[SOLVED]How to fix dns leaks?

Connection sharing, Firewall, Samba..etc
Forum rules
Before you post please read how to get help
User avatar
Mintuser998
Level 1
Level 1
Posts: 38
Joined: Thu May 31, 2018 1:57 pm

[SOLVED]How to fix dns leaks?

Post by Mintuser998 » Sat Jun 02, 2018 6:32 pm

When I first boot Mint and start Firefox, there are no leaks. But after a minute or so, I have many. I don't know how or why. If it applies, though probably not, I use Firejail and several security add-ons that seem not to change it either way. Also I use IPVanish.
Last edited by Mintuser998 on Tue Jul 03, 2018 3:01 pm, edited 3 times in total.
Funny signature here:

User avatar
catweazel
Level 17
Level 17
Posts: 7068
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: How to fix dns leaks?

Post by catweazel » Sat Jun 02, 2018 7:02 pm

Mintuser998 wrote:
Sat Jun 02, 2018 6:32 pm
When I first boot Mint and start Firefox, there are no leaks. But after a minute or so, I have many. I don't know how or why. If it applies, though probably not, I use Firejail and several security add-ons that seem not to change it either way. Also I use IPVanish.
Edit the VPN config prior to importing it. Include this line:

block-outside-dns
Caution: Dancing Wu Li Master and Official curmudgeon-in-chief

User avatar
trytip
Level 8
Level 8
Posts: 2055
Joined: Tue Jul 05, 2016 1:20 pm

Re: How to fix dns leaks?

Post by trytip » Sat Jun 02, 2018 7:06 pm

how do you set DNS and which one you want to use ? https://dnsleaktest.com/
Image

User avatar
Mintuser998
Level 1
Level 1
Posts: 38
Joined: Thu May 31, 2018 1:57 pm

Re: How to fix dns leaks?

Post by Mintuser998 » Sat Jun 02, 2018 7:30 pm

So I just add it at the end in the text editor for the ovpn file? It's strange they don't include it by default. Do you know of any other modifications I should make off the top of your head? Here is what is there now:

client
dev tun
proto udp
remote nyc-a26.ipvanish.com 443
resolv-retry infinite
nobind
persist-key
persist-tun
persist-remote-ip
ca ca.ipvanish.com.crt
verify-x509-name nyc-a26.ipvanish.com name
auth-user-pass
comp-lzo
verb 3
auth SHA256
cipher AES-256-CBC
keysize 256
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA
block-outside-dns
Funny signature here:

User avatar
catweazel
Level 17
Level 17
Posts: 7068
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: How to fix dns leaks?

Post by catweazel » Sat Jun 02, 2018 7:34 pm

Mintuser998 wrote:
Sat Jun 02, 2018 7:30 pm
So I just add it at the end in the text editor for the ovpn file? It's strange they don't include it by default. Do you know of any other modifications I should make off the top of your head? Here is what is there now:
Yes, that's correct. You might also find out what the IPs are of your VPN provider's DNS servers are and set your router to use those instead of the ones provided by your ISP.
Caution: Dancing Wu Li Master and Official curmudgeon-in-chief

User avatar
phd21
Level 16
Level 16
Posts: 6767
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: How to fix dns leaks?

Post by phd21 » Sat Jun 02, 2018 7:48 pm

Hi Mintuser998,

There seems to be a lot of confusion over this topic as to whether it is an operating system issue (MS Windows, Mac, or Linux), or whether it is a VPN provider's configurations or a combination of both.

If you have not updated the openVPN VPN software using their repository, I would highly recommend doing so, see link below for relatively simple instructions.

Is it possible to install the latest openvpn without breaking everything[SOLVED]
viewtopic.php?f=157&t=242583&hilit=openvpn


1.) I always tell people regardless whether you use a VPN network server connection or not to immediately change your local ISP's default DNS server IP addresses to those from secure and anonymous ones from a reliable DNS provider for many good reasons, restart afterward. After doing this, even if your VPN server connection leaks, it would be leaking the secure and anonymous DNS provider's information not yours. "Cloudflare" is a new DNS provider that is supposed to be fast and very secure; I have been using this recently and it works very well. I have always like "dns.watch" as well.

How to change your Local ISP's default DNS server IP addresses from the Linux Mint/Cinnamon desktop – OpenDNS
https://support.opendns.com/hc/en-us/ar ... t-Cinnamon

Setup Guide | OpenDNS
https://www.opendns.com/setupguide/

Best free and public DNS servers of 2018 - TechRadar
https://www.techradar.com/news/best-dns-server

How to activate OpenVPN? - Linux Mint Forums
- Video link shows how to change DNS servers and add VPN connections.
viewtopic.php?f=47&t=268943&hilit=dns+leaks

2.) DNS Leaks: Some solutions to resolving DNS leaks from VPN connections are related to MS Windows not Linux. I just came across this article today, see #2.b

2.a.) The lines below added to each openVPN server configuration file, "somewhere.ovpn". Some VPN providers configuration files already have these lines in them.

block-outside-dns
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
# some recommend the line below as well
down-pre


2.b.) OpenVPN block-outside-dns · [self writeBlog];
https://iflorian.com/openvpn-block-outside-ds/
If you get an error with "block-outside-dns", edit the somwhere.ovpn file to add the line below
pull-filter ignore "block-outside-dns"


2.c.) masterkorp/openvpn-update-resolv-conf: Script that updates DNS settings are pushed by the OpenVPN server
https://github.com/masterkorp/openvpn-u ... esolv-conf

2.d.) OpenVPN with NordVPN has DNS leak - Linux Mint Forums
viewtopic.php?f=90&t=260970&p=1410738&s ... 4#p1410738


Fix DNS leaks in Linux? : VPN
https://www.reddit.com/r/VPN/comments/5 ... m-comments

Hope this helps ...
Last edited by phd21 on Sat Jun 09, 2018 10:17 pm, edited 8 times in total.
Phd21: Mint KDE 17.3 & 18.3, 64-bit Awesome OS, Ancient Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram,256gb SDD, Video: Intel 4 Graphics, DVD Lightscribe. Why I use KDE?:https://opensource.com/life/15/4/9-reasons-to-use-kde

User avatar
Mintuser998
Level 1
Level 1
Posts: 38
Joined: Thu May 31, 2018 1:57 pm

Re: How to fix dns leaks?

Post by Mintuser998 » Sat Jun 02, 2018 7:56 pm

The first test, it showed no leaks. The second test it showed many. I have 18.3 Linux Mint, and I've already updated OpenVPN. I did not see any error with block-outside-dns .
Here is what I have now:
client
dev tun
proto udp
remote nyc-a26.ipvanish.com 443
resolv-retry infinite
nobind
persist-key
persist-tun
persist-remote-ip
ca ca.ipvanish.com.crt
verify-x509-name nyc-a26.ipvanish.com name
auth-user-pass
comp-lzo
verb 3
auth SHA256
cipher AES-256-CBC
keysize 256
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA
block-outside-dns
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
Funny signature here:

User avatar
Mintuser998
Level 1
Level 1
Posts: 38
Joined: Thu May 31, 2018 1:57 pm

Re: How to fix dns leaks?

Post by Mintuser998 » Sat Jun 02, 2018 7:57 pm

Also how do you change the dns on mint? I tried on my router and it did not accept only four numbers. I just tried the new config, dns leaks the first try.
Funny signature here:

User avatar
phd21
Level 16
Level 16
Posts: 6767
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: How to fix dns leaks?

Post by phd21 » Sat Jun 02, 2018 8:01 pm

Hi Mintuser998,

The links I provided from openDNS and the video link both have instructions on this, easy to do from desktops.

I would need to see a screenshot or picture of the router's menu for entering DNS on your router.

Hope this helps ...
.
Router_DNS_Entry.jpg
Sample Router DNS entry
.
Router_DNS_Entry_Advanced.jpg
Sample Router Advanced Settings
Phd21: Mint KDE 17.3 & 18.3, 64-bit Awesome OS, Ancient Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram,256gb SDD, Video: Intel 4 Graphics, DVD Lightscribe. Why I use KDE?:https://opensource.com/life/15/4/9-reasons-to-use-kde

User avatar
Mintuser998
Level 1
Level 1
Posts: 38
Joined: Thu May 31, 2018 1:57 pm

Re: How to fix dns leaks?

Post by Mintuser998 » Sun Jun 03, 2018 1:17 pm

Image
Funny signature here:

User avatar
phd21
Level 16
Level 16
Posts: 6767
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: How to fix dns leaks?

Post by phd21 » Sun Jun 03, 2018 1:34 pm

HI Mintuser998,

Ok, from your screenshot, it looks pretty easy to add DNS entries to your router.

Under the heading Domain Name Server DNS addresses, click "Use these DNS servers", enter in the IPv4 server IP addresses from whatever DNS provider you want. You have to enter in number period or number tab or number then click into each field. Click Apply at the top to save the changes. Then, restart computers or any other devices that connect to the internet using this router for the new DNS server IP addresses to take effect.

Hope this helps ...
Phd21: Mint KDE 17.3 & 18.3, 64-bit Awesome OS, Ancient Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram,256gb SDD, Video: Intel 4 Graphics, DVD Lightscribe. Why I use KDE?:https://opensource.com/life/15/4/9-reasons-to-use-kde

User avatar
Mintuser998
Level 1
Level 1
Posts: 38
Joined: Thu May 31, 2018 1:57 pm

Re: How to fix dns leaks?

Post by Mintuser998 » Sun Jun 03, 2018 1:59 pm

I tried to use Cloudflare's 1.1.1.1 and 1.0.0.1, but the router doesn't accept it. That is the issue. I now only have Cloudflare in the dns test. One or two of Cloudflare each time. Here is what I've done. I did not want to resize the pictures. Though if you for some reason won't click on the viewer links I will. I did the same for wireless as wired.The last one is a dns leak test. I'm not sure if having Cloudflare instead of IPVanish pop up is good or not. For some reason the lock on the network applet is gone when I use the vpn.
https://ibb.co/k49dtJ
https://ibb.co/mqf7nd
https://ibb.co/nkDSnd
https://ibb.co/cj9dtJ
https://ibb.co/gQMK0y
Funny signature here:

User avatar
Mintuser998
Level 1
Level 1
Posts: 38
Joined: Thu May 31, 2018 1:57 pm

Re: How to fix dns leaks?

Post by Mintuser998 » Sun Jun 03, 2018 2:08 pm

The lock on the network applet is back for some reason.
Funny signature here:

User avatar
phd21
Level 16
Level 16
Posts: 6767
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: How to fix dns leaks?

Post by phd21 » Sun Jun 03, 2018 2:09 pm

HI Mintuser998,

Re router: Are you using the numbers on the top of your keyboard or the number pad, use the numbers on top of the keyboard? Click on the first DNS field (xxx.) enter 1, click into the next field enter in 1, and so on, then click apply.

For computer DNS entries, you only need to change your local ISP network connection, so if you are using a wired connection change that, if you are using a wireless connection then change that.

You do not need to change the VPN server connections for DNS entries, reverse that, change the IPv4 and IPv6 tabs to automatic, and apply.

FYI: When using remote images from an image host, during your post or reply, click the "rimg" button then paste the image link URL, and the images will appear in the forum without having to click them.

Should look like below when creating a post or reply until you click submit.

Code: Select all

[rimg]https://ibb.co/k49dtJ[/rimg]
As with any VPN provider's servers, one or more might not be working well (congested) or at all, so if you have any problems, try another one. The one image showed a VPN server in NY (a26), if you are having issues with it, add (import) another VPN server location and try it. I see 51 "ipvanish" VPN provider servers available in New York alone, but you can try a different New York server, or a different city or state or country. Given the choice, I would recommend using a VPN server that is not located where you actually are. If you find a bad VPN server location, delete it from your Network Manager connections.


Hope this helps ...
.
Attachments
VPN_Sample_OpenVPN_Connections1.jpg
Phd21: Mint KDE 17.3 & 18.3, 64-bit Awesome OS, Ancient Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram,256gb SDD, Video: Intel 4 Graphics, DVD Lightscribe. Why I use KDE?:https://opensource.com/life/15/4/9-reasons-to-use-kde

User avatar
Mintuser998
Level 1
Level 1
Posts: 38
Joined: Thu May 31, 2018 1:57 pm

Re: How to fix dns leaks?

Post by Mintuser998 » Sun Jun 03, 2018 3:22 pm

Not sure why, but the router thing worked. It was probably because I was using spaces to get into the next box before. Also I'm not sure what you mean by local ISP network connection. I unfortunately do not know what that is.
Funny signature here:

User avatar
phd21
Level 16
Level 16
Posts: 6767
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: How to fix dns leaks?

Post by phd21 » Sun Jun 03, 2018 4:13 pm

Hi Mintuser998,

Glad to hear that your "Router" thing worked this time.

Whenever anyone connects to the Internet, you are using a wired (Ethernet) or wireless (WiFi) adapter that connects to your Internet Service Provider (ISP) whether that is paid for or free. That is the local ISP network connection that must be changed from the desktop for changing DNS server IP addresses. Clicking the Network Manager should show you this. The various versions of Linux Mint display network connections differently, it may show a DOT or Checkmark for Active Connections, or in my KDE it is always the first connection listed under Active Connections. In KDE I can right-click the Network Manager icon and select "Configure Network Connections", or I can click the NM icon and then the settings icon in the upper right, to get to the Connection Editor or to Edit Connections, then you click the connection you want to edit and click edit, or double-click it.

Hope this helps ...
.
KDE_NetworkManager_Connections1.jpg
KDE 18.3 Network Manager Connections
.
KDE_NetworkManager_Edit_Connections1.jpg
KDE 18.3 Network Manager Edit Connections
Last edited by phd21 on Sun Jun 03, 2018 4:26 pm, edited 1 time in total.
Phd21: Mint KDE 17.3 & 18.3, 64-bit Awesome OS, Ancient Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram,256gb SDD, Video: Intel 4 Graphics, DVD Lightscribe. Why I use KDE?:https://opensource.com/life/15/4/9-reasons-to-use-kde

User avatar
Mintuser998
Level 1
Level 1
Posts: 38
Joined: Thu May 31, 2018 1:57 pm

Re: How to fix dns leaks?

Post by Mintuser998 » Sun Jun 03, 2018 4:24 pm

Okay then. Is it an issue that two of the three ips I have are in Ashburn instead of New York? I'm in NC, I am using a different location.
Funny signature here:

User avatar
phd21
Level 16
Level 16
Posts: 6767
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: How to fix dns leaks?

Post by phd21 » Sun Jun 03, 2018 4:39 pm

Hi Mintuser998,
Mintuser998 wrote:Okay then. Is it an issue that two of the three ips I have are in Ashburn instead of New York? I'm in NC, I am using a different location.
I do not understand what you are asking now. I would need to see screenshots of your Network Manager, and then the Connection's Editor screen; similar to what I just showed in my last reply.

Are you saying that you have 2-3 different local Internet Service Providers (ISP) in N.C. that you may connect to the Internet with? If so, then you would want to change all of them to use the new secure DNS server IP addresses. I also noticed that if you use more than one WiFi adapter that there will be more than one network connection entry for each one and all of those would need to be changed as well. This only needs to be done one time (usually). Now, if you travel a lot and connect to different WiFi hotspots at hotels/motels, airports, resturants, city WiFi, etc... then you should still change the DNS server IP addresses for those connections and restart afterward; having a portable mini travel router helps a lot in this travel scenario.

You can have as many VPN server locations and connections as you want, just add them (import them), and you do not have to change their DNS entries.

Since you are located in N.C. I would recommend adding and using VPN servers somewhere else.

Hope this helps ...
Phd21: Mint KDE 17.3 & 18.3, 64-bit Awesome OS, Ancient Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram,256gb SDD, Video: Intel 4 Graphics, DVD Lightscribe. Why I use KDE?:https://opensource.com/life/15/4/9-reasons-to-use-kde

User avatar
Mintuser998
Level 1
Level 1
Posts: 38
Joined: Thu May 31, 2018 1:57 pm

Re: How to fix dns leaks?

Post by Mintuser998 » Sun Jun 03, 2018 5:04 pm

I meant this. The first is in Brooklyn NY the other two are in Ashburn VA.
Image
Funny signature here:

User avatar
Mintuser998
Level 1
Level 1
Posts: 38
Joined: Thu May 31, 2018 1:57 pm

Re: How to fix dns leaks?

Post by Mintuser998 » Sun Jun 03, 2018 5:09 pm

Also at one point something said my IP was from California.
Funny signature here:

Post Reply

Return to “Other networking topics”