Google Chrome DNS Security Bypass

Google Chrome overrides system DNS settings in some cases, possibly bypassing third-party security services and tools

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Part of my series on Automating Cybersecurity Metrics. The Code.

🔒 Related Stories: Network Security | DNS Security | Google Security.

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I wrote a blog post about a great service from CloudFlare you can use to easily block known malicious and unwanted domains when browsing the web. Additionally, some companies block unwanted TLDs completely as I wrote about in this article on Indicators of Compromise in DNS Logs a few years ago.

Unfortunately, if you are using Google Chrome, your attempts to use DNS to protect end-users or yourself may be thwarted if a malicious or unwanted domain is blocked by DNS servers or services, but not by Google DNS servers. Some have pointed out differences between NXDOMAIN responses and 0.0.0.0 responses, but the point of this article is that Google isn’t using the system-configured DNS server responses alone and sending traffic to their own DNS servers in some cases. Anyone concerned about privacy or security should be aware of this issue if that’s not what they are expecting.