Saturday, October 27, 2018

Blocking Internet Ads Using DNS Sinkhole

Technitium DNS Server is an open source software that can be effectively used to block Internet Advertisements (Ads), adware, and malware on your computer or your local network using publicly available block lists.

Combined with DNS-over-TLS and DNS-over-HTTPS, Technitium DNS Server provides a good level security and privacy from network level DNS attacks and from adware. This makes it a must have tool if you are a privacy and security conscious person.

Technitium DNS Server is cross platform and works on Windows, Linux or macOS.

Technitium DNS Server v2.0

How Does It Work?
The Ad blocking feature works using the DNS Sinkhole method. With this feature enabled, for all the blocked domain names, the DNS Server will respond with 0.0.0.0 IPv4 address and :: for IPv6 address making the Ads fail to load making the website you visit free from Ads. This can not only block Ads but also adware, malware, social networks, porn etc. based on the block lists you configure in settings.

On your computer, you need to install the DNS Server and configure your network adapter's DNS settings to use the locally hosted DNS server. Once this is done, you need to configure the Block List URL settings to start blocking Ads. Once the DNS Server loads the block lists, it would respond with 0.0.0.0 IP address for the blocked websites making them fail to load.

You may also install the DNS Server on any spare computer on your network and configure your home or office router with IP address of this spare computer as DNS server in DHCP settings. With this setup, all your computers and devices like mobile phones would use the installed DNS Server blocking Ads and malware domains on all devices without installing any additional software on them.

Configuring Block Lists
To enable Ad blocking, you need to configure Block List URLs in the settings. Known and popular block lists are already listed in the Quick Add drop down list from where you can just click and add those URLs.

Technitium DNS Server Block List Configuration

If you are not sure, just select the Default option from the Quick Add drop down list and a default set of block list URLs would get configured.

Once done, click the Save Settings button at the bottom of the page to save the changes and start the block list download background process. These configured block lists are automatically downloaded every 24 hours to keep the DNS Server blocked zone updated.

Don't forget to configure your network adapter's DNS server settings to 127.0.0.1 (for IPv4) and ::1 (for IPv6). Without these network configuration changes, the DNS Server wont get any queries to respond to and things wont work as intended.

IPv4 DNS Server Network Configuration

IPv6 DNS Server Network Configuration

That's It!
Once the configuration is done, just check the Dashboard on the web console after a couple of minutes to see the number of blocked domains in the Blocked Zones widget. If there are too many block list URLs configured, it may take few more minutes for all of them to get downloaded and loaded.

If you have any further queries, do write them below as comments or send an email to support@technitium.com.

Saturday, June 23, 2018

Configuring DNS Server For Privacy & Security

Technitium DNS Server is an open source tool that can be used for blocking Internet Ads using DNS Sinkhole, self hosting a local DNS server for privacy & security or, used for experimentation/testing by software developers on their computer. It works out-of-the-box with no or minimal configuration and provides a user friendly web console accessible using any web browser.

With the release of Technitium DNS Server version 1.3 which adds support for DNS-over-TLS & DNS-over-HTTPS forwarders, it is now a good solution to be used by anyone concerned with privacy & security for domain name resolution on their Internet connection for Windows 10, Linux or macOS.

If you are not clear about what DNS is then read on. Domain Name System (DNS) is a decentralized system that allows you to find out the Internet Protocol (IP) address of any website (like www.technitium.com). So, when you enter a website domain name into your web browser, the web browser uses DNS to find out the IP address of that website. Once the IP address is known, the web browser can then connect to the web server on that IP address using TCP/IP protocols and download webpages and other embedded resources to display on to your screen. DNS servers don't just store IP address records but also store different types of records like mail exchange (MX) records which tell email servers where to deliver email for the recipient user of a given domain.

DNS servers and client use UDP or TCP protocol to exchange requests and responses which are not encrypted. This allows anyone on the network to see those requests and even hijack requests by sending back spoofed responses. There have been many instances reported in media of DNS hijacking done by malware, hacked home wifi routers or even by many Internet Service Providers (ISPs). ISPs in certain places have been found to redirect users to "custom" search pages instead of Google Search or even blatantly injecting Ads on websites that are not using HTTPS security. In some countries, ISPs often use their DNS servers to block websites to enforce government censorship orders.

To mitigate these issues, DNS-over-TLS and DNS-over-HTTPS protocols have been developed and are currently available to be used by a few DNS providers notably Cloudflare, Google and IBM (Quad9). But, currently, no operating system, applications or web browsers have built in support for these protocols.

With Technitium DNS Server installed on your computer (or on your network), you can make all your applications indirectly use these DNS providers with the new secure protocols hiding all your DNS traffic from your ISP. Lets see how to configure the DNS Server to use these services to take control and secure domain name resolution on your computer or private networks.

Technitium DNS Server is not configured out-of-the-box with these settings since you have to make a choice yourself of which DNS provider to use. Below is a list of DNS providers grouped by the protocol they support. You can configure one or more DNS providers as forwarders but they must use the same protocol.

DNS-over-TLS protocol providers:
  • Cloudflare IPv4 (1.1.1.1:853, 1.0.0.1:853) 
  • Cloudflare IPv6 ([2606:4700:4700::1111]:853, [2606:4700:4700::1001]:853)
  • Quad9 Secure IPv4 (9.9.9.9:853)
  • Quad9 Secure IPv6 ([2620:fe::fe]:853)

DNS-over-HTTPS protocol providers:
  • Cloudflare (https://cloudflare-dns.com/dns-query) 
  • Quad9 Secure (https://dns.quad9.net/dns-query)

DNS-over-HTTPS (JSON) protocol providers:
  • Cloudflare (https://cloudflare-dns.com/dns-query)
  • Google (https://dns.google.com/resolve)

To make the configuration quick, easy and error free, there is Quick Select drop down list available which lists all the above options. Just selecting the desired option in the Quick Select list will populate the settings automatically for you.

See these examples below to know how the configuration looks like:

DNS-over-TLS Using Cloudflare
DNS-over-TLS Using Cloudflare

DNS-over-TLS Using Quad9 For IPv6 Internet
DNS-over-TLS Using Quad9 For IPv6 Internet

DNS-over-HTTPS Using Cloudflare
DNS-over-HTTPS Using Cloudflare

DNS-over-HTTPS (JSON) Using Google

As you may have noticed, Cloudflare provides support for all three protocols. Not only that, it is possible to use Cloudflare DNS over Tor hidden service too! Technitium DNS Server v1.3 adds support for configuring proxy server which can of course be made to use Tor running on your computer and use Cloudflare DNS hidden service because WHY NOT?!

You just need to configure dns4torpnlfs2ifuz2s2yf3fc7rdmsbhm6rw75euj35pac6ap25zgqad.onion hidden service address as forwarder and since all hidden service requests over Tor network are inherently end-to end encrypted, you can use DNS-over-TCP protocol with it. Tor is not included with the software so you will need to install Tor separately and configure it as a SOCKS5 proxy.

This option hides your query from your ISP as well as hides your identity from Cloudflare. But seriously, if you are really that paranoid, just use Tor Browser for all your web browsing.

DNS-over-Tor Config For Cloudflare DNS Hidden Service
DNS-over-Tor Config For Cloudflare DNS Hidden Service

Once you have configured forwarders, make use of the DNS Client on the web console to test the setup by making a test query to "this-server". If everything is configured correctly, you will see the IP address for the test domain you entered inside the "Answers" section of the JSON formatted output.

Finally, to make all your computers and applications to use Technitium DNS Server, you need to configure it on your Ethernet or WiFi network adapter. You just need to setup loopback IP address (127.0.0.1 for IPv4 & ::1 for IPv6) as DNS Server in your network adapter settings as shown below:

IPv4 DNS Server Network Configuration

IPv6 DNS Server Network Configuration

For more queries, write comments below or send an email to support@technitium.com.

Technitium DNS Server v1.3 Released!

Technitium DNS Server is an open source tool that can be used for self hosting a local DNS server for privacy & security or, used for experimentation/testing by software developers on their computer. It works out-of-the-box with no or minimal configuration and provides a user friendly web console accessible using any web browser.

Technitium DNS Server v1.3

Version 1.3 adds following awesome new features:

The DNS Server is cross platform and can be deployed on Windows 10, Linux or macOS (using .NET Core or Mono Framework). Read this blog post to learn how to run DNS Server on Ubuntu.

Nobody really bothers about domain name resolution since it works automatically behind the scenes and is complex to understand. Most computer software use the operating system's DNS resolver that usually query the configured ISP's DNS server using UDP protocol. This way works well for most people but, your ISP can see and control what website you can visit even when the website employ HTTPS security. Not only that, some ISPs can redirect, block or inject content into non-HTTPS websites you visit even when you use a different DNS provider like Google DNS or Cloudflare DNS. Having Technitium DNS Server configured to use DNS-over-TLS or DNS-over-HTTPS forwarders, these privacy & security issues can be mitigated very effectively.

Developers regularly use the hosts file for configuring an IP address for a domain under testing. However, using the hosts file is cumbersome at times and can only be used to resolve domain name to an IP address. With a fully configurable DNS server running on your local machine, you can configure not just simple A records (for IP address) but, also configure other types of records like CNAME or MX etc. This allow you to have more control and power when you want to do testing that simulates the exact configuration that you have running on production.

Technitium DNS Server is open source and available under GNU General Public Licence (GPL) v3 on GitHub.

Comments and feedback are things that help push new features and improve usability, and thus are most welcome. Send your feedback to support@technitium.com or write your comments below.

Friday, November 17, 2017

Running DNS Server on Ubuntu Linux

Technitium DNS Server is build to be cross platform using the .NET Standard 2.0. You can run the DNS Server Portable App on Linux or macOS by using .NET Core 2.1 (recommended) or Mono Framework. This post is written for Ubuntu Linux but, you can easily follow similar steps on your favorite distro.

Using .NET Core

Install the latest .NET Core runtime from here. Start Terminal and follow the steps below to run DNS Server on Ubuntu:

  1. Download DNS Server Portable App tar.gz file using wget as shown below.
    $ wget https://technitium.com/download/dns/DnsServerPortable.tar.gz
  2. Extract the files and start DNS Server.
    $ tar -xzvf DnsServerPortable.tar.gz
    $ cd DnsServer
    $ sudo ./start.sh
    
  3. Open the url http://localhost:5380/ to access the web console.

Using Mono Framework

Install the latest Mono Framework runtime from here. Start Terminal and follow the steps below to run DNS Server on Ubuntu:

  1. Install unzip. Skip this step if you already have it installed.
    $ sudo apt-get -y install unzip
  2. Download DNS Server Portable App zip file using wget as shown below.
    $ wget https://technitium.com/download/dns/DnsServerPortable.zip
  3. Extract the files and start DNS Server.
    $ unzip DnsServerPortable.zip
    $ cd DnsServer
    $ sudo mono DnsServerApp.exe
    
  4. Open the url http://localhost:5380/ to access the web console.

You may get this error shown below when you start DNS Server:

Unhandled Exception: System.Net.Sockets.SocketException: Address already in use
   at System.Net.Sockets.Socket.UpdateStatusAfterSocketErrorAndThrowException(SocketError error, String callerName)
   at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress)
   at System.Net.Sockets.Socket.Bind(EndPoint localEP)
   at DnsServerCore.DnsServer.Start()
   at DnsServerCore.DnsWebService.Start()
   at DnsServerApp.Program.Main(String[] args)
Aborted (core dumped)
This error means that another application is already running on the DNS UDP port 53. On Ubuntu, usually its dnsmasq or systemd-resolved service running. You may confirm this by running sudo netstat -nlpu command.

Follow the steps below to disable the dnsmasq service:
  1. Edit the NetworkManager.conf file to disable dnsmasq service:
    $ sudo nano /etc/NetworkManager/NetworkManager.conf
    
    Comment out the dns=dnsmasq line by adding # character at the beginning like this #dns=dnsmasq and exit the editor by pressing CTRL+X and enter y to save the file.
  2. Restart the computer to apply changes as shown below:
    $ sudo reboot now
    
  3. After system reboot, open Terminal and try again to start DNS Server.

Follow the steps below to disable the systemd-resolved service:
  1. Disable the systemd-resolved service and stop it:
    $ sudo systemctl disable systemd-resolved.service
    $ sudo service systemd-resolved stop
    
  2. Edit your /etc/NetworkManager/NetworkManager.conf using nano:
    $ sudo nano /etc/NetworkManager/NetworkManager.conf
    
    Put the following line in the [main] section of your /etc/NetworkManager/NetworkManager.conf as shown below:
    [main]
    dns=default
    
  3. Edit your /etc/resolv.conf using nano:
    $ sudo nano /etc/resolv.conf
    
    Edit the existing nameserver entry to the one shown below in your /etc/resolv.conf
    nameserver 127.0.0.1
    
  4. Restart network-manager:
    $ sudo service network-manager restart
    
  5. Now try again to start DNS Server.

That's it!

The DNS Server is running and you can configure your network with the IP address of this computer for DNS resolution.

Check out the web console to create zone, check cached zones, access DNS client tool and configure server settings.

The DNS Server creates a folder named config in the current folder which contains the server config and zone files. Make sure you copy this folder while moving the DNS server folder if you want all the zone files and config to persist.

If you have any trouble installing mono framework the refer to this official mono installation guide.

For any related queries, feel free to comment on this post.

Technitium DNS Server Released!

Technitium DNS Server is an open source tool that allows anyone to run DNS server on their computer or local network. Its aimed towards software developers who like to simulate live production scenarios on their laptop or local network setup for testing or debugging purposes. However, it can be used for any DNS related requirement. Applications of using your own local DNS server is limited only by the your imagination!

Technitium DNS Server Web Console

The DNS server is cross platform and can be deployed on Windows, Linux or macOS (using Mono Framework or .NET Core). The DNS portable console app allows running the service instantly with zero initial configuration, just run the executable and its ready. The DNS server provides web console access that allows it to be accessible over network.

A unique feature available with this server is to enable/disable hosted zones with a single click allowing switching between staging/testing setup to live production setup instantly. Once a zone is disabled, the DNS server will start recursively resolving the domain and use cached results. When the zone is enabled, the records hosted on the server override the cached results. This reduces a lot of efforts when trying to achieve similar thing using hosts file. Hosted records can be set with low TTL values to force the operating system DNS client to re-query.

The DNS server has many standard features like recursion, caching, wildcard sub domains, forwarders, IPv6 support etc. A very useful and frequently used feature is the DNS Client tool included with the web console. This DNS Client tool is a general purpose DNS resolver that can be used to query any name server accessible over the network. The DNS Client can also perform recursive query on its own and display results from the authoritative name server for the given domain. The recursive query feature saves time by automatically finding out the authoritative name servers via the root servers. DNS Client is also available as a separate online tool at dnsclient.net website.

Apart from just resolving queries, the DNS Client also provides a very useful feature to import records from the output of the query into the local DNS. This feature is really useful when you quickly want to copy existing records for a given domain. You can query with type ANY which would list out all possible records or use specific type needed, and import them in one go into the local server zone. You may then edit a few records with value that you need for testing and its ready to use. With query type ANY, its advised to use TCP protocol since the UDP protocol may not accommodate all the records resulting in a truncated response.

Technitium DNS Server include following features:

  • Fully manageable local DNS server.
  • Wildcard sub domain support.
  • Disable/Enable hosted zones for quick switching between staging & production.
  • DNS Client tool for resolving queries.
  • Import records feature allows to import records of live domain using DNS Client.
  • Recursive querying support.
  • Web console for allowing access over network.
  • DNS caching with cache viewer interface in web console.
  • Forwarders setup to allow chaining other DNS server to reduce response time.
  • IPv6 network support in DNS server core for querying.
  • Built-in system logs and query logs.
  • Cross platform implementation for running on Linux or macOS using Mono Framework or .NET Core.

There are many applications of having a self hosted local DNS server. Some of them are:

  • Software developers or web developers can simulate live setup without need to use hosts file.
  • Security researchers can use it in their lab setups for spoofing domain names while performing experiments.
  • Users can keep watch on domain being used by various applications using the Cached Zone listing.
  • Block certain domains to partially or fully fail a website/application feature. User can block domain by creating an empty zone such that the application/website using that domain can no longer get the right IP address to the server failing all requests.

It must be noted that this DNS server is not suitable to be used for production or any critical application. The software is released as alpha version denoting that its not yet stable and may have bugs.

Technitium DNS Server is open source and available under GNU General Public Licence (GPL) v3 on GitHub.

Comments and feedback are things that help push new features and improve usability, and thus are most welcome. Send your feedback to support@technitium.com or leave your comments below.

Sunday, July 23, 2017

Bit Chat 4.6 Released

Technitium Bit Chat is a secure, peer-to-peer (p2p), open source instant messenger designed to provide end-to-end encryption. Primary aim of developing this instant messenger is to provide privacy which is achieved using strong cryptography. It can be used over Internet and private LAN networks for instant messaging and file transfer.

Bit Chat v4.6

Technitium Bit Chat version 4.6 (alpha) is available to download from the main website and via automatic update mechanism for existing installations. The software checks for new update automatically with every start but, you can also use the Check For Updates option in the main menu to get an update instantly.

Bit Chat v4.6 Released

The latest update has some protocol level changes that are not compatible with previous versions. Due to this, all peers will need to update to the latest version to be able to chat.

This update adds TCP based DHT protocol and removed UDP support totally. DHT over UDP faced issues with networks where inbound UDP packets are blocked over Internet. The Bit Chat protocol also adds a decoy HTTP GET requests to bypass application firewalls.

Know more about Bit Chat by reading Frequently Asked Questions (FAQ) and Bit Chat whitepaper. You can also view Bit Chat source code on GitHub and compile Bit Chat client yourself.

And as always, send your feedback to support@bitchat.im or write your comments below.

Saturday, November 26, 2016

Announcing Technitium DNS Client Service

Technitium DNS Client is a simple domain name lookup service to quickly query any name server including root servers.

Technitium DNS Client

You can use it to confirm any DNS changes that you made to your domain. Selecting root server option to query a domain will, automatically resolve the authoritative name servers via root servers and get the response from them.

The response displayed is JSON formatted output of the DNS datagram which contains all necessary fields including fields from the header.

Technitium DNS Client is intended to be useful for domain administrators to verify the the changes they made to the zone with ease.

The source code for DNS Client is available on GitHub.

And as always, send your feedback to support@technitium.com or write your comments below.

Monday, October 24, 2016

Technitium web hosting facing temporary issues

We are facing issues with web hosting since yesterday due to which there are intermittent down times. You may get "HTTP Error 503. The service is unavailable." error on technitium.com as well as bitchat.im. The Bit Chat registration service is also affected.

We are trying to restore the website partially for time being till all the issues are resolved.

Update (25-oct-2016): Issue with hosting seems to be fixed now and things are working.

Saturday, September 24, 2016

Bit Chat v4.5 Released

Technitium Bit Chat is a secure, peer-to-peer (p2p), open source instant messenger designed to provide end-to-end encryption. Primary aim of developing this instant messenger is to provide privacy which is achieved using strong cryptography. It can be used over Internet and private LAN networks for instant messaging and file transfer.

Bit Chat v4.5

Technitium Bit Chat version 4.5 (alpha) is available to download from the main website and via automatic update mechanism for existing installations. The software checks for new update automatically with every start but, you can also use the Check For Updates option in the main menu to get an update instantly.

Bit Chat v4.5 Released

The latest update includes many protocol level changes which are not compatible with previous versions, due to this, all peers will need to update to the latest version to be able to chat. The latest version fixes some bugs and adds new features that are mentioned below:

  • Private Chat Invitation feature allows you to invite any online Bit Chat user to chat privately. This feature provides much needed initial contact mechanism to add contacts. The working mechanism relies on DHT and thus requires at least one DHT node available globally to work on the Internet. The feature works without DHT on local LAN networks to directly send invitation message to peers on the same local network. It may take a couple of minutes for the invitation message to reach the peer over the Internet. You can manage the invitation feature options from your Profile Settings.

    Private Chat Invitation

  • Group Image feature allows setting a custom image to group chats. Any user in the group can update the image and the latest image is automatically synced across all other peers in the group.

    Group Image Viewer

  • Change Shared Secret feature is now available from chat properties to allow peers to decide and set a new shared secret easily without having to create a new group.

  • You can now Mute chat to avoid getting message notifications using the Mute option in the chat list context menu.

  • New message view interface shows each message in a separate bubble for a better user experience. Shared files are also listed as messages in the view and allows you to access all file sharing options via the context menu.

  • You can now share an already shared file in one chat to all other chats by using Share With option in the file sharing context menu.

    Share File With Option

  • Message Delivery feature let you know if the message was delivered to other peers using tick icons at the bottom of each sent message. You can also view detailed message delivery info from the Message Info option in the context menu.

    Message Delivery Info

Know more about Bit Chat by reading Frequently Asked Questions (FAQ) and Bit Chat whitepaper. You can also view Bit Chat source code on GitHub and compile Bit Chat client yourself.

And as always, send your feedback to support@bitchat.im or write your comments below.

Saturday, March 12, 2016

Bit Chat v4.2 Released

Technitium Bit Chat is a secure, peer-to-peer (p2p), open source instant messenger designed to provide end-to-end encryption. Primary aim of developing this instant messenger is to provide privacy which is achieved using strong cryptography. It can be used over Internet and private LAN networks for instant messaging and file transfer.

Bit Chat v4.2
Technitium Bit Chat version 4.2 (alpha) is now available to download from the main website and via automatic update mechanism for existing installations. The software checks for new update automatically with every start but, you can also use the Check For Updates option in the main menu to get an update instantly.

Bit Chat v4.2 Released
The latest update includes many protocol level changes which are not compatible with previous versions, due to this, all peers will need to update to the latest version to be able to chat. The latest version fixes some bugs and adds new features that are mentioned below:
  • Profile Image feature added to allow user to set a custom profile picture which is visible to all other peers.
    Bit Chat User Profile Viewer
  • Messages Store implemented to store all Bit Chat messages locally in an encrypted format so that, you don't lose all your conversations and don't have to worry about the security of the stored messages. All messages are stored securely using AES 256-bits encryption algorithm and can only be read using the profile password.
  • Bit Chat now fully supports IPv6 protocol and implements local peer discovery using IPv6 multicast.
  • Proxy settings have new Socks 5 (Tor Network) option to allow quick configuration.
  • Go Offline feature added to allow you to disconnect a private chat or chat group without having to delete the chat by leaving it.
  • Bit Chat Portable feature allows you to use Bit Chat without installing it on your computer. You can keep copy of the portable binaries on removable media like USB drives and carry Bit Chat with your profile to any other computer.
Know more about Bit Chat by reading Frequently Asked Questions (FAQ) and Bit Chat whitepaper. You can also view Bit Chat source code on GitHub and compile Bit Chat client yourself.

And as always, send your feedback to support@bitchat.im or write your comments below.