How do i know if my domain/subdomain was digged by someone with any DNS dig tool?

Muhammad Ikhwan Perwira

4/10/23, 10:37 PM

I'm using cloudflare as nameserver and the A record is proxied. Consider I have domain foo.example.com

How do i know if someone digged my domain?

I expect I got any info like:

whom dig it (what IP)
what subdomain they digged
when they digged it

0 + 0

domain-name-system

Score:2

Server

vidarlo

4/10/23, 10:48 PM

If you don't want people to see information in the DNS system, don't put it in the DNS system.

DNS servers only respond with the information you configure them to respond with. They don't care if the client is dig or a web browser. There's no way you can stop anyone from looking at your DNS records, and at the same time have a functioning DNS record.

Furthermore, DNS analytics is next to useless; the lookups doesn't really mean anything, as DNS is cached everywhere. You don't have any way to know what google's DNS servers (8.8.8.8, 8.8.4.4) sent the result they got from you to one client or a hundred million clients. In fact, there's no way you can tell.

As pointed out in a comment by Patrick Mevzek some tricks can be used to force queries to hit your servers, such as generating unique per-user names. This can be done through e.g. Javascript in a webpage. It's not as much a property of DNS as a property of how client software for common protocols work.

0 + 0

Patrick Mevzek

4/10/23, 11:02 PM

"In fact, there's no way you can tell." There is, but I agree it is useless for this question. How? By sending different results and then looking at where further queries come from. Various studies do that trick. Embed a unique hostname as image source in HTML for example, and that hostname, being unique to a single client (can even be related to some cookies) will trigger a DNS query that is unique to one client, even through public recursive DNS resolvers.

vidarlo

4/10/23, 11:07 PM

@PatrickMevzek It's obvious once you mention it, but I haven't *really* thought about that possibility! I've added it to my answer :) Thanks for pointing it out!

Score:1

Server

Patrick Mevzek

4/10/23, 10:41 PM

Why do you care about that, first? And why do you focus on dig specially, it is far from the only DNS client, you have kdig or delve and many others, and any program using a DNS library, etc.

Also, yes, the DNS provider has the full list of DNS queries coming over it, but note that queries typically come from recursive resolver and the authoritative nameserver at the DNS provider side can not, just looking at a DNS packet, know if the client is dig or a recursive nameserver (there is no information on the client in the DNS message, besides its DNS question).

PS:

"A record is proxied": this is not typical DNS terminology, there is no proxy in the DNS, an A record maps an hostname to an IPv4 address
please use example.com when you want to obfuscate names

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How do i know if my domain/subdomain was digged by someone with any DNS dig tool?

TH: ฉันจะรู้ได้อย่างไรว่าโดเมน/โดเมนย่อยของฉันถูกขุดโดยใครบางคนด้วยเครื่องมือขุด DNS

RO: Cum știu dacă domeniul/subdomeniul meu a fost săpat de cineva cu vreun instrument de săpătură DNS?

RU: Как я узнаю, что мой домен/субдомен был раскопан кем-то с помощью какого-либо инструмента для раскопок DNS?

VI: Làm cách nào để biết liệu tên miền/tên miền phụ của tôi có bị ai đó đào bằng bất kỳ công cụ đào DNS nào không?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.