Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Software Troubleshooting
Should DNS Client Service Be Disabled When Using MVPS Host File?
Message
<blockquote data-quote="ForgottenSeer 58943" data-source="post: 708872"><p>DNS Client is just local caching of DNS. DNS Client can safety be disabled and won't impact your computer or any programs on it for the most part, but resolution of DNS entries may be 'slightly' slower. DNS Client is basically your local DNS Cache so resolution doesn't have to traverse the WAN. A host file is loaded into the DNS Client, and after X number of entries it can cause slow resolutions. (but not slow speed)</p><p></p><p>DNS Client actually has MANY issues. First, it can be used to spy on you. A piece of malware, spyware or telemetry gathering tool can harvest plain-text stored DNS Client Cache and determine every site you've ever visited since the last flush. As you can see this is problematic. STEAM has used DNSClient to spy and discover if people went to cheating websites, then VAC ban them as a result of DNSClient Cache without any evidence of actual hacking use.</p><p></p><p><a href="https://www.ghacks.net/2014/02/16/steams-vac-protection-now-scans-ans-transfers-dns-cache/" target="_blank">Steam's VAC protection now scans and transfers your DNS cache - gHacks Tech News</a></p><p></p><p>Windows DNS Resolution also uses Multi-Homed. What this does is Windows seeks out 'other' DNS sources on your network of it's own accord to find a 'faster' resolution other than primary DNS forwarder. This is both dangerous and reckless as it violates DNS integrity on a network and can cause DNS Hijacking. If a closer DNS is maliciously served, then all entities on your network change resolution to the multi-homed version which has a shorter resolution time. This 'feature' of Windows should be immediately disabled.</p><p></p><p>Can DNSClient go away? Certainly. Will it slow resolution? Possibly.. There are many variables. If you have a fast DNS resolver then the impact will be tiny if at all noticeable. If your router caches DNS and has a fast forwarder you won't notice any decline. If you have a local DNS Server (Windows Server, BIND, Pi-Hole)then you may want to disable it. Also they've greyed out the service controls for it so you need to get more creative to disable it. Despite this client being a targeted service for Malware, Microsoft has decided you should always have it on..</p><p></p><p>Microsoft assumes almost nobody plays in the registry but you can safely disable DNS Client by changing START TYPE to 4 (from 2) in;</p><p>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache</p><p></p><p>I've disabled it on every machine. I don't want M$ caching everything I visit, do you? Besides, my local DNS server is WAY faster than windows and actually made my resolutions noticeably faster once it was disabled.</p></blockquote><p></p>
[QUOTE="ForgottenSeer 58943, post: 708872"] DNS Client is just local caching of DNS. DNS Client can safety be disabled and won't impact your computer or any programs on it for the most part, but resolution of DNS entries may be 'slightly' slower. DNS Client is basically your local DNS Cache so resolution doesn't have to traverse the WAN. A host file is loaded into the DNS Client, and after X number of entries it can cause slow resolutions. (but not slow speed) DNS Client actually has MANY issues. First, it can be used to spy on you. A piece of malware, spyware or telemetry gathering tool can harvest plain-text stored DNS Client Cache and determine every site you've ever visited since the last flush. As you can see this is problematic. STEAM has used DNSClient to spy and discover if people went to cheating websites, then VAC ban them as a result of DNSClient Cache without any evidence of actual hacking use. [URL='https://www.ghacks.net/2014/02/16/steams-vac-protection-now-scans-ans-transfers-dns-cache/']Steam's VAC protection now scans and transfers your DNS cache - gHacks Tech News[/URL] Windows DNS Resolution also uses Multi-Homed. What this does is Windows seeks out 'other' DNS sources on your network of it's own accord to find a 'faster' resolution other than primary DNS forwarder. This is both dangerous and reckless as it violates DNS integrity on a network and can cause DNS Hijacking. If a closer DNS is maliciously served, then all entities on your network change resolution to the multi-homed version which has a shorter resolution time. This 'feature' of Windows should be immediately disabled. Can DNSClient go away? Certainly. Will it slow resolution? Possibly.. There are many variables. If you have a fast DNS resolver then the impact will be tiny if at all noticeable. If your router caches DNS and has a fast forwarder you won't notice any decline. If you have a local DNS Server (Windows Server, BIND, Pi-Hole)then you may want to disable it. Also they've greyed out the service controls for it so you need to get more creative to disable it. Despite this client being a targeted service for Malware, Microsoft has decided you should always have it on.. Microsoft assumes almost nobody plays in the registry but you can safely disable DNS Client by changing START TYPE to 4 (from 2) in; HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache I've disabled it on every machine. I don't want M$ caching everything I visit, do you? Besides, my local DNS server is WAY faster than windows and actually made my resolutions noticeably faster once it was disabled. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
