Gandalf.parrotsec DNS


(Zulu) #1

When I do a DNS leak test I see a gandalf.internal.parrotsec.org host from a ISP called OVH. So I check IP info and I get 2 cloudflare DNS… named exactly like 2 of my friends… I know that archive2 is a mirror and that cloudflare uses short common names to name their dns (for example betty.ns.cloudflare or elliot.nscloudflare) but my friends dont have common names… and those dns called like both of them… I mean… what are the odds? Should I panic? lol


(Nico Paul) #2

I think cloudflare only resolves to one or two for everything actually, its part of why its moe effective in some situations


(Zulu) #3

What do you mean? Can you please explain me a little moe :slight_smile: @Nico_Paul


(Nico Paul) #4

I did a terrible job at explaining that briefly. I mean just terrible, but semi accurate concept wise. Cloud flare operates kindof like a large content server but in order to be able to offer better protection against ddos attacks the addresses are all shared so you don’t ever have a dedicated one to be able to be targeted by. Does that make sense? It’s been a long week and I still have no furniture in my office so it’s been challenging trying to adjust overall let alone remembering my new found parrot responsibilities and I apologize for the long delay with your answer!


(Zulu) #5

Dont worry all will be fine.

But I moved the topic to:


(Lorenzo "Palinuro" Faletra) #6

gandalf.internal.parrotsec.org is one of our own dedicated servers (no cloudflare or external shit)

this server is both one of our mirror directors and an OpenNIC dns resolver

you see it in your network traffic because we use round-robin dns resolution with the isp-provided dns and a bunch of opennic servers, including those we provide

this is my current /etc/resolv.conf as our custom resolvconf daemon config crafts it by default


DNS leak with openvpn client use
(Zulu) #7

Great. I Finally get it, thanks for that screenshot’s note.

This Topic its solved for me thanks to @palinuro


(Zulu) #8

Simple and great answer! Thanks again


(Nico Paul) #9

Amazing answer, now i understand what and why (hint not cloudflare like this dummy here [me] thought!) thanks everyone for bringing this up and resolving it