rw-r--r--  1 root root  370160 nov 17 16:26 dnsmasq.hosts.old		--> Archivo con petciones dns antiguas, para merge
-rw-r--r--  1 root root  501736 nov 17 16:26 dnsmasq.reply		--> Filtro de Logs con las peticiones reply para cachear
-rw-r--r--  1 root root     213 nov 16 18:24 hosts			--> Backup
-rw-r--r--  1 root root 1279133 nov 16 18:28 hosts.filter_16-11-2019	--> Archivo con los filtros antimalware para hosts
-rw-r--r--  1 root root      51 nov 16 18:24 resolv.conf		--> Backup
-rw-r--r--  1 root root      74 nov 17 16:51 resolv.dnsmasq		--> Archivo usado por dsnamsq para peticiones dns
-rw-r--r--  1 root root   21056 nov 16 18:24 stubby.yml			--> Backup 
-rw-r--r--  1 root root    8939 nov 16 18:24 torrc			--> Backup
root@kali:~#

Examples

Status

root@kali:~# resolver status
Status of resolver 
[*] Resolver daemon running
[*] Dnsmasq running
[*] Tor running
[*] Stubby running
[*] Hosts backup done
[*] Resolv.conf backup done
[*] Dnsmasq.conf backup done
[*] Last download of hosts.filter 16-11-2019
[*] Lines in hosts 44896
[*] Cached entries on dnsmasq.hosts 7584
root@kali:~#

Video

Demo of installation use and uninstall.

Video demo installation usage and uninstall of resolver

back

References:

DNS privacy.

Options for secure DNS.

DoH pros and cons

Licence: CC-BY-SA