What information can an ISP record solely from DNS queries?












3















I realized recently that my VPN's DNS requests were transmitted to my ISP's DNS server (even though my HTTP and HTTPS requests were properly transmitted via the VPN).



I did some research and have a couple of questions about the level of detail that an ISP is able to record.



My question is specifically about DNS requests. I am aware that there are other questions on this and related forums about the details that ISPs can glean from the HTTP and HTTPS traffic.



In terms of privacy, there is a significant difference in an ISP recording a user's DNS request to:



https://www.google.com/


and a request to:



https://www.google.com/search?source=hp&q=ultra+left+wing+support


There is a difference between an ISP recording:



https://www.reddit.com/ 


and:



https://www.reddit.com/r/hot-babes 


My understanding is that DNS queries from users to an (ISP's) DNS server will show the host (https://www.google.com/) but not the specific search term or any part of a URL after the TLD (e.g. .com). Is this correct?



I am asking about both HTTP and HTTPS although I can't see that there would be a difference for DNS requests.



In other words, an ISP can record the sites the user visited (via their DNS look-up logs), but cannot record the search query the user made in the search engine or the specific page(s) of a site that a user visited. To do so, the ISP would have to record the URLs when the user directly accessed the website pages. Is this right?










share|improve this question


















  • 1





    Your ISP could be recording every bit sent to/from your connection.

    – DavidPostill
    Aug 17 '17 at 19:39











  • Depending on what resolutions happen they could guess your OS, software you use and with timing information also usage patterns. They won't (assuming a VPN is used) be able to easily decipher that traffic.

    – Seth
    Aug 18 '17 at 10:12
















3















I realized recently that my VPN's DNS requests were transmitted to my ISP's DNS server (even though my HTTP and HTTPS requests were properly transmitted via the VPN).



I did some research and have a couple of questions about the level of detail that an ISP is able to record.



My question is specifically about DNS requests. I am aware that there are other questions on this and related forums about the details that ISPs can glean from the HTTP and HTTPS traffic.



In terms of privacy, there is a significant difference in an ISP recording a user's DNS request to:



https://www.google.com/


and a request to:



https://www.google.com/search?source=hp&q=ultra+left+wing+support


There is a difference between an ISP recording:



https://www.reddit.com/ 


and:



https://www.reddit.com/r/hot-babes 


My understanding is that DNS queries from users to an (ISP's) DNS server will show the host (https://www.google.com/) but not the specific search term or any part of a URL after the TLD (e.g. .com). Is this correct?



I am asking about both HTTP and HTTPS although I can't see that there would be a difference for DNS requests.



In other words, an ISP can record the sites the user visited (via their DNS look-up logs), but cannot record the search query the user made in the search engine or the specific page(s) of a site that a user visited. To do so, the ISP would have to record the URLs when the user directly accessed the website pages. Is this right?










share|improve this question


















  • 1





    Your ISP could be recording every bit sent to/from your connection.

    – DavidPostill
    Aug 17 '17 at 19:39











  • Depending on what resolutions happen they could guess your OS, software you use and with timing information also usage patterns. They won't (assuming a VPN is used) be able to easily decipher that traffic.

    – Seth
    Aug 18 '17 at 10:12














3












3








3








I realized recently that my VPN's DNS requests were transmitted to my ISP's DNS server (even though my HTTP and HTTPS requests were properly transmitted via the VPN).



I did some research and have a couple of questions about the level of detail that an ISP is able to record.



My question is specifically about DNS requests. I am aware that there are other questions on this and related forums about the details that ISPs can glean from the HTTP and HTTPS traffic.



In terms of privacy, there is a significant difference in an ISP recording a user's DNS request to:



https://www.google.com/


and a request to:



https://www.google.com/search?source=hp&q=ultra+left+wing+support


There is a difference between an ISP recording:



https://www.reddit.com/ 


and:



https://www.reddit.com/r/hot-babes 


My understanding is that DNS queries from users to an (ISP's) DNS server will show the host (https://www.google.com/) but not the specific search term or any part of a URL after the TLD (e.g. .com). Is this correct?



I am asking about both HTTP and HTTPS although I can't see that there would be a difference for DNS requests.



In other words, an ISP can record the sites the user visited (via their DNS look-up logs), but cannot record the search query the user made in the search engine or the specific page(s) of a site that a user visited. To do so, the ISP would have to record the URLs when the user directly accessed the website pages. Is this right?










share|improve this question














I realized recently that my VPN's DNS requests were transmitted to my ISP's DNS server (even though my HTTP and HTTPS requests were properly transmitted via the VPN).



I did some research and have a couple of questions about the level of detail that an ISP is able to record.



My question is specifically about DNS requests. I am aware that there are other questions on this and related forums about the details that ISPs can glean from the HTTP and HTTPS traffic.



In terms of privacy, there is a significant difference in an ISP recording a user's DNS request to:



https://www.google.com/


and a request to:



https://www.google.com/search?source=hp&q=ultra+left+wing+support


There is a difference between an ISP recording:



https://www.reddit.com/ 


and:



https://www.reddit.com/r/hot-babes 


My understanding is that DNS queries from users to an (ISP's) DNS server will show the host (https://www.google.com/) but not the specific search term or any part of a URL after the TLD (e.g. .com). Is this correct?



I am asking about both HTTP and HTTPS although I can't see that there would be a difference for DNS requests.



In other words, an ISP can record the sites the user visited (via their DNS look-up logs), but cannot record the search query the user made in the search engine or the specific page(s) of a site that a user visited. To do so, the ISP would have to record the URLs when the user directly accessed the website pages. Is this right?







vpn dns privacy nameserver






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Aug 17 '17 at 19:29









MetalManMetalMan

211




211








  • 1





    Your ISP could be recording every bit sent to/from your connection.

    – DavidPostill
    Aug 17 '17 at 19:39











  • Depending on what resolutions happen they could guess your OS, software you use and with timing information also usage patterns. They won't (assuming a VPN is used) be able to easily decipher that traffic.

    – Seth
    Aug 18 '17 at 10:12














  • 1





    Your ISP could be recording every bit sent to/from your connection.

    – DavidPostill
    Aug 17 '17 at 19:39











  • Depending on what resolutions happen they could guess your OS, software you use and with timing information also usage patterns. They won't (assuming a VPN is used) be able to easily decipher that traffic.

    – Seth
    Aug 18 '17 at 10:12








1




1





Your ISP could be recording every bit sent to/from your connection.

– DavidPostill
Aug 17 '17 at 19:39





Your ISP could be recording every bit sent to/from your connection.

– DavidPostill
Aug 17 '17 at 19:39













Depending on what resolutions happen they could guess your OS, software you use and with timing information also usage patterns. They won't (assuming a VPN is used) be able to easily decipher that traffic.

– Seth
Aug 18 '17 at 10:12





Depending on what resolutions happen they could guess your OS, software you use and with timing information also usage patterns. They won't (assuming a VPN is used) be able to easily decipher that traffic.

– Seth
Aug 18 '17 at 10:12










4 Answers
4






active

oldest

votes


















2














If the entire connection the web browser makes is over HTTPS, then the ISP will simply see you are communicating with a server address. Remember, DNS requests are not part of the browser, usually. Your computer can make DNS queries all it wants, which will only be, in your examples, www.reddit.com and www.google.com.



Once the web browser knows the IP address to send the request to, the browser encrypts the entire URL you're requesting - For example, https://www.reddit.com/r/hot-babes is encrypted into a string that your computer and Reddit's server would understand. The ISP cannot read this in normal circumstances.



Normal circumstances are for people like me. My ISP does not attempt any sort of Man In The Middle (MITM) attacks, such as making me accept their own root certificate (!). If they forced you to install their own certificate, then it's fair game for them.



This is also mitigated if the sites support HSTS (Hypertext Strict Transport Security). This will hopefully be up to date, and built in to your browsers (Firefox and Chrome both do). If your browser attempts a connection to a site with HSTS setup, the browser will upgrade the connection to HTTPS automatically before making the connection.






share|improve this answer































    1














    In terms of BIND, you cannot. Incoming queries come in and only the hostnames that are queried are shown in the logs along with the source external IP that is making the query, because DNS simply provides the name resolution. You don't really have the ability to view the full URL in the path. If the ISP was somehow intercepting web traffic in order to obtain your internet requests and its request methods, then your privacy would be exposed, but on an ISP level your queries would be a tiny needle in a very large haystack.



    If they wanted to suppress a political activist, they would have to begin to monitor for those sites generally in the BIND logs based on those hostnames that point to said web sites. Even if they get your IP, they really can't do much with the IP alone unless they want to brute force attack the IP all day, which mostly will not expose the privacy of the individual unless the target network does get penetrated.



    If you are curious about ISPs, just use another DNS server or serve your own DNS queries by using a default root hints configuration with no forwarders set, and by keeping your root server list up-to-date. A Microsoft DNS Server provides this simple setup by default and so does BIND from my experience as long as you do not specify any forwarders. If you specify a forwarder on your server, then you are effectively funneling your network DNS requests for zones outside of your network to those public servers. So just keep a basic DNS server config that is untouched (except you'll still want your internal zones of course), and then you are good for DNS privacy, because your server will handle those DNS queries by sending them directly to the root servers bypassing everyone except the biggest of the big boys of each domain jurisdiction. Your DNS will be clean as a whistle, which is why using a server-class OS is worth the time and/or money...






    share|improve this answer


























    • Decent answer to an old question.

      – JakeGould
      Jan 2 at 1:53






    • 1





      This question was showing up in "Hot Network Questions" just today

      – Paul Latour
      Jan 2 at 1:57











    • Well, who knows how the “community” logic filtering works. Regardless, good work!

      – JakeGould
      Jan 2 at 2:39



















    0














    DNS is used to translate domains into IP addresses, thus regardless of whether you are going to "http://www.google.com", "https://www.google.com", "https://www.google.com/q=none_of_your_business", "http://www.google.com/?q=myob" the DNS query will only show a lookup for "www.google.com" because that is all the browser needs in order to find the server.



    Its probably largely irrelevant here, but DNS can also have additional generic information about the domain name you are requesting, like what IP addresses it can send email from - but none of this would be specific to your connection or leak your activity save as to the extent it can tell which domain name you are looking at, and sometimes what kind of service you are using. (For examplw if you are acting as a mail server it will see you are asking for a mail record - but most of the time not even this much.






    share|improve this answer































      0














      Consider some issue where you and two other person using same vpn provider but different website.
      Now if some attacker wants to find who is visiting forbidden.com using vpn from ISP dns log it will be simply one query distence to find.
      I understand it is not common to have access to ISP data but recent trend shows some real big organization have wholesale access to lots of log around world.



      Even DNS log have no info for URL access but with correlate attack it will easy to match 2+2 = 4!






      share|improve this answer























        Your Answer








        StackExchange.ready(function() {
        var channelOptions = {
        tags: "".split(" "),
        id: "3"
        };
        initTagRenderer("".split(" "), "".split(" "), channelOptions);

        StackExchange.using("externalEditor", function() {
        // Have to fire editor after snippets, if snippets enabled
        if (StackExchange.settings.snippets.snippetsEnabled) {
        StackExchange.using("snippets", function() {
        createEditor();
        });
        }
        else {
        createEditor();
        }
        });

        function createEditor() {
        StackExchange.prepareEditor({
        heartbeatType: 'answer',
        autoActivateHeartbeat: false,
        convertImagesToLinks: true,
        noModals: true,
        showLowRepImageUploadWarning: true,
        reputationToPostImages: 10,
        bindNavPrevention: true,
        postfix: "",
        imageUploader: {
        brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
        contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
        allowUrls: true
        },
        onDemand: true,
        discardSelector: ".discard-answer"
        ,immediatelyShowMarkdownHelp:true
        });


        }
        });














        draft saved

        draft discarded


















        StackExchange.ready(
        function () {
        StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1241969%2fwhat-information-can-an-isp-record-solely-from-dns-queries%23new-answer', 'question_page');
        }
        );

        Post as a guest















        Required, but never shown

























        4 Answers
        4






        active

        oldest

        votes








        4 Answers
        4






        active

        oldest

        votes









        active

        oldest

        votes






        active

        oldest

        votes









        2














        If the entire connection the web browser makes is over HTTPS, then the ISP will simply see you are communicating with a server address. Remember, DNS requests are not part of the browser, usually. Your computer can make DNS queries all it wants, which will only be, in your examples, www.reddit.com and www.google.com.



        Once the web browser knows the IP address to send the request to, the browser encrypts the entire URL you're requesting - For example, https://www.reddit.com/r/hot-babes is encrypted into a string that your computer and Reddit's server would understand. The ISP cannot read this in normal circumstances.



        Normal circumstances are for people like me. My ISP does not attempt any sort of Man In The Middle (MITM) attacks, such as making me accept their own root certificate (!). If they forced you to install their own certificate, then it's fair game for them.



        This is also mitigated if the sites support HSTS (Hypertext Strict Transport Security). This will hopefully be up to date, and built in to your browsers (Firefox and Chrome both do). If your browser attempts a connection to a site with HSTS setup, the browser will upgrade the connection to HTTPS automatically before making the connection.






        share|improve this answer




























          2














          If the entire connection the web browser makes is over HTTPS, then the ISP will simply see you are communicating with a server address. Remember, DNS requests are not part of the browser, usually. Your computer can make DNS queries all it wants, which will only be, in your examples, www.reddit.com and www.google.com.



          Once the web browser knows the IP address to send the request to, the browser encrypts the entire URL you're requesting - For example, https://www.reddit.com/r/hot-babes is encrypted into a string that your computer and Reddit's server would understand. The ISP cannot read this in normal circumstances.



          Normal circumstances are for people like me. My ISP does not attempt any sort of Man In The Middle (MITM) attacks, such as making me accept their own root certificate (!). If they forced you to install their own certificate, then it's fair game for them.



          This is also mitigated if the sites support HSTS (Hypertext Strict Transport Security). This will hopefully be up to date, and built in to your browsers (Firefox and Chrome both do). If your browser attempts a connection to a site with HSTS setup, the browser will upgrade the connection to HTTPS automatically before making the connection.






          share|improve this answer


























            2












            2








            2







            If the entire connection the web browser makes is over HTTPS, then the ISP will simply see you are communicating with a server address. Remember, DNS requests are not part of the browser, usually. Your computer can make DNS queries all it wants, which will only be, in your examples, www.reddit.com and www.google.com.



            Once the web browser knows the IP address to send the request to, the browser encrypts the entire URL you're requesting - For example, https://www.reddit.com/r/hot-babes is encrypted into a string that your computer and Reddit's server would understand. The ISP cannot read this in normal circumstances.



            Normal circumstances are for people like me. My ISP does not attempt any sort of Man In The Middle (MITM) attacks, such as making me accept their own root certificate (!). If they forced you to install their own certificate, then it's fair game for them.



            This is also mitigated if the sites support HSTS (Hypertext Strict Transport Security). This will hopefully be up to date, and built in to your browsers (Firefox and Chrome both do). If your browser attempts a connection to a site with HSTS setup, the browser will upgrade the connection to HTTPS automatically before making the connection.






            share|improve this answer













            If the entire connection the web browser makes is over HTTPS, then the ISP will simply see you are communicating with a server address. Remember, DNS requests are not part of the browser, usually. Your computer can make DNS queries all it wants, which will only be, in your examples, www.reddit.com and www.google.com.



            Once the web browser knows the IP address to send the request to, the browser encrypts the entire URL you're requesting - For example, https://www.reddit.com/r/hot-babes is encrypted into a string that your computer and Reddit's server would understand. The ISP cannot read this in normal circumstances.



            Normal circumstances are for people like me. My ISP does not attempt any sort of Man In The Middle (MITM) attacks, such as making me accept their own root certificate (!). If they forced you to install their own certificate, then it's fair game for them.



            This is also mitigated if the sites support HSTS (Hypertext Strict Transport Security). This will hopefully be up to date, and built in to your browsers (Firefox and Chrome both do). If your browser attempts a connection to a site with HSTS setup, the browser will upgrade the connection to HTTPS automatically before making the connection.







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered Aug 17 '17 at 19:52









            Canadian LukeCanadian Luke

            18k3088146




            18k3088146

























                1














                In terms of BIND, you cannot. Incoming queries come in and only the hostnames that are queried are shown in the logs along with the source external IP that is making the query, because DNS simply provides the name resolution. You don't really have the ability to view the full URL in the path. If the ISP was somehow intercepting web traffic in order to obtain your internet requests and its request methods, then your privacy would be exposed, but on an ISP level your queries would be a tiny needle in a very large haystack.



                If they wanted to suppress a political activist, they would have to begin to monitor for those sites generally in the BIND logs based on those hostnames that point to said web sites. Even if they get your IP, they really can't do much with the IP alone unless they want to brute force attack the IP all day, which mostly will not expose the privacy of the individual unless the target network does get penetrated.



                If you are curious about ISPs, just use another DNS server or serve your own DNS queries by using a default root hints configuration with no forwarders set, and by keeping your root server list up-to-date. A Microsoft DNS Server provides this simple setup by default and so does BIND from my experience as long as you do not specify any forwarders. If you specify a forwarder on your server, then you are effectively funneling your network DNS requests for zones outside of your network to those public servers. So just keep a basic DNS server config that is untouched (except you'll still want your internal zones of course), and then you are good for DNS privacy, because your server will handle those DNS queries by sending them directly to the root servers bypassing everyone except the biggest of the big boys of each domain jurisdiction. Your DNS will be clean as a whistle, which is why using a server-class OS is worth the time and/or money...






                share|improve this answer


























                • Decent answer to an old question.

                  – JakeGould
                  Jan 2 at 1:53






                • 1





                  This question was showing up in "Hot Network Questions" just today

                  – Paul Latour
                  Jan 2 at 1:57











                • Well, who knows how the “community” logic filtering works. Regardless, good work!

                  – JakeGould
                  Jan 2 at 2:39
















                1














                In terms of BIND, you cannot. Incoming queries come in and only the hostnames that are queried are shown in the logs along with the source external IP that is making the query, because DNS simply provides the name resolution. You don't really have the ability to view the full URL in the path. If the ISP was somehow intercepting web traffic in order to obtain your internet requests and its request methods, then your privacy would be exposed, but on an ISP level your queries would be a tiny needle in a very large haystack.



                If they wanted to suppress a political activist, they would have to begin to monitor for those sites generally in the BIND logs based on those hostnames that point to said web sites. Even if they get your IP, they really can't do much with the IP alone unless they want to brute force attack the IP all day, which mostly will not expose the privacy of the individual unless the target network does get penetrated.



                If you are curious about ISPs, just use another DNS server or serve your own DNS queries by using a default root hints configuration with no forwarders set, and by keeping your root server list up-to-date. A Microsoft DNS Server provides this simple setup by default and so does BIND from my experience as long as you do not specify any forwarders. If you specify a forwarder on your server, then you are effectively funneling your network DNS requests for zones outside of your network to those public servers. So just keep a basic DNS server config that is untouched (except you'll still want your internal zones of course), and then you are good for DNS privacy, because your server will handle those DNS queries by sending them directly to the root servers bypassing everyone except the biggest of the big boys of each domain jurisdiction. Your DNS will be clean as a whistle, which is why using a server-class OS is worth the time and/or money...






                share|improve this answer


























                • Decent answer to an old question.

                  – JakeGould
                  Jan 2 at 1:53






                • 1





                  This question was showing up in "Hot Network Questions" just today

                  – Paul Latour
                  Jan 2 at 1:57











                • Well, who knows how the “community” logic filtering works. Regardless, good work!

                  – JakeGould
                  Jan 2 at 2:39














                1












                1








                1







                In terms of BIND, you cannot. Incoming queries come in and only the hostnames that are queried are shown in the logs along with the source external IP that is making the query, because DNS simply provides the name resolution. You don't really have the ability to view the full URL in the path. If the ISP was somehow intercepting web traffic in order to obtain your internet requests and its request methods, then your privacy would be exposed, but on an ISP level your queries would be a tiny needle in a very large haystack.



                If they wanted to suppress a political activist, they would have to begin to monitor for those sites generally in the BIND logs based on those hostnames that point to said web sites. Even if they get your IP, they really can't do much with the IP alone unless they want to brute force attack the IP all day, which mostly will not expose the privacy of the individual unless the target network does get penetrated.



                If you are curious about ISPs, just use another DNS server or serve your own DNS queries by using a default root hints configuration with no forwarders set, and by keeping your root server list up-to-date. A Microsoft DNS Server provides this simple setup by default and so does BIND from my experience as long as you do not specify any forwarders. If you specify a forwarder on your server, then you are effectively funneling your network DNS requests for zones outside of your network to those public servers. So just keep a basic DNS server config that is untouched (except you'll still want your internal zones of course), and then you are good for DNS privacy, because your server will handle those DNS queries by sending them directly to the root servers bypassing everyone except the biggest of the big boys of each domain jurisdiction. Your DNS will be clean as a whistle, which is why using a server-class OS is worth the time and/or money...






                share|improve this answer















                In terms of BIND, you cannot. Incoming queries come in and only the hostnames that are queried are shown in the logs along with the source external IP that is making the query, because DNS simply provides the name resolution. You don't really have the ability to view the full URL in the path. If the ISP was somehow intercepting web traffic in order to obtain your internet requests and its request methods, then your privacy would be exposed, but on an ISP level your queries would be a tiny needle in a very large haystack.



                If they wanted to suppress a political activist, they would have to begin to monitor for those sites generally in the BIND logs based on those hostnames that point to said web sites. Even if they get your IP, they really can't do much with the IP alone unless they want to brute force attack the IP all day, which mostly will not expose the privacy of the individual unless the target network does get penetrated.



                If you are curious about ISPs, just use another DNS server or serve your own DNS queries by using a default root hints configuration with no forwarders set, and by keeping your root server list up-to-date. A Microsoft DNS Server provides this simple setup by default and so does BIND from my experience as long as you do not specify any forwarders. If you specify a forwarder on your server, then you are effectively funneling your network DNS requests for zones outside of your network to those public servers. So just keep a basic DNS server config that is untouched (except you'll still want your internal zones of course), and then you are good for DNS privacy, because your server will handle those DNS queries by sending them directly to the root servers bypassing everyone except the biggest of the big boys of each domain jurisdiction. Your DNS will be clean as a whistle, which is why using a server-class OS is worth the time and/or money...







                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited Jan 2 at 3:15

























                answered Jan 2 at 1:49









                Paul LatourPaul Latour

                213




                213













                • Decent answer to an old question.

                  – JakeGould
                  Jan 2 at 1:53






                • 1





                  This question was showing up in "Hot Network Questions" just today

                  – Paul Latour
                  Jan 2 at 1:57











                • Well, who knows how the “community” logic filtering works. Regardless, good work!

                  – JakeGould
                  Jan 2 at 2:39



















                • Decent answer to an old question.

                  – JakeGould
                  Jan 2 at 1:53






                • 1





                  This question was showing up in "Hot Network Questions" just today

                  – Paul Latour
                  Jan 2 at 1:57











                • Well, who knows how the “community” logic filtering works. Regardless, good work!

                  – JakeGould
                  Jan 2 at 2:39

















                Decent answer to an old question.

                – JakeGould
                Jan 2 at 1:53





                Decent answer to an old question.

                – JakeGould
                Jan 2 at 1:53




                1




                1





                This question was showing up in "Hot Network Questions" just today

                – Paul Latour
                Jan 2 at 1:57





                This question was showing up in "Hot Network Questions" just today

                – Paul Latour
                Jan 2 at 1:57













                Well, who knows how the “community” logic filtering works. Regardless, good work!

                – JakeGould
                Jan 2 at 2:39





                Well, who knows how the “community” logic filtering works. Regardless, good work!

                – JakeGould
                Jan 2 at 2:39











                0














                DNS is used to translate domains into IP addresses, thus regardless of whether you are going to "http://www.google.com", "https://www.google.com", "https://www.google.com/q=none_of_your_business", "http://www.google.com/?q=myob" the DNS query will only show a lookup for "www.google.com" because that is all the browser needs in order to find the server.



                Its probably largely irrelevant here, but DNS can also have additional generic information about the domain name you are requesting, like what IP addresses it can send email from - but none of this would be specific to your connection or leak your activity save as to the extent it can tell which domain name you are looking at, and sometimes what kind of service you are using. (For examplw if you are acting as a mail server it will see you are asking for a mail record - but most of the time not even this much.






                share|improve this answer




























                  0














                  DNS is used to translate domains into IP addresses, thus regardless of whether you are going to "http://www.google.com", "https://www.google.com", "https://www.google.com/q=none_of_your_business", "http://www.google.com/?q=myob" the DNS query will only show a lookup for "www.google.com" because that is all the browser needs in order to find the server.



                  Its probably largely irrelevant here, but DNS can also have additional generic information about the domain name you are requesting, like what IP addresses it can send email from - but none of this would be specific to your connection or leak your activity save as to the extent it can tell which domain name you are looking at, and sometimes what kind of service you are using. (For examplw if you are acting as a mail server it will see you are asking for a mail record - but most of the time not even this much.






                  share|improve this answer


























                    0












                    0








                    0







                    DNS is used to translate domains into IP addresses, thus regardless of whether you are going to "http://www.google.com", "https://www.google.com", "https://www.google.com/q=none_of_your_business", "http://www.google.com/?q=myob" the DNS query will only show a lookup for "www.google.com" because that is all the browser needs in order to find the server.



                    Its probably largely irrelevant here, but DNS can also have additional generic information about the domain name you are requesting, like what IP addresses it can send email from - but none of this would be specific to your connection or leak your activity save as to the extent it can tell which domain name you are looking at, and sometimes what kind of service you are using. (For examplw if you are acting as a mail server it will see you are asking for a mail record - but most of the time not even this much.






                    share|improve this answer













                    DNS is used to translate domains into IP addresses, thus regardless of whether you are going to "http://www.google.com", "https://www.google.com", "https://www.google.com/q=none_of_your_business", "http://www.google.com/?q=myob" the DNS query will only show a lookup for "www.google.com" because that is all the browser needs in order to find the server.



                    Its probably largely irrelevant here, but DNS can also have additional generic information about the domain name you are requesting, like what IP addresses it can send email from - but none of this would be specific to your connection or leak your activity save as to the extent it can tell which domain name you are looking at, and sometimes what kind of service you are using. (For examplw if you are acting as a mail server it will see you are asking for a mail record - but most of the time not even this much.







                    share|improve this answer












                    share|improve this answer



                    share|improve this answer










                    answered Aug 18 '17 at 8:03









                    davidgodavidgo

                    43.7k75291




                    43.7k75291























                        0














                        Consider some issue where you and two other person using same vpn provider but different website.
                        Now if some attacker wants to find who is visiting forbidden.com using vpn from ISP dns log it will be simply one query distence to find.
                        I understand it is not common to have access to ISP data but recent trend shows some real big organization have wholesale access to lots of log around world.



                        Even DNS log have no info for URL access but with correlate attack it will easy to match 2+2 = 4!






                        share|improve this answer




























                          0














                          Consider some issue where you and two other person using same vpn provider but different website.
                          Now if some attacker wants to find who is visiting forbidden.com using vpn from ISP dns log it will be simply one query distence to find.
                          I understand it is not common to have access to ISP data but recent trend shows some real big organization have wholesale access to lots of log around world.



                          Even DNS log have no info for URL access but with correlate attack it will easy to match 2+2 = 4!






                          share|improve this answer


























                            0












                            0








                            0







                            Consider some issue where you and two other person using same vpn provider but different website.
                            Now if some attacker wants to find who is visiting forbidden.com using vpn from ISP dns log it will be simply one query distence to find.
                            I understand it is not common to have access to ISP data but recent trend shows some real big organization have wholesale access to lots of log around world.



                            Even DNS log have no info for URL access but with correlate attack it will easy to match 2+2 = 4!






                            share|improve this answer













                            Consider some issue where you and two other person using same vpn provider but different website.
                            Now if some attacker wants to find who is visiting forbidden.com using vpn from ISP dns log it will be simply one query distence to find.
                            I understand it is not common to have access to ISP data but recent trend shows some real big organization have wholesale access to lots of log around world.



                            Even DNS log have no info for URL access but with correlate attack it will easy to match 2+2 = 4!







                            share|improve this answer












                            share|improve this answer



                            share|improve this answer










                            answered Aug 18 '17 at 8:41









                            A. BauaniA. Bauani

                            515




                            515






























                                draft saved

                                draft discarded




















































                                Thanks for contributing an answer to Super User!


                                • Please be sure to answer the question. Provide details and share your research!

                                But avoid



                                • Asking for help, clarification, or responding to other answers.

                                • Making statements based on opinion; back them up with references or personal experience.


                                To learn more, see our tips on writing great answers.




                                draft saved


                                draft discarded














                                StackExchange.ready(
                                function () {
                                StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1241969%2fwhat-information-can-an-isp-record-solely-from-dns-queries%23new-answer', 'question_page');
                                }
                                );

                                Post as a guest















                                Required, but never shown





















































                                Required, but never shown














                                Required, but never shown












                                Required, but never shown







                                Required, but never shown

































                                Required, but never shown














                                Required, but never shown












                                Required, but never shown







                                Required, but never shown







                                Popular posts from this blog

                                "Incorrect syntax near the keyword 'ON'. (on update cascade, on delete cascade,)

                                Alcedinidae

                                Origin of the phrase “under your belt”?