DNS queries to hardcoded addresses ( bypassing OS configuration)

Answered

The application is sending DNS "A" record queries for "jetbrains.com" and "www.jetbrains.com", bypassing the OS configured DNS servers.

The queries are sent to the following DNS servers:

1.0.0.1
1.1.1.1
8.8.4.4
8.8.8.8
9.9.9.10
117.50.10.10
117.50.20.20
149.112.112.10
223.5.5.5
223.6.6.6

How can this be disabled or force it to use the OS configuration?

 

6 comments
Comment actions Permalink

You cannot disable it.

0
Avatar
Eugene Zhuravlev
Comment actions Permalink

There is an option, however. If OS configured DNS servers answer the request, there will be no queries to public dns servers. 

This will effectively "disable" such queries.

 

0
Comment actions Permalink

Well, that's not great.

This can be considered an unintended information leakage, even more concerning that it's sending queries to multiple DNS servers in China. (117.50.10.10
117.50.20.20, 223.5.5.5, 223.6.6.6)

What is the justification behind not being able to disable its? Why is using OS configured DNS not sufficient?

 

0
Comment actions Permalink

> Why is using OS configured DNS not sufficient?

 If OS configured DNS servers answer the request, there will be no queries to public dns servers. 

0
Comment actions Permalink

There should be an option to disable these public DNS queries. This is a cause of concerns when you have many machines making these unnecessary calls.

0
Comment actions Permalink

This won't happen if you are not blocking JetBrains hosts via DNS.

0

Please sign in to leave a comment.