IntelOwl icon indicating copy to clipboard operation
IntelOwl copied to clipboard

Published 20 hours ago verified publisher icon intelowlproject

[Analyzer] AdGuard DNS

Open mlodic opened this issue 2 years ago • 2 comments

Name

AdGuard

Link

https://adguard-dns.io/kb/it/general/dns-providers/

Type of analyzer

this should be used as domain/url analyzer

Why should we use it

We can get DNS resolution + whether the analyzed observable is something that the ADGuard service would block or not

Possible implementation

First analyzer would just be classic dns resolution, without filters: https://unfiltered.adguard-dns.com/dns-query Second analyzer would be used to detect malicious behavior, use https://dns.adguard-dns.com/dns-query and check for null responses

mlodic avatar Dec 21 '22 17:12 mlodic

hwy! @mlodic , are what should the approach be? do we need to imitate curl "https://unfiltered.adguard-dns.com/dns=example.com" ?

g4ze avatar Jun 02 '24 15:06 g4ze

that's similar to what we do with Quad9 here. If the domain can be resolved with unfiltered requests but the DNS filter filters it, then it means that it's blocked by AdGuard. So 2 DNS queries are required

mlodic avatar Jun 02 '24 17:06 mlodic