It doesn't but I meant configure it as in set it up on your PC. I edited my post with few basic, simple steps by which you can test why ControlD doesn't protect you from DNS rebinding attacks.
DNS rebinding attacks
- Thread starter Parkinsond
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
It is not ControlD fault, all those without settings failed the test; to pass, must use dns with settings including dns rebind protection; I'm sure controld paid will pass.
It's not ControlD's fault because then it wouldn't work for me and everyone else. As I said, it's either Edge acting up or your PC. Go to dnscheck.tools; maybe there's DNS leak on your end.
Try to test with a portable browser, that will help you to determine whether it caused by the browser and it's settings or extensions or by Windows or another app like AV.
That's what I do. Whenever I have an issue, I download portable web browser and test if same issue occurs in it too.
If the browser the culprit, why the test passed with the exact same browser but with a different dns provider?
Might be saved cookies, browser's cache, some special config. AdguardDNS partially blocks ControlD, something like that could interfere with the test.
You could enable origin settings, not sure if it affects DNS rebinding, but it is worth a try.
Control D Free Hagezi Pro also passes the test here. I'm curious, do you find false positives with the Pro Plus?
If Edge doesn't pass, I'd download Chrome Portable and try in it. In case DNS rebinding protection works in Chrome with ControlD, then God knows what Edge is doing with DNS. It's a question for them, not us, as DoH implementation differs from browser to browser. Firefox has terrible DoH implementation for example.
Maybe one or two, reported to GitHub and it was fixed promptly. I found more false positives with other block lists; barely any with HaGeZi which is why I stick to it.
Actually AG free dns (customizable with account) passed the test provided by ControlD; ControlD free dns is the one which failed the test provided by ControlD.
In addition, NextDNS passed the test; it is not cookies issue; it is simple, NextDNS and AG dns (with account) have the option of dns rebinding protection to be enabled.
I will try Chrome, but not the portable; here I compare nonportable edge with nonportable chrome; if I get the same results, then it is certainly not a browser issue, but a dns one.
Have you tried Firefox Portable? Does it work there? If it doesn't work in Firefox, it's something system-level in question. Can't be DNS because it we'd have the same issue.
Brave works for me too:
Using only chromium browsers; used FF very long time ago.
No, no, you would use Firefox just to test this. This is why I specifically mentioned Firefox Portable. So you don't need to install another browser just to test this.
Chromium browsers leak via unencrypted DNS, when it is blocked, Edge causes 5 secs delay every 5 mins (DNS Cache). I reported it 3 years ago, still no fix.
Attachments
That's bad. Is it just Edge or other Chromium browsers as well?
Well, I should correct myself, Chrome based browsers, the leak affects Chrome, Brave, Edge, but not Chromium. Clearly a bonus tracking feature added afterwards.
Attachments
I had to allow it, otherwise it would be blocked by default because it was not on the TLD list:
Aha, so that explains why DoH response time in Firefox is slower than in Chromium based browsers. I have this setting disabled because when I use ControlD Setup Utility for system-wide DoH3, response time is 30ms.
It's always a good idea to turn off ad blockers on testing sites to get accurate results.
You may also like...
-
-
-
-
Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers- Started by Parkinsond
- Replies: 10
-
