DNS leaks on Linux

[stupidcats 14]

 

 

 

 

You said in another topic (this one) that there are no DNS Leaks on Linux. However, I'm using Ubuntu 14.04 (64bit) and I'm having DNS leaks, as one can see in the attachment to this post. 

 

I'm using the AirVPN Client and under "Preferences" - "Advanced" I've tried both "Resolvconf" and "Renaming". I've had DNS leaks with both.

 

How should I fix it? Why am I having DNS leaks in Linux if that's not supposed to happen?

 

 

 

 

[Staff 10014]

Hello!

 

That's right, there are no DNS leaks on Linux. Can we see the content of your /etc/resolv.conf file before and after a connection to a VPN server, with method "Renaming"?

 

Maybe your system sends to your ISP IPv6 DNS queries.

 

Kind regards

[stupidcats 14]

Hey there,

 

Thanks for getting back at me!

 

The requested info is the following:

 

WHILE NOT CONNECTED:

 

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)

#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN

nameserver 127.0.1.1

search home

 

WHILE CONNECTED:

 

# Automatically generated by AirVPN client v2.4 | https://airvpn.org . Any manual change will be overridden.

 

nameserver 10.4.0.1

[stupidcats 14]

Any news on this? I'm having the same problem again - dns leaking on ipleak.net

[rickjames 106]

If you're using the client update to the latest version: https://airvpn.org/linux_ex/

 

I haven't used ubuntu in a while but I'm guessing it has a network manager. ​

 

If that's the case go into the network manager and edit the ipv4.

​Try setting the dns to manual and adding in 10.4.0.1 ​

​

​If its still leaking then check the resolv.conf again while the air client is connected.

​As I said I haven't used ubuntu in ages but there's really not many things that would cause a leak.

​

​You might also wanna consider only allowing out to 10.4.0.1 on port 53 with iptables. But the 2.6 client should do that for you.

[leeban 0]

I also had this issue on Linux, but if you have everything ticked in Preferences > Advanced and have DNS Mode as Renaming (Linux) it should fix it.

[iwih2gk 94]

I can confirm if Eddie 2.6 is configured correctly -- there is NO dns leak on 14.04.  Under options; I use renaming and also have "ticked" to verify AirVpn dns/tunnel is being used.  I do NOT have the network lock enabled.  I personally use UFW locked to tun0 in lieu of the network lock because I want/need device isolation on my LAN.

[stupidcats 14]

 

Again, DNS Leaks, or whatever that is since "there's no DNS leaks on linux"..

 

What am I doing wrong? What should I do to fix this?

 

Here's the contents of resolv.conf while connected to the VPN:

 

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)

#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN

nameserver 10.4.0.1

nameserver 127.0.1.1

search home

 

 

I have everything ticked in advanced (other than "Expert Mode") and I'm using "Renaming". I get dns leaks (or whatever) with resolvconf. 

 

[zhang888 1066]

Try this:

 

iptables -t nat -A PREROUTING -s 0/0 -p udp --dport 53 -j DNAT --to 10.4.0.1

iptables -t nat -A PREROUTING -s 0/0 -p tcp --dport 53 -j DNAT --to 10.4.0.1

[rickjames 106]

Removing the below lines from the resolv.conf should fix it.

nameserver 127.0.1.1

search home

 

But if you're using the 2.7 client and have the dns options checked in the gui this shouldn't be an issue. What browser are you running / testing with?

[ofiris 15]

I'm having exactly the same issue as OP.

 

 

I can confirm if Eddie 2.6 is configured correctly -- there is NO dns leak on 14.04.  Under options; I use renaming and also have "ticked" to verify AirVpn dns/tunnel is being used.  I do NOT have the network lock enabled.  I personally use UFW locked to tun0 in lieu of the network lock because I want/need device isolation on my LAN.

 

No, you can not confirm that. You not having DNS leaks (or whatever that is) does not mean "there is NO dns leak". It just means you're not having DNS leaks. 

[Staff 10014]

I'm having exactly the same issue as OP.

 

 

I can confirm if Eddie 2.6 is configured correctly -- there is NO dns leak on 14.04.  Under options; I use renaming and also have "ticked" to verify AirVpn dns/tunnel is being used.  I do NOT have the network lock enabled.  I personally use UFW locked to tun0 in lieu of the network lock because I want/need device isolation on my LAN.

 

No, you can not confirm that. You not having DNS leaks (or whatever that is) does not mean "there is NO dns leak". It just means you're not having DNS leaks. 

 

 

Hello!

 

Linux queries global DNS servers that are specified. Windows queries DNS servers specified on every and each network card, even with an apparently random behavior.

 

A DNS leak occurs when a DNS server is queried against system settings for a particular connection. This can happen if a system lacks the concept of global DNS and starts querying randomly all the DNS servers it can find anywhere configured in any network card.  Since Windows lacks the concept of global DNS and Linux does not, a DNS leak by definition can occur on Windows and can not occur on Linux. On 100% of the cases, so-called DNS leaks on Linux are configuration mistakes.

 

Kind regards

[lsat 23]

stupidcats, how did you install your internet connection with your ISP?

Did you use Ubuntu Network manager only or did you use the 3rd party setup manager (provided or recommended by your ISP, for instance)?

In former case please check up DNS parameters there and what did you mark in it.

In latter case there ultimately be a parameter in advanced settings which allow to suppress all other DNS settings and use your ISP's DNS.

 

=====

When you type in the terminal

 

nslookup -type=txt debug.opendns.com. 208.67.222.222
 

 

 

what is the response?

[ofiris 15]

 

stupidcats, how did you install your internet connection with your ISP?

Did you use Ubuntu Network manager only or did you use the 3rd party setup manager (provided or recommended by your ISP, for instance)?

In former case please check up DNS parameters there and what did you mark in it.

In latter case there ultimately be a parameter in advanced settings which allow to suppress all other DNS settings and use your ISP's DNS.

 

=====

When you type in the terminal

 

nslookup -type=txt debug.opendns.com. 208.67.222.222
 

 

 

what is the response?

Hello,

 

To connect to internet, all I did was plug the ethernet cable in my computer and voila. I didn't change anything else. 

 

Plugging the command you told me, I get the following output:

 

 

Server: 208.67.222.222
Address: 208.67.222.222#53


Non-authoritative answer:



Authoritative answers can be found from:
 

 

Please let me know if there's anything in said output that should not be public, so I can edit it out.

[lsat 23]

if there's anything in said output that should not be public

 

To protect your privacy, delete all  after Non-authoritative answer

 

Your ISP allows other parties' DNS.

 

So the problem is in your settings.

 

Try the following:

https://support.opendns.com/entries/38042814-Ubuntu

 

One more point.

There can be more than one resolv.conf file in your system. So you have to use "find" option to find and correct (sudo gedit /YOUR_PATH/resolv.conf)   all of them to

 

nameserver 208.67.222.222
nameserver 208.67.220.220
 

 

 

If you have to install openvpn  manually then  in this case you  ultimately  have to correct manually update-resolv-conf.sh

At any case it is worth  checking path in update-resolv-conf.sh

 

sudo gedit /etc/openvpn/update-resolv-conf.sh
 

 

 

initially

 

#RESOLVCONF=/usr/bin/resolvconf
 

 

 

should be

 

RESOLVCONF=/YOUR/ real/ location/ of/resolvconf
 

[ofiris 15]

I contacted support and they solved my problem. Using "renaming" should fix the issue (though I'm almost sure I once had a DNS leak while using that). My resolv.conf now looks ok.

 

There are two files in my /etc/ folder, one resolv.conf and another resolv.conf.airvpn. The first looks ok, the second one does not. Hopefully it's not used.