Jump to content
Not connected, Your IP: 13.59.106.251
Sign in to follow this  
BeatTakeshi

DNS Leak

Recommended Posts

configure your firewall to block outbound UDP packets to port 53 EXCEPT for packets sent from the VPN interface (10.0.0.0/8) - assuming you're on a LAN where your LAN IP is something else, like 192.168.x.x.

Share this post


Link to post

Hello!

On top the good solution by worric, if you use the Air client you might like to add to your hosts file the line:

46.105.19.36 airvpn.org

This is because when you are not connected to the VPN your system will not be able anymore to perform DNS resolution, preventing Air to connect via SSL to our frontend (airvpn.org). airvpn.exe connects via SSL/TLS to airvpn.org in order to provide some commodities and download certificates, key and generate on the fly a configuration according to your choices.

With the addition of that line, your system will not need anymore to send a DNS query to resolve airvpn.org. If you use OpenVPN directly, or any other OpenVPN GUI/wrapper, you don't need that (all the files you need are already in your HDD, while the commodities are available on our website).

Kind regards

Share this post


Link to post

Maybe I'm a little bit dumb for this, but I have the leaked dns problem, too.

I applied the fix, but I still have these issues. I have 6 connections on my computer, LAN 2 (192.168.0.12), LAN 5 (10.x.x.x), VirtualBox Host-Adapter (Disabled), TeamViewer VPN (169.254.x.x), Bluetooth-Network (169.x.x.x) and a Firewire one. Every connection has an IPv6 connection to, because my ISP is in IPv6 beta stage for some of their customers.

I made the DNS Leak fix with the setup file, didn't work. I tried manually, but at the step with the static dns to 0.0.0.0 it fails with the message that this DNS doesn't exist.

I blocked port 55 on all adapters for UDP. I added the airvpn IP to my hosts.

But I still have DNS leaks with my ISP DNS servers.

Share this post


Link to post

Maybe I'm a little bit dumb for this, but I have the leaked dns problem, too.

I blocked port 55 on all adapters for UDP. I added the airvpn IP to my hosts.

But I still have DNS leaks with my ISP DNS servers.

Hello!

You should block packets with destination port 53 UDP, not 55, and only from your physical interface. Do not block traffic from your TUN/TAP interface, otherwise your system will not be able to send out DNS queries, not even when connected to the VPN.

Kind regards

Share this post


Link to post

Ok, did it, but now I have trouble. It seems my firewall is not so easy to configure because when I do this for the physical adapter, my whole system has no Port 53 access in any way. Sometimes I hate things like personal firewalls. On my Mac I have no problems, Tunnelblick does all the work alone without any DNS leaks. Maybe I will only use my Mac in the future together with VirtualBox and a Win7 VM.

Or I find out how this works with G-Data Internet Security.

Thanks.

Share this post


Link to post

Ok, did it, but now I have trouble. It seems my firewall is not so easy to configure because when I do this for the physical adapter, my whole system has no Port 53 access in any way. Sometimes I hate things like personal firewalls. On my Mac I have no problems, Tunnelblick does all the work alone without any DNS leaks. Maybe I will only use my Mac in the future together with VirtualBox and a Win7 VM.

Or I find out how this works with G-Data Internet Security.

Thanks.

Hello!

You might like to switch to Comodo (for which full instructions are provided in this forum) or ask for support from G-Data Internet Security support team.

And yes, DNS leak is a typical Windows problem, not a Linux or BSD one (Mac OSX has been built on BSD - quite funny in the light of the Apple wars against free and open source software :) ), because Windows allows each adapter to have its own DNS.

Kind regards

Share this post


Link to post

Already get it done on Windows. Was easy, I just had to open the Advanced dialogs. ^^ Comodo doesn't work well toegther with G-Data Anti-Virus and ThreatFire. Those 2 together with Comodo Firewall end up in a system freeze.

I just have to find out or email G-Data about how I can switch the Ruleset for an adapter via batch. Its funny that every adapter can have its own firewall ruleset. ^^

Yeah, I prefer Mac, but only got a MacMini 2. Generation. Its slow even after I upgraded my memory to 4GB. But I will get myself an iMac 27 from my christmas bonus. ^^

Share this post


Link to post

Could you please give me step by step instructions for this? I have tried doing it and there is still a DNS leak. All the change did was move the area on the leak test to a different state but I still see my ISP.

Share this post


Link to post

Could you please give me step by step instructions for this? I have tried doing it and there is still a DNS leak. All the change did was move the area on the leak test to a different state but I still see my ISP.

Hello!

You can put a definitive end to DNS leak by configuring properly your firewall. Please see the instructions permanently linked to the announcements section of the forum, according to your system ("Prevent leaks...").

Kind regards

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...