Jump to content
Not connected, Your IP: 18.223.43.106
Sign in to follow this  
l33t

DNS Leak and Comodo

Recommended Posts

Just a quick bit of info: I am planning on using Windows XP SP3 (32-bit) with the VPN service.

One of the posts written by Admin describes how to use Comodo Firewall to block DNS leaks. I am a little confused though as to how this would work. I know Comodo can be used to block access to ranges of IP addresses, but I didn't think it could control which DNS the computer used?

The site http://www.dnsleaktest.com/how-to-fix-a-dns-leak.php states that the solution to the DNS leak problem involves making the computer use a static IP address. The only way I know of to accomplish this is to use command prompt.

I guess the real question is: do I need to set the network adapter to use a static IP address, or can I configure Comodo to keep me safe from DNS leaks?

Share this post


Link to post

Just a quick bit of info: I am planning on using Windows XP SP3 (32-bit) with the VPN service.

One of the posts written by Admin describes how to use Comodo Firewall to block DNS leaks. I am a little confused though as to how this would work. I know Comodo can be used to block access to ranges of IP addresses, but I didn't think it could control which DNS the computer used?

Hello!

It can't control the DNS the computer uses, but it can control DNS leaks. The "trick" is writing correct rules for svchost.exe, which is the responsible for DNS queries (and many other things). However, we recommend to set a more comprehensive set of rules in order to prevent ANY leak, not only DNS leaks, see here for instructions:

https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=3405&Itemid=142

The site http://www.dnsleaktest.com/how-to-fix-a-dns-leak.php states that the solution to the DNS leak problem involves making the computer use a static IP address. The only way I know of to accomplish this is to use command prompt.

DNS leaks have nothing to do with static IP. The SOLUTION recommended on that site to DNS leaks involves setting a static INTERNAL NETWORK IP address, so that it does not vary according to the DHCP-push of your DHCP server (your router, for example). Again, it has nothing to do with static or dynamic IP assigned by your ISP.

I guess the real question is: do I need to set the network adapter to use a static IP address, or can I configure Comodo to keep me safe from DNS leaks?

Go with Comodo, no doubts. It's a better, more practical and more secure solution.

Kind regards

Share this post


Link to post

Would it be possible for you to list all the entry IP's for each server, and update them if they change, somewhere on the site? I like to have all the options available, but don't want to have to connect to each one to get the IP when creating the rules.

Thanks,

JD

Share this post


Link to post

Would it be possible for you to list all the entry IP's for each server, and update them if they change, somewhere on the site? I like to have all the options available, but don't want to have to connect to each one to get the IP when creating the rules.

Thanks,

JD

Hello!

At the moment we prefer not to publish them in the forum. You can obtain them all at once on the configuration generator, selecting all the servers.

Kind regards

Share this post


Link to post

Would there be any possibility of an application besides svchost.exe trying to query the DNS server? If there is, would the global Comodo rule be enough to prevent that query from going through?

Share this post


Link to post

Would there be any possibility of an application besides svchost.exe trying to query the DNS server? If there is, would the global Comodo rule be enough to prevent that query from going through?

Hello!

The Comodo global rules (not the application rules, of course) we recommend in order to prevent leaks do not block DNS queries from svchost.exe or from any other application. They prevent any packet to go outside your internal network, including therefore DNS queries, if and only if there is no connection to one of the Air servers. Nothing in the rules prevents to send out encrypted DNS queries in the tunnel by any application when the device is connected to an Air server.

Please do not hesitate to contact us for any further information.

Kind regards

Share this post


Link to post

I thought the whole risk of DNS leaks was for services to be able to query your ISP's DNS server and thus compromise your anonymity.

If the Comodo rules do not block encrypted DNS queries, isn't there still the risk that those encrypted DNS queries will reveal the true ISP of the computer using the VPN and thus compromise the anonymity of that computer?

Share this post


Link to post

I thought the whole risk of DNS leaks was for services to be able to query your ISP's DNS server and thus compromise your anonymity.

Hello!

Yes, such a query would be sent from your physical network card unencrypted and your ISP would know which resolutions you want to perform. A DNS leak, in our case, is an unencrypted DNS query which does not respect the routing table pushed by an OpenVPN server. Basically it happens on Windows system because every card can have its own, different DNS and svchost.exe runs with highest privileges, taking the unjustified freedom to send out DNS queries from any interface if the previous query from the correct interface does not receive an answer within a short time limit.

If the Comodo rules do not block encrypted DNS queries, isn't there still the risk that those encrypted DNS queries will reveal the true ISP of the computer using the VPN and thus compromise the anonymity of that computer?

Not at all. First, the encrypted DNS queries go out from your tun network card, which has a push to use the Air DNS. Second, even if you, in a momentary lapse of reason, forced the tun adapter to have your ISP DNS (we are talking only about Windows here, which is the only system which, for some reason, allows different DNS for different cards, which is the main source of all DNS leaks), and even if those queries could go out of the Air servers, and even if the ISP had completely open DNS (which is normally not the case), the ISP DNS would see the queries coming from our servers and would respond to our servers.

Kind regards

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...