l33t 2 Posted ... Just a quick bit of info: I am planning on using Windows XP SP3 (32-bit) with the VPN service. One of the posts written by Admin describes how to use Comodo Firewall to block DNS leaks. I am a little confused though as to how this would work. I know Comodo can be used to block access to ranges of IP addresses, but I didn't think it could control which DNS the computer used? The site http://www.dnsleaktest.com/how-to-fix-a-dns-leak.php states that the solution to the DNS leak problem involves making the computer use a static IP address. The only way I know of to accomplish this is to use command prompt. I guess the real question is: do I need to set the network adapter to use a static IP address, or can I configure Comodo to keep me safe from DNS leaks? Quote Share this post Link to post
sunnymorning 1 Posted ... just set your wifi adapter to a static address and voila no leaks simple as pie , no cmd required , cheers Quote Share this post Link to post
Staff 9973 Posted ... Just a quick bit of info: I am planning on using Windows XP SP3 (32-bit) with the VPN service.One of the posts written by Admin describes how to use Comodo Firewall to block DNS leaks. I am a little confused though as to how this would work. I know Comodo can be used to block access to ranges of IP addresses, but I didn't think it could control which DNS the computer used?Hello!It can't control the DNS the computer uses, but it can control DNS leaks. The "trick" is writing correct rules for svchost.exe, which is the responsible for DNS queries (and many other things). However, we recommend to set a more comprehensive set of rules in order to prevent ANY leak, not only DNS leaks, see here for instructions:https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=3405&Itemid=142The site http://www.dnsleaktest.com/how-to-fix-a-dns-leak.php states that the solution to the DNS leak problem involves making the computer use a static IP address. The only way I know of to accomplish this is to use command prompt.DNS leaks have nothing to do with static IP. The SOLUTION recommended on that site to DNS leaks involves setting a static INTERNAL NETWORK IP address, so that it does not vary according to the DHCP-push of your DHCP server (your router, for example). Again, it has nothing to do with static or dynamic IP assigned by your ISP.I guess the real question is: do I need to set the network adapter to use a static IP address, or can I configure Comodo to keep me safe from DNS leaks?Go with Comodo, no doubts. It's a better, more practical and more secure solution.Kind regards Quote Share this post Link to post
JamesDean 10 Posted ... Would it be possible for you to list all the entry IP's for each server, and update them if they change, somewhere on the site? I like to have all the options available, but don't want to have to connect to each one to get the IP when creating the rules. Thanks, JD Quote Share this post Link to post
Staff 9973 Posted ... Would it be possible for you to list all the entry IP's for each server, and update them if they change, somewhere on the site? I like to have all the options available, but don't want to have to connect to each one to get the IP when creating the rules.Thanks,JDHello!At the moment we prefer not to publish them in the forum. You can obtain them all at once on the configuration generator, selecting all the servers.Kind regards Quote Share this post Link to post
JamesDean 10 Posted ... Makes sense, didn't even think of doing that :-) Thanks! JD Quote Share this post Link to post
l33t 2 Posted ... Would there be any possibility of an application besides svchost.exe trying to query the DNS server? If there is, would the global Comodo rule be enough to prevent that query from going through? Quote Share this post Link to post
Staff 9973 Posted ... Would there be any possibility of an application besides svchost.exe trying to query the DNS server? If there is, would the global Comodo rule be enough to prevent that query from going through?Hello!The Comodo global rules (not the application rules, of course) we recommend in order to prevent leaks do not block DNS queries from svchost.exe or from any other application. They prevent any packet to go outside your internal network, including therefore DNS queries, if and only if there is no connection to one of the Air servers. Nothing in the rules prevents to send out encrypted DNS queries in the tunnel by any application when the device is connected to an Air server.Please do not hesitate to contact us for any further information.Kind regards Quote Share this post Link to post
l33t 2 Posted ... I thought the whole risk of DNS leaks was for services to be able to query your ISP's DNS server and thus compromise your anonymity. If the Comodo rules do not block encrypted DNS queries, isn't there still the risk that those encrypted DNS queries will reveal the true ISP of the computer using the VPN and thus compromise the anonymity of that computer? Quote Share this post Link to post
Staff 9973 Posted ... I thought the whole risk of DNS leaks was for services to be able to query your ISP's DNS server and thus compromise your anonymity.Hello!Yes, such a query would be sent from your physical network card unencrypted and your ISP would know which resolutions you want to perform. A DNS leak, in our case, is an unencrypted DNS query which does not respect the routing table pushed by an OpenVPN server. Basically it happens on Windows system because every card can have its own, different DNS and svchost.exe runs with highest privileges, taking the unjustified freedom to send out DNS queries from any interface if the previous query from the correct interface does not receive an answer within a short time limit.If the Comodo rules do not block encrypted DNS queries, isn't there still the risk that those encrypted DNS queries will reveal the true ISP of the computer using the VPN and thus compromise the anonymity of that computer?Not at all. First, the encrypted DNS queries go out from your tun network card, which has a push to use the Air DNS. Second, even if you, in a momentary lapse of reason, forced the tun adapter to have your ISP DNS (we are talking only about Windows here, which is the only system which, for some reason, allows different DNS for different cards, which is the main source of all DNS leaks), and even if those queries could go out of the Air servers, and even if the ISP had completely open DNS (which is normally not the case), the ISP DNS would see the queries coming from our servers and would respond to our servers.Kind regards Quote Share this post Link to post