Get used upsream DNS server

[hamdi.tn]

Hi everyone,

i had a strange question from a customer designing some IOT stuff, where he need to get the used DNS in the router, so the one assigned by the ISP. Am not a network specialist but as far as i know, units connected in local network with the DHCP server of the router will never know about this DNS, they don't care about it anyway, for that most of the time DNS address is the same as Gateway address.
However when using an access point , so no DHCP server in it , local machine will actually get a DNS server affected by WAN, so no problem there.

He's using a Ti wifi module now and he's 100% sure he has this capability, using simple commercially available normal router.
How crazy this sound.

[jaycee]

Unless the user has manually specified DNS server addresses, it comes from the DHCP server. When the client initially connects and does not have an IP address yet, it sends out a broadcast message. A DHCP server on the network segment hears this and replies, offering an IP address and other connection settings, including DNS servers.

https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol#DHCP_discovery

[madires]

Usually the router runs a DNS resolver and forwards all DNS requests to the ISP's resolvers provided via PPP, DHCPv6 or local configuration. And the router's DHCP server advertises its local LAN address as nameserver. In most cases you can also configure specific nameservers in case you run dedicated local nameservers or prefer some other resolvers. Then the DHCP server would advertise those. For IPv6 there are also router advertisements which can include nameservers. Maybe there's some obscure router which doesn't run a local resolver and simply advertises the ISP's resolvers via DHCP, but that's very uncommon.

[jaycee]

This is true, most routers are effectively a DNS proxy server. I don't think there's any good way to discover whats actually answering the DNS requests.

[rbm]

Just program the IoT device with the IP for one of the free DNS servers on the net.  It then becomes independent of the particular configuration of the DHCP server answering the request, but only dependant upon the availability and reliability of the chosen DNS server.

[madires]

The SOHO router runs a caching resolver for a reason. Using a public resolver as default is a very poor design.

[xani]

The SOHO router runs a caching resolver for a reason. Using a public resolver as default is a very poor design.

The "reason" is not the caching. Some even do not do caching (like if router is cheap and they can't spare its tiny RAM for caching), that's just secondary benefit

The "reason" is that this way you can have local host names that are resolvable from your own LAN network without having to own any domain

[madires]

When you start running resolvers for large networks you'll understand. BTW, even cheap SOHO routers still got enough RAM left for bufferbloat

[ejeffrey]

Local caching nameservers are completely unimportant for SOHO networks.  The ISP DNS is pretty close, the clients already do at least an OK job of caching, and there aren't enough devices where it really matters to share cache between them.  Its not like you have a large corporate office or university with 10k+ nodes trying to share a small upstream link.  Its totally fine to have every device on a SOHO network use the upstream ISP DNS or even one of the public DNS servers (if you want to bypass your ISPs DNS hijacking).

The primary reason that SOHO routers have local DNS servers is exactly what xani said: to allow local name resolution.

There is no general way to "discover" the upstream DNS server if the local router is running a DNS proxy.  There is also no need.  If you don't need to support local name resolution provided by the SOHO routers DNS proxy just use one of the public DNS servers.  An IoT device should have a negligible DNS load anyway.

[hamdi.tn]

Thank you all for your answers, and for confirming that their is no need and no way to determine ISP DNS through a router  .

[PA0PBZ]

Thank you all for your answers, and for confirming that their is no need and no way to determine ISP DNS through a router  .

Basically, yes that is the correct conclusion. However, I'm still wondering what 'problem' your customer is trying to solve?

[madires]

Local caching nameservers are completely unimportant for SOHO networks.  The ISP DNS is pretty close, the clients already do at least an OK job of caching, and there aren't enough devices where it really matters to share cache between them.  Its not like you have a large corporate office or university with 10k+ nodes trying to share a small upstream link.  Its totally fine to have every device on a SOHO network use the upstream ISP DNS or even one of the public DNS servers (if you want to bypass your ISPs DNS hijacking).

Ok, let's try another idea. Imagine you're the ISP and each of your customers has about 5 to 10 devices in need for DNS. What is the impact on your caching resolvers when the CPEs don't run a local caching resolver?

[PA0PBZ]

Ok, let's try another idea. Imagine you're the ISP and each of your customer has about 5 to 10 devices in need for DNS. What is the impact on your caching resolvers when the CPEs don't run a local caching resolver?

Since most devices already locally cache dns lookups what is the chance that another local device is going to do a dns lookup for the same url? Or to answer your question: very little impact.

[madires]

For example, have you checked how many DNS requests are generated by your web browser for an average news webpage? There are tons of third party URLs for ads, tracking and analytics. Or take the ubiquitous www.google.com. The impact on the ISP's caching resolvers is much larger than you might think.

[PA0PBZ]

For example, have you checked how many DNS requests are generated by your web browser for an average news webpage? There are tons of third party URLs for ads, tracking and analytics. Or take the ubiquitous www.google.com. The impact on the ISP's caching resolvers is much larger than you might think.

Since you are talking about a web browser let's forget iot for a moment and assume windows. Just open a cmd prompt and type ipconfig /displaydns and look at all the locally cached url's. I agree that there's a lot of requests but they all get cached locally as you can see so caching them at the router will not have a big advantage.

[rstofer]

You can get your IPV4 and/or IPV6 IP address by googling for 'whats my ip address'.  This will only return your external IP address because the Internet can't get to your non-routable internal address.

OR

http://test-ipv6.com/

Since my router does the NAT thing, every machine seems to have the same IPV4 address.  However, the IPV6 address is different between the two machines I just tested.  I wasn't expecting that...

[xani]

When you start running resolvers for large networks you'll understand.

It so happens that I DO which is why I called you on your ignorance. And we're talking about home network, with MAYBE 5-10 devices (my home network is at barely 50% hitrate).

Caching benefits are almost negligible in such small network. Why ? because most devices will request different addresses and browsers do caching on their own anyway. It might benefit shitty iot devices a bit but then you shave off maybe 100ms for something that's not time critical

BTW, even cheap SOHO routers still got enough RAM left for bufferbloat

Well my cheap SOHO router doesn't cache. My previous cheap SOHO router also did not cache. Did you actually checked any ?

[Marco]

To go back to the original question, read the DNS query RFCs. Dig and dnstracer utilities can get the entire chain of DNS servers, so obviously the protocol allows for it. Get the chain, the first server not on an internal IP range is the ISP one.

It's crazy to think any IoT device does this, but it's certainly possible.

[Old Don]

He could download and run DNS Benchmark software to see if there's better DNS servers vs. his ISP's.

[cdev]

You can get your IPV4 and/or IPV6 IP address by googling for 'whats my ip address'.  This will only return your external IP address because the Internet can't get to your non-routable internal address.

Thats what ipv6 does...

[xani]

And there are ways to leak IPv4 one. For example https://www.perfect-privacy.com/webrtc-leaktest/

[madires]

Since you are talking about a web browser let's forget iot for a moment and assume windows. Just open a cmd prompt and type ipconfig /displaydns and look at all the locally cached url's. I agree that there's a lot of requests but they all get cached locally as you can see so caching them at the router will not have a big advantage.

And now please check several web pages and compare the third party URLs. A lot of them belong to the same companies/services. So each PC/laptop/tablet/smartphone in your home network has to deal with those while browsing the internet. Each client has to resolve that common set of domains. That way multiple DNS requests for the same domains are created.

[madires]

When you start running resolvers for large networks you'll understand.

It so happens that I DO which is why I called you on your ignorance. And we're talking about home network, with MAYBE 5-10 devices (my home network is at barely 50% hitrate).

Caching benefits are almost negligible in such small network. Why ? because most devices will request different addresses and browsers do caching on their own anyway. It might benefit shitty iot devices a bit but then you shave off maybe 100ms for something that's not time critical

Please see my response to PA0PBZ. There's more overlapping than you might think. I fully agree that from a SOHO point of view those few DNS requests don't matter much and most users won't care about a few ms delay when using the ISP's resolver. But it matters for the ISP, because he has to deploy and operate more resolvers. If you got bad luck your ISP doesn't care much about that and has very poorly performing resolvers. So it's your problem again.

BTW, even cheap SOHO routers still got enough RAM left for bufferbloat

Well my cheap SOHO router doesn't cache. My previous cheap SOHO router also did not cache. Did you actually checked any ?

My cheap router at home allows me to disable or enable caching and also to set the cache size.

[xani]

I tend to avoid ISP servers in general. For comparison, my ISP does around 20ms faster on cache hit and ~70-100ms slower on cache miss compared to google, and there are of course those ISPs that do scummy things like DNS rewriting.

For IoT I'd just do "use DHCP DNS server as primary, 8.8.8.8 as fallback" if I'm contacting only external URLs.

For internal URLs (say for example your device have a configurable logging destination, or just have option for local controller)  it is a bit more complicated as you can't just use any external DNS because then no internal one will work. But then it's really the admin of device problem to provide stable DNS

[cdev]

There are many problems with various actors hijacking DNS. It's a means of censorship. 

Also, TLS connections are being hijacked by man in the middle attacks enabled by a few large companies hardware.

A takeover of operating system internals is occurring too.  For example "s*****d"

[cdev]

8.8.8.8 is Google. You trust Google more than you trust your ISP provided DNS?

I tend to avoid ISP servers in general. For comparison, my ISP does around 20ms faster on cache hit and ~70-100ms slower on cache miss compared to google, and there are of course those ISPs that do scummy things like DNS rewriting.

For IoT I'd just do "use DHCP DNS server as primary, 8.8.8.8 as fallback" if I'm contacting only external URLs.

For internal URLs (say for example your device have a configurable logging destination, or just have option for local controller)  it is a bit more complicated as you can't just use any external DNS because then no internal one will work. But then it's really the admin of device problem to provide stable DNS

[madires]

For internal URLs (say for example your device have a configurable logging destination, or just have option for local controller)  it is a bit more complicated as you can't just use any external DNS because then no internal one will work. But then it's really the admin of device problem to provide stable DNS

The lightweight dnsmasq, which is used by a lot of devices, supports request forwarding for specific domains

[Monkeh]

8.8.8.8 is Google. You trust Google more than you trust your ISP provided DNS?

... than the average consumer ISP? Fuck, yes.

[madires]

If I would be a really bad ISP playing games with DNS I'd also forward all DNS traffic for 8.8.8.8 to my resolvers

[cdev]

You can set up your own caching internal DNS server for your own machines that looks to the root DNS servers for all the top level domains, validating all the returned queries with DNSSEC.

"unbound" for example lets you do that.

If I would be a really bad ISP playing games with DNS I'd also forward all DNS traffic for 8.8.8.8 to my resolvers

[xani]

Well Google is probably using the data from 8.8.8.8 to do all sorts of interesting analysis but I doubt they will maliciously rewriting it

For internal URLs (say for example your device have a configurable logging destination, or just have option for local controller)  it is a bit more complicated as you can't just use any external DNS because then no internal one will work. But then it's really the admin of device problem to provide stable DNS

The lightweight dnsmasq, which is used by a lot of devices, supports request forwarding for specific domains

dnsmasq is really a great swiss-army-knife for home or small networks. Later versions even support TFTP serving so you can boot-from-network using only dnsmasq

[DimitriP]

8.8.8.8 is Google. You trust Google more than you trust your ISP provided DNS?

... than the average consumer ISP? Fuck, yes.

Anyone that tried to explain to their ISP that although the modem has an internet connection, can ping out using  IP addresses but the ISP's DNS is not resolving names:
A) Understands
B) No longer relies on the ISP's DNS

[hamdi.tn]

8.8.8.8 is Google. You trust Google more than you trust your ISP provided DNS?

... than the average consumer ISP? Fuck, yes.

Anyone that tried to explain to their ISP that although the modem has an internet connection, can ping out using  IP addresses but the ISP's DNS is not resolving names:
A) Understands
B) No longer relies on the ISP's DNS

I just checked my upstream DNS server at home and it's 8.8.8.8. So my ISP is giving this as a primary DNS server and the secondary is a local Tunisian server property of what called "Tunisian Internet Agency" i certainly trust google more than i trust this Agency.