Jump to content


Photo
* * * * * 4 votes

DNS leaks and how to fix them

dns leaks

  • Please log in to reply
55 replies to this topic

#21 jasonked

jasonked

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 21 June 2014 - 08:02 PM

I have always experienced DNS leaks with all the VPNs I have tried, so I usually go to http://www.opennicproject.org/ and configure my rooter with the DNS servers given in this page which are the nearest to the VPN location. This is an anonymous DNS service.

 

But after reading this thread I suppose I rather use  10.4.0.1 and 10.5.0.1 servers as these are advised my AirVpn staff.

This is the easiest thing to do IMO especially for new users. Instead of trying to stop the system using an untrusted yet available DNS service just make sure all the available ones are ones you trust.



#22 perhentian

perhentian

    Advanced Member

  • Members
  • PipPipPip
  • 31 posts

Posted 25 September 2014 - 10:36 AM

Use the new Eddie client (ver 2.6). In advances settings you check the settings: "check if tunnel is using the airvpn dns" and "Force dns".

Made my leakes dissappear!

#23 dsfsdfds

dsfsdfds

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 02 February 2015 - 04:19 AM

Thanks, OP. This really helped! 



#24 m0nk3n

m0nk3n

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 03 February 2015 - 08:02 PM

i have airvpn now. and i read this thread cause why not forum.. and i went to http://ipleak.net/  and the first box shows the ip i get from airvpn. in the webRTC detection it show both my isp and the airvpn ip..

 

is this simply easy to fix by going to chrome:plugins and add the exception for webRTC ? as stated at the bottom of that page?

 

or changing the dns in ipv4 config?



#25 hugomueller

hugomueller

    Advanced Member

  • Members
  • PipPipPip
  • 130 posts

Posted 03 February 2015 - 10:19 PM

I followed the hints given in this thread but DNS is still leaking.

As far as I understood it I have to change the settings on my local adapter and not the virtual one from openvpn.

dnsleak.PNG

 

Why do I am still leaking my DNS which is set in the router?

 

edit:

I also changed the settings of the openvpn virtual adapter and set the dns server manually but I still see the DNS Server which is in my router on dnsleaktest.

My OS is Win 8.1 x64

 

edit2:

only the "force dns" in Eddie works but not the thing with openvpn and the dns server.

Could anybody see my mistake?



#26 HomerSimpson

HomerSimpson

    Member

  • Members
  • PipPip
  • 15 posts

Posted 07 February 2015 - 01:55 AM

I use fedora linux but still ran into the problem of DNS leaks.

My previous VPN service had these lines in their openvpn configuration files. I added the fedora equivalent commands since it was for ubuntu style.

These work for my system maybe they can help others. I am not an expert and so forth.


# Allow calling of built-in executables and user-defined scripts.
script-security 2
#
# For Ubuntu: 
# Parses DHCP options from openvpn to update resolv.conf
#up /etc/openvpn/update-resolv-conf
#down /etc/openvpn/update-resolv-conf
# For Fedora:
up /usr/share/doc/openvpn/contrib/pull-resolv-conf/client.up
down /usr/share/doc/openvpn/contrib/pull-resolv-conf/client.down


#27 m0nk3n

m0nk3n

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 07 February 2015 - 05:57 PM

the webRTC block app for chrome doesnt work anymore. i tried uninstalling the app and adding it again then refresh the dns detect site but it still shows real ip.



#28 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7796 posts

Posted 07 February 2015 - 08:40 PM

the webRTC block app for chrome doesnt work anymore. i tried uninstalling the app and adding it again then refresh the dns detect site but it still shows real ip.

 

Hello!

 

Confirmed. In reality, it probably never worked, it was only the old testing code that was inadequate to force the leak. As you may have already seen, now ipleak.net web site is able to force a leak with Chrome regardless WebRTC Block extension is active or not. Therefore, without firewall aid (our client Eddie Network Lock for example), we are currently unaware of any method to effectively prevent such leaks with Chrome. If one does not prevent such leaks with Network Lock or anyway methods that are out of Chrome, we think that it is very important NOT to use Chrome when inside the VPN.

 

Kind regards



#29 hugomueller

hugomueller

    Advanced Member

  • Members
  • PipPipPip
  • 130 posts

Posted 08 February 2015 - 10:18 AM

The topic is DNS leak and not webrtc leak.

Would be nice if anyone could anwser my question.



#30 m0nk3n

m0nk3n

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 08 February 2015 - 06:04 PM

use the network lock on the airvpn program.



#31 hugomueller

hugomueller

    Advanced Member

  • Members
  • PipPipPip
  • 130 posts

Posted 08 February 2015 - 09:37 PM

This does not help. I need to activate "force dns" to solve the DNS leak but I still want to know why I can't do this with OpenVPN and my shown config?



#32 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7796 posts

Posted 08 February 2015 - 10:04 PM

I followed the hints given in this thread but DNS is still leaking.

As far as I understood it I have to change the settings on my local adapter and not the virtual one from openvpn.

attachicon.gifdnsleak.PNG

 

Why do I am still leaking my DNS which is set in the router?

 

edit:

I also changed the settings of the openvpn virtual adapter and set the dns server manually but I still see the DNS Server which is in my router on dnsleaktest.

My OS is Win 8.1 x64

 

edit2:

only the "force dns" in Eddie works but not the thing with openvpn and the dns server.

Could anybody see my mistake?

 

Hello!

 

Eddie sets 10.4.0.1 as primary DNS of all the system network interfaces, do you do the same? Compare the status of the computer network interfaces with Eddie "Force DNS" method and with your method. There must be some difference to justify the different behavior. Compare all network cards with command "ipconfig /all" issued from a command prompt.

 

Kind regards



#33 m0nk3n

m0nk3n

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 09 February 2015 - 07:54 PM

I followed the hints given in this thread but DNS is still leaking.

As far as I understood it I have to change the settings on my local adapter and not the virtual one from openvpn.

attachicon.gifdnsleak.PNG

 

Why do I am still leaking my DNS which is set in the router?

 

edit:

I also changed the settings of the openvpn virtual adapter and set the dns server manually but I still see the DNS Server which is in my router on dnsleaktest.

My OS is Win 8.1 x64

 

edit2:

only the "force dns" in Eddie works but not the thing with openvpn and the dns server.

Could anybody see my mistake?

 

try setting the default gateway which is the ip to the router \ modem.



#34 dire

dire

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 14 February 2015 - 09:49 PM

I would like to mention that these are the settings I use regularly. the other day I tested for a dns leak with the static ip set and sure enough I had one... 



#35 guernica

guernica

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 05 March 2015 - 04:09 AM

www.ipleak.net is not showing any leak for me (only VPN server is showing) yet www.dnsleaktest.com is showing my real ISP's DNS servers so seems the leak test on www.ipleak.net is not working properly.

 

All the solutions for users like me (not that knowledgeable and only connects to VPN once in a while) seem to be either complicated or a pain in the butt. Aren't there programs that automate everything that needs to be automated in order to change the DNS when connecting through OpenVPN and change it back to your ISP's (for optimal performance) when it disconnects? Or do I really need to write code and create .bat files to get en effective working solution?



#36 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7796 posts

Posted 05 March 2015 - 11:41 AM

www.ipleak.net is not showing any leak for me (only VPN server is showing) yet www.dnsleaktest.com is showing my real ISP's DNS servers so seems the leak test on www.ipleak.net is not working properly.

 

All the solutions for users like me (not that knowledgeable and only connects to VPN once in a while) seem to be either complicated or a pain in the butt. Aren't there programs that automate everything that needs to be automated in order to change the DNS when connecting through OpenVPN and change it back to your ISP's (for optimal performance) when it disconnects? Or do I really need to write code and create .bat files to get en effective working solution?

 

 

Hello!

 

Assuming that you run Windows, the system with DNS leaks problems due to lack of global DNS concept, please make sure to tick "Force DNS" in our client "AirVPN" -> "Preferences" -> "Advanced" menu.

 

Then, disable IPv6 in your system, when you're connected to the VPN (our service supports only IPv4). Microsoft provides tiny utilities to enable and disable IPv6 with a click:

http://support.microsoft.com/kb/929852

 

IPv6 is perhaps the reason of the difference you observe between ipleak.net and the other web site. Since ipleak.net does not support IPv6, it should be used only for IPv4 tests. EDIT: that does not seem very plausible, could you tell us whether ipleak.net still does not detect all the DNS nameservers IP addresses or if it works correctly now?

 

Kind regards



#37 guernica

guernica

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 06 March 2015 - 01:54 AM

I was using OpenVPN directly when doing those tests. I installed dnsleak fix and that seemed to work (both sites mentioned above were no longer showing any leaks. However, something even weirder started to happen as I would connect to a server, do a test showing everything was ok, then come back a few minutes later to realise my real IP (not just the DNS) was now showing while the OpenVPN client was telling me I was still connected to the network.

 

I tried the Eddie client and the same thing happened (I checked the "switch DHCP to static" option to prevent DHCP reassignment) and also checked "force DNS". Again, everything works fine for the first rounds of tests and then all of a sudden the connection stops working all together and I can no longer browse the Internet except to the ookla speedtest page which now shows my real IP connection (while the client tells me I'm still connected).

 

I have to do more tests because so far, for some reason, my Windows 8 setup and/or firewall are not playing well with the VPN.

 

I'm assuming the"force DNS" option is important to avoid DNS leaks but if I don't choose "Switch DHCP to static", does it run the risk of being reset if/when a new DHCP IP is changed?



#38 guernica

guernica

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 06 March 2015 - 04:12 AM

OK I found my problem. There was an other program requesting access to the tap adapter sporadically and screwing with the VPN connection (and leaking my real IP in the process yikes). It would change the IP address of the tap adapter to 10.127.127.1 as a result.

 

It would be nice if there was a way for the AirVPN client to prevent config modifications to the tap driver while in use (don't know if that's possible) as this seems to be a security flaw.

 

So far everything looks good. I've set the "force DNS" option to on. Not sure if I should switch to static IP or not. But it works.



#39 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7796 posts

Posted 06 March 2015 - 11:44 AM

Hello,

 

you could have prevented the leak by enabling "Network Lock". About preventing modifications to the tap driver, it is not our competence to protect your system against malware. A software injecting code into a system driver without your knowledge falls into the category of malware.

 

However, you probably meant manipulation of the tun/tap interface properties. In order to do so, the program must be authorized by you to have administrator privileges... we'll hear our Windows experts to know if some protection against programs running with administrator privileges is possible or not.

 

Kind regards



#40 guernica

guernica

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 06 March 2015 - 04:50 PM

Yes don't know why I wrote tap driver, I meant tap adapter properties indeed. Just a way to "lock" its properties while in use by the client would be nice, as there can be many programs potentially requesting access for whatever reason and trying to overwrite whatever values were set by the client. And as I experienced first hand, this can really compromise the effectiveness of the VPN when that happens.

 

In any event, I like your client better than using the OpenVPN client for the additional security options so I'll stick with it.







Similar Topics Collapse


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Servers online. Online Sessions: 15228 - BW: 50338 Mbit/sYour IP: 54.197.24.206Guest Access.