Advice Request Worst case scenario for using a not trusted DNS?

Please provide comments and solutions that are helpful to the author of this topic.

Farhad24

Level 1
Thread author
Mar 24, 2021
24
Hello,

So based on my condition and probably most of people from my country(Iran) that got a very similiar condition,
I have to use a DNS from a provider that i don't know nothing about it. there is a privacy policy on their website but you know, it's Iran. in this country Privacy policies mean nothing. if they can they do abuse. unless they are good persons which we can't know ( they say they are tho. but that's just word you know. )

so why do i and people like me in Iran have to use their DNS? well most of companies like Java Paypal VISA .. AMD ..Adobe, Google, VMWare name it 99% of cybersecurity companies like AVAST Norton McAfee Kaspersky ESET GDATA SOPHOS etc.. they just blocking Iran IPs.
And the thing this DNS does i have no idea how but we can use the services that blocking our IPs the mentioned services/websites/products works when we use this DNS.
the location is still Iran when i check whatismyip websites obviously it doesn't change my country. but somehow it let us use services that blocking us.

so with that being said we kinda have to use their DNS. so what i and probably people in my situation might like to know is that what they can do if let's assume they are bad guys behind this DNS, what they can do to us worst scenario? and can we stop it while we using their service? like with using our IT knowledge etc?

Thanks in advance for your thoughts.
 

The_King

Level 12
Verified
Top Poster
Well-known
Aug 2, 2020
542
DNS servers basically translates a website's address like Amazon.com to a server IP address for that website 205.251.242.103

ISP love traditional DNS that uses port 53 because they can monitor (spy), block or shape internet traffic. Not a bad thing if
your ISP is trustworthy. Basically, they can see all the websites you visit.

Using DOH will stop an ISP from seeing your DNS requests has its uses port 443 which is encrypted.

Not sure if those services you mentioned will still work using DOH.
 

The_King

Level 12
Verified
Top Poster
Well-known
Aug 2, 2020
542
Is that the only thing they can do? or they can monitor the whole traffic?

How can i see what port my DNS uses? and i have no idea what is DOH, found an article tho How to enable DNS-over-HTTPS (DoH) in Windows 10
should i just do what this article says in my browsers etc?
Yes and yes they can see all the websites that you visit if you use regular DNS, follow the guide in the link. Cloudflare DOH or NextDNS DOH both are good options.

You can test if your DOH is setup correctly by using these websites.

Cloudflare

NextDNS
 
Last edited:
  • Thanks
Reactions: Farhad24

Farhad24

Level 1
Thread author
Mar 24, 2021
24
Using DOH will stop an ISP from seeing your DNS requests has its uses port 443 which is encrypted.
But if i use DOH then it means i am not using this DNS that i need to get those services work right? because i have tested most DNS so far including 1.1.1.1
It's not working unless i use that particular DNS.
 

The_King

Level 12
Verified
Top Poster
Well-known
Aug 2, 2020
542
But if i use DOH then it means i am not using this DNS that i need to get those services work right? because i have tested most DNS so far including 1.1.1.1
It's not working unless i use that particular DNS.
Yes, if you use DOH that means you will no longer be using the particular DNS anymore.

A VPN may bypass these Geo service restrictions/blocking, Google had this to say about VPNs in Iran.

VPNs are legal in Iran, but with a very large caveat. People can only sign up with a VPN provider that is registered and approved by the government.
 
  • Like
Reactions: Farhad24

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
How can i see what port my DNS uses? and i have no idea what is DOH,

I have bookmarked this article by Cisco: DoH! To block or not to block? there Firewall ports are confirmed, already mentioned above by @The_King
DoH works just like DNS, except it uses Transmission Control Protocol (TCP) to transmit and receive queries. Both take a domain name that a user types into their browser and sends a query to a DNS server to learn the numerical IP address of the web server hosting that site. The key difference is DoH takes the DNS query and sends it to a DoH-compatible DNS server (resolver) via an encrypted HTTPS connection on port 443, rather than plaintext on port 53. DoH prevents third-party observers from sniffing traffic and understanding what DNS queries users have run, or what websites users are intending to access. Since the DoH (DNS) request is encrypted, it’s even invisible to cyber-security software that relies on passive DNS monitoring to block requests to known malicious domains.

Description for Firewall ports and related purposes:
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top