Guest ZqBxfuxd Posted ... Hello. Two questions/issues regarding DNS: I'm using the OpenVPN software to connect to AirVPN. 1. How to disallow the VPN client to accept and use the pushed Google DNS? Sorry, that's horrible. The VPN connection should use the OpenDNS servers _only_ 2. Why does https://www.dns-oarc.net/oarc/services/dnsentropy show my ISP (ISP DNS) after connecting to VPN? How to stop this DNS leak (without installing a Firewall)? Thanks. Quote Share this post Link to post
Staff 9972 Posted ... Hello.Two questions/issues regarding DNS:I'm using the OpenVPN software to connect to AirVPN.1. How to disallow the VPN client to accept and use the pushed Google DNS? Sorry, that's horrible. The VPN connection should use the OpenDNS servers _only_2. Why does https://www.dns-oarc.net/oarc/services/dnsentropy show my ISP (ISP DNS) after connecting to VPN? How to stop this DNS leak (without installing a Firewall)?Thanks.Hello!1. The pushed DNS is inside our VPN, in order to bypass ICE censorship. Only after a first resolution attempt (necessary to bypass ICE censorship, which of course propagates to all DNS in the world) the DNS query is anonymized and goes out from our servers to Google DNS, which is one of the few DNS systems in the world without censorship. Usage of OpenDNS is not viable for us because we don't accept the censorship perpetrated by OpenDNS and its NN violations. In the past we used our own DNS, but this new system provides significant advantages.2. If you don't want to install a firewall to prevent DNS leaks, you might either renounce to use Windows or, alternatively, set your favorite DNS servers (as primary and secondary) and apply the manual method reported here:http://www.dnsleaktest.com/how-to-fix-a-dns-leak.phpKind regards Quote Share this post Link to post
Jinsong 5 Posted ... I agree, OpenDNS is probably not the best choice due to their filtering/censoring and interception of DNS queries. But if you don't trust Google DNS either (understandably) then you can just choose one of several other global DNS providers instead. You can find them using this DNS Benchmark tool: https://www.grc.com/dns/benchmark.htm Pick the two that are the fastest and most reliable (and preferably non-filtering / non-intercepting), then follow admin's instructions. Basically, all you have to do is go into the TCP/IP properties for your virtual (TAP) network adapter, un-check the "obtain DNS automatically" option, and set the preferred & alternate DNS addresses manually. Now when you run the DNS entropy test again there should be 100% no leaks. :cheer: Quote Share this post Link to post
JamesDean 10 Posted ... http://server.privacyfoundation.de/index_en.html Non-Censorship JD Quote Share this post Link to post