What's the deal with Modern apps and DNS Client Service?

R

ryan29

New Member
Messages
1
I'm more curious about this than anything because I just wasted and hour to figure it out. If I disable the DNS Client Service on Windows 8.1 it seems to break a lot of Modern apps. If it's set to start manually, some Modern apps trigger it to start.

Do Modern apps make queries directly to the DNS Client Service or something weird?
 

My Computer

System One

  • OS
    Windows 8.1
Yeah I came across this just now, and was diagnosing the firewall and know the exact cause.

So when dns client is enabled, all dns requests are routed via it, meaning applications do not need specific udp port 53 internet access.
If the dns client is disabled any internet application that wants to do a dns lookup will need outbound udp port 53 traffic allowed.

Now there is some undocumented behaviour going on.

There is hidden WSH Network hardened rules in the windows firewall, these rules are "always" enabled. Regardless of default outbound state in the windows firewall. (allow rules also wont allow the traffic)
So the default windows firewall configuration is to require allow rules for inbound traffic and allow all outbound traffic.
However there is hidden rules that block certain traffic Microsoft decided to block, and it seems wermgr.exe which is used by metro apps, cannot send out dns traffic, the hardened rules block it.

My gut guess is this is a bug that is yet to be fixed. Because the vast majority of people (well over 99%) will have dns client service enabled in its default state.

Interestingly the hidden rules still kick in if you disable the firewall in the advanced UI. The only way to stop the rules is to actually disable the firewall service which is obviously not recommended, meaning the sane choice is either to keep dns client enabled, dont use modern apps or use a 3rd party software firewall in place of the windows firewall.
 

My Computer

System One

  • OS
    Windows 8.1 Update 1 64bit Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Homebuilt
    CPU
    i5 4670k @ 4.3ghz
    Motherboard
    Asus Z87 Plus
    Memory
    16 Gig 1600 Corsair Vengeance
    Graphics Card(s)
    EVGA GTX 970 FTW ACX2.0
    Sound Card
    Asus Xonar D2X
    Monitor(s) Displays
    BenQ GW2765HT
    Screen Resolution
    2560x1440
    Hard Drives
    Samsung 850 Pro 512 gig, boot. Have other HDD's for storage.
    PSU
    Coolermaster SilentPro M 600W
    Case
    Fractal R4 Design
    Cooling
    2 front intake fans, 1 exhaust fan at back all 140mm
    Internet Speed
    80/20
    Browser
    Multiple
    Antivirus
    ESET v8 AV
    Other Info
    May add missing info later
you really should be concerned with this, hehe

this was an article about how hackers are using the default "hidden" connections that are deemed "safe" like these networks that check certificates and everything!

and one thing you will not find, is what these hidden little holes in your firewall send.. go ahead and google the entire world.. and you won't find a single thing on these kinds of things like AKamai etc..

akaminetwork.JPG
 

My Computer

System One

  • OS
    windows 8.1
    Computer type
    Laptop
    System Manufacturer/Model
    Lenovo g750
    CPU
    i5
    Motherboard
    Some Chinese Crap..
    Memory
    8
    Graphics Card(s)
    Nvidia 755
    Antivirus
    Windows Defender
You must log in or register to reply here.
Back
Top