Couple of days ago one of our readers, Thomas, wrote about weird DNS requests that he is seeing coming from his machine. After spending some time he found out that Chrome is sending those requests that he could not explain every time it is started. In a normal setup this results in a “No such name” response from your DNS server, as you can see in the screenshot above. If the owner of the DNS server you use has a wildcard setup, each of these requests will result in a response (which is normally even the same) so Chrome knows that there is someone potentially modifying DNS responses. This can happen for example also on wireless networks where you have to authenticate through a browser in order to get access to the Internet. However, this is not all. Chrome actually does quite a bit of extra DNS lookups that some people might not be happy with. When a user is typing in a URL in Chrome’s address bar, Chrome automatically tries to determine if the user typed in a domain and tries to resolve it in the background.
www.cnn.com ends up at www.cn (China) |
Bojan 396 Posts ISC Handler Jan 26th 2011 |
Thread locked Subscribe |
Jan 26th 2011 1 decade ago |
I'm not sure what Chrome does when it finds someone "modifying DNS responses," but services such as OpenDNS will always return an IP, even for a malformed query.
# nslookup doesnotexist.lan Server: 208.67.222.222 Address: 208.67.222.222#53 Non-authoritative answer: Name: doesnotexist.lan Address: 67.215.65.132 I'm not sure if any other DNS providers do this, but I imagine it's possible. Again, I don't know what Chrome does in these cases, but I thought I would throw this out there. |
ScottM 1 Posts |
Quote |
Jan 26th 2011 1 decade ago |
This is not a new behavior in Chrome, has been around for a while and has implications for certain specific gTLDs when the browser autocompletes to www.cnn.com to www.cnn.co or www.foo.net to www.foo.ne. But thats just the tip of the iceberg.
There was a study presented by us a year ago at LEET referenced here: http://www.usenix.org/event/leet10/tech/full_papers/Krishnan.pdf |
ScottM 1 Posts |
Quote |
Jan 26th 2011 1 decade ago |
Google is Evil.
Google Comes Under Fire for 'Secret' Relationship with NSA. http://www.pcworld.com/article/217550/google_comes_under_fire_for_secret_relationship_with_nsa.html |
dec0der 7 Posts |
Quote |
Jan 31st 2011 1 decade ago |
Outside of prefetching, has anyone looked at the built in DNS intranet redirect detector?
https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/intranet_redirect_detector.cc&l=79 This often triggers security signatures related to Domain Generated Algorithms. Chrome does 3 attempts, all 3 are different. Name is 7-15 a-z chars long, no numbers or special chars (such as '-'). Windows adds DNS suffix registered in the system. |
dec0der 1 Posts |
Quote |
Feb 13th 2016 5 years ago |
I have also heard that those search result pages with different domain name also pre fetch in background is it true?
As there any tool to check how much DNS take time to resolve? |
Goyllo 2 Posts |
Quote |
Sep 30th 2016 4 years ago |
Sign Up for Free or Log In to start participating in the conversation!