DNS leaking confusion.

[pietro99 2]

I didn't even know until this morning thet there was such as thing as DNS leaking, so when I tested and found my ISP server showing up I am now wondering how much anonymity I have been getting. My fault for not reading everything properly at the beginning.

 

I tried VPNcheck pro but it does not seem to like Windows 8.1. Stopped the leaks but I couldn't close or restart my PC normally.

 

I looked at some threads on these forums and also Googled.

 

I ended up altering the adapter settings, leaving "Obtain IP address automatically" and altering the DNS setting to those of Comodo public servers which were suggested in one of the articles I read. This seems to work perfectly well, no more leaks and normal download speeds.

 

Then I read another therad about Airvpn DNS servers which was much more complex eg going into command prompt and making many more changes.

 

So my question is: Is it OK to leave the settings that I have made or do I need to go through the Airvpn servers?

 

Thanks.

 

 

[SlyFox 10]

It's fine to leave the comodo DNS. But I don't know their privacy policy on their logs. I know that if you use Norton DNS they delete logs every 24 hours. You can also use some open nic DNS that doesn't even log to begin with. But as long as you are no longer leaking you are good.

[pietro99 2]

Thank you. I also couldn't find info on Comodo logs, so I changed to an open nic DNS and all seems fine. 

 

It would be nice if the airVPN client had the ability to stop DNS leaks as I see some others do. Then presumably my  6months of DNS leaks would not have happened. I also see there are some that automatically disconnect if the VPN drops out. Maybe there is a good reason why all the clients don't have these 2 options.

[clown 1]

I'm using AirVPN on DDWRT router, I noticed yesterday that ipleak and DNS leak test are showing my ISP DNS server. << I usually check these sites every few days, so this is new.

 

I upgraded the DDWRT firmware on my router and the new version TLS cipher has no option for "AES-256 SHA" as previous version did.  THIS forum advised to set TLS cipher to "None" I did this and the VPN is functioning normally, except for the DNS leaks.

 

Could the TLS cipher setting have anything to do with the DNS leaks??

 

Thanks.

[Staff 9750]

Could the TLS cipher setting have anything to do with the DNS leaks??

 

Thanks.

 

Hello!

 

No, it doesn't. Just set 10.4.0.1 as primary DNS in your router in order to query the VPN DNS. Set a public DNS server IP address as secondary DNS to allow names resolution when the router is not connected to the VPN. OpenNIC may be a good choice, see http://opennicproject.org

 

As a side note, what you're experiencing is not a DNS leak, which occurs only on Windows (the only OS lacking the concept of global DNS): the router is just doing what you instructed it to do, i.e. query the configured DNS.

 

Kind regards

[clown 1]

Thanks for the reply but this doesn't answer my question.

 

Maybe I'm being really dumb.

 

First of all, my OS is Linux Mint.

 

I have AirVPN installed on my DDWRT router.  My config is as follows:

 

Setup tab>>Basic setup tab>>network setup>>router IP>>local DNS = Opennic DNS address

 

Setup tab>>Basic setup tab>>network setup>>network address server settings (DHCP)>>static DNS1 = 10.4.0.1

 

Setup tab>>Basic setup tab>>network setup>>network address server settings (DHCP)>>static DNS2 = Opennic DNS address

 

As a side note, what you're experiencing is not a DNS leak, which occurs only on Windows (the only OS lacking the concept of global DNS): the router is just doing what you instructed it to do, i.e. query the configured DNS.

When I check IPLeak or DNSleaktest web sites, my ISP is displayed under detected DNS address, are you saying this is NOT really a DNS leak??

 

Set a public DNS server IP address as secondary DNS to allow names resolution when the router is not connected to the VPN.

 

My router should always be connected to the VPN, unless I disable OpenVPN client in DDWRT, correct????

 

Thanks for your help.

[Staff 9750]

 

When I check IPLeak or DNSleaktest web sites, my ISP is displayed under detected DNS address, are you saying this is NOT really a DNS leak??

 

Hello!

 

Exactly. According to your very own description nowhere in the router your ISP DNS IP addresses are specified. So your router just does not know your ISP DNS.

 

Kind regards

[clown 1]

WTF??????????

 

So, when I check IPLeak or DNSleaktest web sites and my ISP'S DNS server address ISP name are displayed, this is really not a DNS leak?????????????????????????????????????????????

 

What is the purpose of these web sites then?

[Staff 9750]

@clown

 

Hello!

 

As a side note, just a quick warning: watch your language or you will be permanently banned from writing into our forums.

 

A DNS leak is a DNS query that's sent unencrypted (outside the tunnel) against the computer owner configuration. If your system queries a public DNS, or even your ISP DNS if it's not restricted to the ISP network, according to the owner configuration, it is not a DNS leak when:

 

- the query is sent inside the tunnel, OR

- the query does respect the system owner configuration

 

You can query any DNS server you like from inside the tunnel. Our servers will just send your query out as they do with any other packet (no discrimination againt any protocol). The purpose of web sites like dnsleaktest is to show which DNS your system queries. The results can be used as hints to DNS leaks for further investigations.

 

The only known system which "overrides" the owner configuration with DNS queries is Windows (due to lack of proper DNS implementation). In Windows each network card can have different DNS, simply because the concept of global DNS is totally missing since more than 20 years ago. The process svchost.exe (which is responsible for many tasks, including DNS queries), under various cases tries to send out queries to all the DNS IP addresses listed in every and each card, without regards to routing and any other configuration. Therefore web sites like ipleak.net can be very useful especially for Windows users.

 

According to your very own description there's no DNS leak from your DD-WRT system, as it was to be expected, since DNS leaks do not affect non-Windows systems.

 

Kind regards

[Essence 0]

This is something that really confused me when I first started using your service.

 

I'm on Windows and when I checked ipleak.net (using Firefox in privacy mode in case something in the cache was interfering) while connecting to the VPN using the default client, it showed my ISP's DNS servers. If I checked dnsleaktest.com, it showed your DNS.

 

 

My modem gets its DNS from my ISP.

 

When I connect using the default client, my NIC (configured with DHCP) is set to my modem for DNS, which (I assume) forwards it my ISP. But there is also the TAP adapter which has your DNS. Does the TAP adapter override the DNS setting on the NIC? Why is dnsleaktest.com not showing a leak but ipleak.net is?

 

When I connect using the 2.1 beta client, ipleak.net no longer shows a leak. The difference seems to be that my NIC is changed from DHCP to static and points the DNS to you (10.4.0.1).

 

If I connect using the default client and manually change the DNS from "Automatically detect" to 10.4.0.1, then ipleak.net no longer shows my ISP's DNS -  it shows yours.

 

 

Was there really a leak with the default client? (Which would mean dnsleaktest.com simply isn't trustworthy.)

Was it a false positive for ipleak.net? (If so, what instructions could you give a layperson to figure out whether there really is a leak or not?)

 

If there is a leak with the default client, I think it would help to direct people to change their DNS setting right on the Enter page (https://airvpn.org/enter/), or people might miss it (I did for the first day or so until I found and tried ipleak.net).

 

Of course, all of this may be irrelevant in a few weeks after the new client is released.

[Staff 9750]

Hello!

 

The first correct DNS detection was by ipleak.net. According to your description, that was a real DNS leak: a DNS query was sent outside the tunnel to your router which sent it to your ISP DNS server. The reply followed all the way back up to your Windows box.

 

The confusion you claim is normal. To understand the behavior you must consider first and foremost that Windows lacks the concept of global DNS. DNS servers can only be defined inside network cards (a configuration which must be customized to be replicated on system where DNS is properly implemented). You have also to consider that svchost.exe is the system process running with very high privileges which (amongst many other things) reads DNS addresses from network card configurations and sends DNS queries out.

 

Now, even when a routing table and a default gateway are correctly defined in a way that only DNS of a certain interface should be queried, svchost.exe reads anyway all the DNS servers IP addresses of all cards. In some circumstances (apparently in a random way, but probably there's some underlying "rule") svchost.exe sends DNS queries to different DNS servers listed in other network cards. All the trouble is caused by this particular DNS implementation in all Windows systems which still nowadays lack the concept of global DNS.

 

Eddie client has a feature for Windows that prevents DNS leaks, as you are already aware of, by forcing the correct DNS on other network cards, besides the tun/tap adapter. Client 1.92 and older versions do not have this feature.

 

Kind regards