Jump to content
Not connected, Your IP: 18.218.71.21
rubix

Dabbling with Tor. Getting DNS leaks?

Recommended Posts

On Ubuntu LTS, decided to dabble with Tor over AirVPN. Using Tor Browser Bundle 4.0.2.

 

AirVPN connection tested with ipleak.net and dnsleaktest.com. IP address and Detected DNS Address match. No leak.

 

Then launched TBB. Says I'm using Tor IP, but DNS address matches my ISP's, not AirVPN's.

 

Is this due to a failure to configure AirVPN properly or Tor Browser Bundle? Thank you.

Share this post


Link to post

All of Tor Browser's DNS requests are supposed to go through a Tor exit node - not AirVPN's DNS server! There is a browser setting in about:config

 

network.proxy.socks_remote_dns
 

 


which must be set to "true" (that's Tor Browser's default, so if you didn't change it, no need to do anything.)

If you changed that setting to false, DNS requests would be sent to your system instead (but Tor Browser would notice this and warn you with a crossed onion logo).
Even if that's what happened, you shouldn't see your ISP's DNS server, but AirVPN's.

One possible scenario I can think of:
The Tor exit node happened to use the same DNS server.

Here is what you should do - in this order. Don't skip steps:

1. Connect to AirVPN and verify that your other (non-Tor) browsers don't leak DNS
2. Remove Tor Browser, download a new copy
3. Verify that Tor Browser doesn't leak DNS (exit nodes use all kinds of different DNS servers - you often see "Google Business" or OpenDNS)
4. Click the Tor button, get a "New Identity" (Tor Browser will restart)
5. Repeat DNS leak test in Tor Browser. Different exit nodes usually use different DNS servers, so you should see changing DNS addresses in your leak test, not only one and the same all the time. Repeat steps 4 and 5 a few times, you will see changes eventually.

6. If you verify that there's indeed a problem with vanilla Tor Browser somewhere in steps 2 through 5, and only then, you should contact the Tor support people directly (IRC or email):

https://www.torproject.org/about/contact.html.en#support

I highly doubt it though, I'm sure it's something else, maybe just odd luck that some exit node used the same (or a similar-looking) DNS server as your ISP.


all of my content is released under CC-BY-SA 2.0

Share this post


Link to post

I use TOR over Air all the time.  I don't take chances and I handle total control myself.  First I connect using Air "Eddie", then I enable UFW to ONLY allow tun0 in and out of the machine.  tun0 is obviously Air's dns and my TBB (TOR) runs through tun0 to the net.  I have never seen anything but Air's dns and I have hit the tunnel from every angle I can think of to verify its solid.

Share this post


Link to post

I am an idiot. My network is set up to use the same, common DNS servers, not my ISP's. Misinterpreted what I saw. Selecting "New Identity" results in properly updating DNS server lists.

 

Thank you for the responses.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...