After setting up DNS over HTTPS, got curious how DNS leak test tools, which discover your DNS resolver, such as Browser Leaks, work 

Turns out, it's quite clever setup: while you are visiting browserleaks.com website, in the background it queries a number of hostnames generated especially for you, such as 9d0pafrc5tnu.dns4.browserleaks.net, 0zfannouveb4.dns4.browserleaks.org and so on.

Because the website generates those hostnames specifically for your session, it is able to associate your external IP to the hostnames you attempt to resolve.

Now because site operators controls authoritative name servers behind those generated hostnames - specifically ns2.browserleaks.net and ns1.browserleaks.net (also with .org), from logs they can check what exact DNS resolver asked for those unique hostnames.

Simply matching a resolver DNS that attempted to resolve those unique hostnames is enough to link it to your visit of a website session - it is often going to be the resolver of your internet service or virtual private network provider, unless you've explicitly changed your resolver to something else. Still, easily visible to authoritative DNS server.

Voila! No magic, just simple, nice setup 

Just think of how many fingerprinting schemes can big techs carry out to track you across the internet with vast compute resources available to them... 

#itsalwaysdns #dns #resolver #dnsleak #survelliance #tracking #privacy

https://blog.gslin.org/archives/2026/02/04/12876/cloudflare-%e7%9a%84-1-1-1-1-%e6%8a%8a-a-%e6%94%be%e5%9c%a8-cname-%e5%89%8d%e9%9d%a2%e6%90%9e%e7%88%86-glibc-%e7%9a%84-dns-resolver/

Cloudflare 的 1.1.1.1 把 A 放在 CNAME 前面搞爆 glibc 的 DNS resolver

#cloudflare #cname #dns #glib #linux #public #record #resolver #rfc #rr

Ctrl-Alt-Speech Spotlight: Building Better CSAM Detection With Resolver’s George Vlasto

https://fed.brid.gy/r/https://www.techdirt.com/2025/11/25/ctrl-alt-speech-spotlight-building-better-csam-detection-with-resolvers-george-vlasto/

A supply chain attacks where the vector relies on #dns spoofing and #dnnsec is of no use:

https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-network-devices-for-adversary-in-the-middle-attacks/

I suppose the whole idea of "trusting" some random #resolver (from your ISP or not) was never a good idea.

DNS Benchmark Tool – Compare and monitor resolvers

https://github.com/frankovo/dns-benchmark-tool

#HackerNews #DNS #Benchmark #Tool #DNS #Monitoring #Resolver #Comparison #Open #Source #Tools #Network #Performance

Google apresenta novo algoritmo quântico que promete resolver problemas complexos milhões de vezes mais rápido

https://gd.eurisko.com.br/2025/11/13/google-apresenta-novo-algoritmo-quantico-que-promete-resolver-problemas-complexos-milhoes-de-vezes-mais-rapido/

Anyone have a tool/recipe/howto on (continuously) measuring #DNS server #performance (my local #resolver)? My local network has weird connection setup delays that I want to look at.

Preferably not something that needs a full #Grafana setup that I don’t have, but if needs must, it’s ok.