DNScope.io

Developed or developing a new product in PureBasic? Tell the world about it.
User avatar
idle
Addict
Addict
Posts: 4962
Joined: Fri Sep 21, 2007 5:52 am
Location: New Zealand

Re: DNScope.io

Post by idle »

HeX0R wrote: Thu Aug 03, 2023 10:24 am Did you remove the portable download?
Portable version is in the current release. 8.4.6
https://github.com/idle-PB/Dnscope.io
Oso
Enthusiast
Enthusiast
Posts: 595
Joined: Wed Jul 20, 2022 10:09 am

Re: DNScope.io

Post by Oso »

I find myself suddenly very interested in using DNScope :D . It's because of Windows 11. I wasn't interested in using Windows 11 until just now, but I've developed software that will be installed on end-users' systems, so I needed a test platform to match theirs. I installed Windows 11 for the first time inside a VM and I'm shocked at the extent to which Microsoft assumes I'm perfectly happy to part with private information and what they call diagnostic information. The latter cannot be turned off, apparently.

I also dislike the advertising area — bottom left corner of the screen which shows a seemingly innocuous weather indicator, but in fact opens to a vast array of current news and cr_p which I don't want on my desktop. I'm happy that I mostly use Windows Server 2016 as my desktop machine, and Windows 7 and Windows XP and so on. The other shocker was that the settings to turn off exchanges of personal data, are so extensive that it's almost impossible to know that you've unset them all.

Can DNScope block everything, or is Windows exchanging user data directly with an IP address? I shan't use Windows 11 for web browsing.
User avatar
idle
Addict
Addict
Posts: 4962
Joined: Fri Sep 21, 2007 5:52 am
Location: New Zealand

Re: DNScope.io

Post by idle »

Yes you can block all of windows telemetry it doesn't take long to to catch and I don't see any adverts from windows on the widget panel, even edge is clear of the home page stuff.
You just need to turn Ipv6 off
Oso
Enthusiast
Enthusiast
Posts: 595
Joined: Wed Jul 20, 2022 10:09 am

Re: DNScope.io

Post by Oso »

idle wrote: Thu Dec 07, 2023 7:30 pm Yes you can block all of windows telemetry it doesn't take long to to catch and I don't see any adverts from windows on the widget panel, even edge is clear of the home page stuff. You just need to turn Ipv6 off
Thanks for the reply Idle, trust you're feeling a lot better these days :) Does it mean that I have to add some additional URLs to the blocking list, as I when I find them?

I found the below today, a set of de-bloat tools, which seems okay to a point, but it doesn't stop all of it :
In the PowerShell console window, type the below command and press Enter. It will download the necessary files from the repository and also create a System Restore Point. iwr -useb https://git.io/debloat|iex
User avatar
idle
Addict
Addict
Posts: 4962
Joined: Fri Sep 21, 2007 5:52 am
Location: New Zealand

Re: DNScope.io

Post by idle »

yes you have to add them yourself, I haven't added them to the bloomfilter by default as I didn't want to irritate microsoft
it doesn't take long to work out. run it and watch the traffic, these are just a few of them you can block
drag and drop from green to red or select and uncheck in the lower panel
com.live.g
com.live.teams
com.microsoft.data.events.teams
com.msftconnesttest.www
net.live.cdn.teams.statics
com.microsoft.mp.licensing
com.microsoft.update.slscr
com.msn.ntp
com.microsoft.edge
com.windows.activity
com.microsoft.cdp.api.msedge
com.microsoft.smartscreen.nav-edge
Oso
Enthusiast
Enthusiast
Posts: 595
Joined: Wed Jul 20, 2022 10:09 am

Re: DNScope.io

Post by Oso »

idle wrote: Thu Dec 07, 2023 9:39 pm yes you have to add them yourself, I haven't added them to the bloomfilter by default as I didn't want to irritate microsoft
it doesn't take long to work out. run it and watch the traffic, these are just a few of them you can block
Ah, I understand now, thanks. I remember you mentioned in the past that it was pre-loaded with various exclusions. Yes, agreed, blocking Microsoft is perhaps not what some users will want, but in my case I just need a fast and non-irritating test machine that isn't going to waste my time. Windows 11 appears to be the exact opposite of that, by default.

It would be nice to get rid of this time waster below, causing me to wait more than two hours after trying to shut the system down, and this was after changing the setting in GPEDIT.MSC to switch off updates :D

Image

And on top of this, Microsoft can't even get their English grammar correct — "underway" instead of "under way". :D
User avatar
idle
Addict
Addict
Posts: 4962
Joined: Fri Sep 21, 2007 5:52 am
Location: New Zealand

Re: DNScope.io

Post by idle »

you can stop updates from happening too, I use it in total block mode where the secondary dns is 127.0.0.2 so if dnscope isn't running I have no internet and this will stop will stop any leaks which can happen when you wake up from sleep
control panel -> Network and Internet -> network connections
then open the appropriate adapter click on properties -> IPv4 -> properties and change secondary dns too 127.0.0.2

It's more effective than the scripts and when I want to update I change the adapter back to an external dns, stop dnscope and it will almost instantly initiate and fetch the latest update.
Oso
Enthusiast
Enthusiast
Posts: 595
Joined: Wed Jul 20, 2022 10:09 am

Re: DNScope.io

Post by Oso »

I'm not seeing any Microsoft DNS queries yet, probably because I ran the bloat removal earlier today...

EDIT — Ah, got it now. IP6 needed to be disabled. As soon as I did that, all the nefarious Microsoft domains began to appear.
User avatar
idle
Addict
Addict
Posts: 4962
Joined: Fri Sep 21, 2007 5:52 am
Location: New Zealand

Re: DNScope.io

Post by idle »

Oso wrote: Thu Dec 07, 2023 11:19 pm I'm not seeing any Microsoft DNS queries yet, probably because I ran the bloat removal earlier today...

EDIT — Ah, got it now. IP6 needed to be disabled. As soon as I did that, all the nefarious Microsoft domains began to appear.
you can pretty much sit there and block all of them that just appear without any specific cause.
Oso
Enthusiast
Enthusiast
Posts: 595
Joined: Wed Jul 20, 2022 10:09 am

Re: DNScope.io

Post by Oso »

idle wrote: Fri Dec 08, 2023 12:04 am you can pretty much sit there and block all of them that just appear without any specific cause.
Yep, it feels for once, like I have some power against the big corporates. The majority of names are redundant, as you say.

Is there a way to import domain names? I appreciate that you are storing them in reverse with the TLD at the beginning, to improve retrieval speed., but can it be done?

In times past, I used to stick a load of Microsoft domains I wanted to block into ...\system32\drivers\etc\hosts and give them a dummy address.
User avatar
idle
Addict
Addict
Posts: 4962
Joined: Fri Sep 21, 2007 5:52 am
Location: New Zealand

Re: DNScope.io

Post by idle »

Oso wrote: Fri Dec 08, 2023 12:44 am
idle wrote: Fri Dec 08, 2023 12:04 am you can pretty much sit there and block all of them that just appear without any specific cause.
Yep, it feels for once, like I have some power against the big corporates. The majority of names are redundant, as you say.

Is there a way to import domain names? I appreciate that you are storing them in reverse with the TLD at the beginning, to improve retrieval speed., but can it be done?

In times past, I used to stick a load of Microsoft domains I wanted to block into ...\system32\drivers\etc\hosts and give them a dummy address.
A lot of people say oh just use the host file but I'm pretty sure it would tank the system as there are ~3million domains in the bloom filter and the source list takes up 75 mb. I was intending to reprocess the source list to cull out the zombie domains but it will take around 3 weeks to do that and it needs to be done in batches. If you put the 3 million domains in the Trie it consumes around 2gb data, some of the urls are very long. I could make the bloom a separate file so you could add to it but it's a one way filter and you can't undo it.

Your personal block list is stored in application data\roaming\Dnscope\dnsdata.bin
it would be easy to add an import / export but in what format, there are a few of them
So if you wanted to import you would need to look up the bloom and then add to the trie if it's not in the bloom

I did have plans to do it automate it but it needed resources to do it and then it'd phone home. so I would build a bloom filter of your blocks encrypt it upload it and rank it then add it to the bloom filter. which would come with an update
Oso
Enthusiast
Enthusiast
Posts: 595
Joined: Wed Jul 20, 2022 10:09 am

Re: DNScope.io

Post by Oso »

Maybe I'm not using it in the intended way, but it seems to me that we have to be very quick to drag items from the green list, into the red list. As I'm dragging the green items into the red, others in green are disappearing because I wasn't quick enough to catch them.

This resulted in 459 items in the lower part of the screen, so it was necessary to go through those and untick them. Since some are duplicates, such as com.microsoft.data.settings-win, I've unticked the same one more than once. Unfortunately, it seems that Microsoft's outbound connections have still managed to get through, because I can't do it quickly enough. There's also an incredible amount of them.

Image

Am I using it correctly? Can you stop all DNS queries until you've authorised them?

Image
User avatar
idle
Addict
Addict
Posts: 4962
Joined: Fri Sep 21, 2007 5:52 am
Location: New Zealand

Re: DNScope.io

Post by idle »

I didn't add a block everything switch
The block and allow list has a 30 second live view and it's in sorted order
The log view is as the events happen
You have to select so the item is highlighted then uncheck to block.
Oso
Enthusiast
Enthusiast
Posts: 595
Joined: Wed Jul 20, 2022 10:09 am

Re: DNScope.io

Post by Oso »

idle wrote: Fri Dec 08, 2023 6:42 pm You have to select so the item is highlighted then uncheck to block.
Okay, getting used to it, athough I've been bombarded with Microsoft's unrelenting traffic for many hours. I thought I'd got them all unticked, but I noticed after I went out for a coffee and left the machine running, there were loads of new queries when I returned. So if a query appears in the lower history section, with a tick against it and an IP address that isn't 0.0.0.0, then it means that it "got through", I guess.
User avatar
idle
Addict
Addict
Posts: 4962
Joined: Fri Sep 21, 2007 5:52 am
Location: New Zealand

Re: DNScope.io

Post by idle »

yes if the IP address shows it got through if it's 0.0.0.0 its blocked
The problem is the events don't report the check/uncheck unless the items selected.
so you have to select the element in then check or uncheck
Post Reply