Jump to content
Not connected, Your IP: 54.159.186.146
nitehawk

Beware of Windows 10 DNS resolver and DNS Leaks

Recommended Posts

This is old news but a month ago when i noticed the  issue with my other VPN service..i tried Air and found the same thing happening

all my DNS were plain as day through Wireshark

 

one article

https://medium.com/@ValdikSS/beware-of-windows-10-dns-resolver-and-dns-leaks-5bc5bfb

 

and another from homelands security's

 

https://www.us-cert.gov/ncas/alerts/TA15-240A

 

 

i couldent find much on the forums so i thought  id ask if any fixes have been now put in place here?

last time i used air i could see DNS requests plain as day

 

does anyone else see their requests clear as day  through wireshark with VPN on?

 

edit..and no i do not personally have any leaks when using dnsleattest or ipleak.net

before i get asked..id ont

have ipv6 either

im not a naive internet user..

Thanks

Share this post


Link to post

The title should be, "Beware of Windows 10". Period.

There is a solution for this, from the same user who actively researched this issue before,

https://github.com/ValdikSS/openvpn-fix-dns-leak-plugin

 

I didn't test it but there is a topic on another forum that says it helps.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

yes..yes

 

how do u add it to say..the program that one would have to download from airvpn ,
or would they (the vpn providers ) have to add it in during their next builds and release?
ive been trying to figure out where to add the file.
i dont have openvpn..just the app on win 10 that the vpn companys let ya download

Share this post


Link to post

All the providers are just wrapping up the native OpenVPN client with some GUI options.

So all you have to do is adding a custom directive called "plugin xxx.dll" and the OpenVPN

client will load that DLL from the directory you provide.

 

The same can be configured using the Windows firewall as well, you can just block port 53 on

specific interfaces. So this plugin is not really necessary, but it provides a solution in case you

don't use your VPN connection 24/7.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

oh so its as simple as firewalling port 53?..i don't use vpn 24/7 so yeah

is that what u saying?

ive never had to  open or close ports on firewall so not quite sure how to..google be my friend i guess

Share this post


Link to post

Well this is how a DNS requests looks like in wireshark and VPN running when nearly everything else is jumbled text..

https://imgur.com/BkoNiB6

every single dns request is clear as day

for anyone too see thats keen too look. MITM attacks n so  forth (Man In the middle) or like in Australia with the new metadata retention.

i could be wrong that anyone can see it

Share this post


Link to post

that's what i would like too know.

seems this threads getting ignored when (i might be wrong)

but everyone that uses a VPN for SAFETY is getting compromised when using Windows 10

can someone that knows how it works or if im wrong please chime in?

Share this post


Link to post

that's what i would like too know.

seems this threads getting ignored when (i might be wrong)

but everyone that uses a VPN for SAFETY is getting compromised when using Windows 10

can someone that knows how it works or if im wrong please chime in?

 

Hello,

 

not at all. In short, just enable Network Lock.

 

Eddie already sets by default all interfaces DNS to 10.4.0.1.

 

If you fear that in some hot-spot the network administrator knows the AirVPN DNS server private IP, knows that you're using AirVPN and knows how to hijack the DNS queries sent to 10.4.0,1 by the physical interface thanks to the idiotic DNS implementation in Windows, then just enable Network Lock.

 

Kind regards

Share this post


Link to post

Hi , Thankyou for the replies

but im talking about when actually connected to the vpn itself..not dropping out and lockin the network

the dns still comes through clear as day . and not on hotspot

i thought all dns requests had to be scrambled like everything else?

or am i wrong about dns

 

https://imgur.com/PeoUAvo

another wireshark of dns with vpn on.

where is the network requests going to - from?

out to the clear or via the vpn network

 

edit..this is the DNS server that the requests are going to  too make it easyer

37.221.175.198

 

thanks

Share this post


Link to post

From your screenshot provided, the Windows 10 DNS leak part is missing, you have to capture it longer.

When you specify a public IP in your DNS - such as the one above, it will cause a leak since this IP is

accessible on other interfaces as well. Only if you set your DNS to a private IP, such as 10.4.0.1, your

DNS queries will be protected and no leak can occur - since you can only access the 10.4.0.1 IP when

VPN is connected. Or like Staff said, when some malicious admin wants to MITM you if you are on

Windows 10, network lock can help you.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

ok..im not  sure i can post a longer wireshark log here

but i think i know what your saying.so all in all we are safe..

 

edit..im.in Australia and use Open Nic DNS which has a no logging policy which is now rare in australia

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...