Beware of Windows 10 DNS resolver and DNS Leaks

[nitehawk 4]

This is old news but a month ago when i noticed the  issue with my other VPN service..i tried Air and found the same thing happening

all my DNS were plain as day through Wireshark

 

one article

https://medium.com/@ValdikSS/beware-of-windows-10-dns-resolver-and-dns-leaks-5bc5bfb

 

and another from homelands security's

 

https://www.us-cert.gov/ncas/alerts/TA15-240A

 

 

i couldent find much on the forums so i thought  id ask if any fixes have been now put in place here?

last time i used air i could see DNS requests plain as day

 

does anyone else see their requests clear as day  through wireshark with VPN on?

 

edit..and no i do not personally have any leaks when using dnsleattest or ipleak.net

before i get asked..id ont

have ipv6 either

im not a naive internet user..

Thanks

[zhang888 1066]

The title should be, "Beware of Windows 10". Period.

There is a solution for this, from the same user who actively researched this issue before,

https://github.com/ValdikSS/openvpn-fix-dns-leak-plugin

 

I didn't test it but there is a topic on another forum that says it helps.

[nitehawk 4]

yes..yes

 

how do u add it to say..the program that one would have to download from airvpn ,
or would they (the vpn providers ) have to add it in during their next builds and release?
ive been trying to figure out where to add the file.
i dont have openvpn..just the app on win 10 that the vpn companys let ya download

[zhang888 1066]

All the providers are just wrapping up the native OpenVPN client with some GUI options.

So all you have to do is adding a custom directive called "plugin xxx.dll" and the OpenVPN

client will load that DLL from the directory you provide.

 

The same can be configured using the Windows firewall as well, you can just block port 53 on

specific interfaces. So this plugin is not really necessary, but it provides a solution in case you

don't use your VPN connection 24/7.

[nitehawk 4]

oh so its as simple as firewalling port 53?..i don't use vpn 24/7 so yeah

is that what u saying?

ive never had to  open or close ports on firewall so not quite sure how to..google be my friend i guess

[YLwpLUbcf77U 32]

Is there any worry if IPLEAK.net shows no leaks on Windows 10?

[nitehawk 4]

Well this is how a DNS requests looks like in wireshark and VPN running when nearly everything else is jumbled text..

https://imgur.com/BkoNiB6

every single dns request is clear as day

for anyone too see thats keen too look. MITM attacks n so  forth (Man In the middle) or like in Australia with the new metadata retention.

i could be wrong that anyone can see it

[mazeman23 0]

how can you add this plugin to the airvpn client ? i don´t find the config file to the  custom directive in.

[nitehawk 4]

that's what i would like too know.

seems this threads getting ignored when (i might be wrong)

but everyone that uses a VPN for SAFETY is getting compromised when using Windows 10

can someone that knows how it works or if im wrong please chime in?

[Staff 10014]

that's what i would like too know.

seems this threads getting ignored when (i might be wrong)

but everyone that uses a VPN for SAFETY is getting compromised when using Windows 10

can someone that knows how it works or if im wrong please chime in?

 

Hello,

 

not at all. In short, just enable Network Lock.

 

Eddie already sets by default all interfaces DNS to 10.4.0.1.

 

If you fear that in some hot-spot the network administrator knows the AirVPN DNS server private IP, knows that you're using AirVPN and knows how to hijack the DNS queries sent to 10.4.0,1 by the physical interface thanks to the idiotic DNS implementation in Windows, then just enable Network Lock.

 

Kind regards

[nitehawk 4]

Hi , Thankyou for the replies

but im talking about when actually connected to the vpn itself..not dropping out and lockin the network

the dns still comes through clear as day . and not on hotspot

i thought all dns requests had to be scrambled like everything else?

or am i wrong about dns

 

https://imgur.com/PeoUAvo

another wireshark of dns with vpn on.

where is the network requests going to - from?

out to the clear or via the vpn network

 

edit..this is the DNS server that the requests are going to  too make it easyer

37.221.175.198

 

thanks

[zhang888 1066]

From your screenshot provided, the Windows 10 DNS leak part is missing, you have to capture it longer.

When you specify a public IP in your DNS - such as the one above, it will cause a leak since this IP is

accessible on other interfaces as well. Only if you set your DNS to a private IP, such as 10.4.0.1, your

DNS queries will be protected and no leak can occur - since you can only access the 10.4.0.1 IP when

VPN is connected. Or like Staff said, when some malicious admin wants to MITM you if you are on

Windows 10, network lock can help you.

[nitehawk 4]

ok..im not  sure i can post a longer wireshark log here

but i think i know what your saying.so all in all we are safe..

 

edit..im.in Australia and use Open Nic DNS which has a no logging policy which is now rare in australia