[SOLVED]How to fix dns leaks?

Questions about Wi-Fi and other network devices, file sharing, firewalls, connection sharing etc
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Mintuser998

[SOLVED]How to fix dns leaks?

Post by Mintuser998 »

When I first boot Mint and start Firefox, there are no leaks. But after a minute or so, I have many. I don't know how or why. If it applies, though probably not, I use Firejail and several security add-ons that seem not to change it either way. Also I use IPVanish.
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 4 times in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
User avatar
catweazel
Level 19
Level 19
Posts: 9763
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: How to fix dns leaks?

Post by catweazel »

Mintuser998 wrote: Sat Jun 02, 2018 6:32 pm When I first boot Mint and start Firefox, there are no leaks. But after a minute or so, I have many. I don't know how or why. If it applies, though probably not, I use Firejail and several security add-ons that seem not to change it either way. Also I use IPVanish.
Edit the VPN config prior to importing it. Include this line:

block-outside-dns
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.
User avatar
trytip
Level 14
Level 14
Posts: 5371
Joined: Tue Jul 05, 2016 1:20 pm

Re: How to fix dns leaks?

Post by trytip »

how do you set DNS and which one you want to use ? https://dnsleaktest.com/
Image
Mintuser998

Re: How to fix dns leaks?

Post by Mintuser998 »

So I just add it at the end in the text editor for the ovpn file? It's strange they don't include it by default. Do you know of any other modifications I should make off the top of your head? Here is what is there now:

client
dev tun
proto udp
remote nyc-a26.ipvanish.com 443
resolv-retry infinite
nobind
persist-key
persist-tun
persist-remote-ip
ca ca.ipvanish.com.crt
verify-x509-name nyc-a26.ipvanish.com name
auth-user-pass
comp-lzo
verb 3
auth SHA256
cipher AES-256-CBC
keysize 256
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA
block-outside-dns
User avatar
catweazel
Level 19
Level 19
Posts: 9763
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: How to fix dns leaks?

Post by catweazel »

Mintuser998 wrote: Sat Jun 02, 2018 7:30 pm So I just add it at the end in the text editor for the ovpn file? It's strange they don't include it by default. Do you know of any other modifications I should make off the top of your head? Here is what is there now:
Yes, that's correct. You might also find out what the IPs are of your VPN provider's DNS servers are and set your router to use those instead of the ones provided by your ISP.
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.
phd21
Level 20
Level 20
Posts: 10103
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: How to fix dns leaks?

Post by phd21 »

Hi Mintuser998,

There seems to be a lot of confusion over this topic as to whether it is an operating system issue (MS Windows, Mac, or Linux), or whether it is a VPN provider's configurations or a combination of both.

If you have not updated the openVPN VPN software using their repository, I would highly recommend doing so, see link below for relatively simple instructions.

Is it possible to install the latest openvpn without breaking everything[SOLVED]
viewtopic.php?f=157&t=242583&hilit=openvpn


1.) I always tell people regardless whether you use a VPN network server connection or not to immediately change your local ISP's default DNS server IP addresses to those from secure and anonymous ones from a reliable DNS provider for many good reasons, restart afterward. After doing this, even if your VPN server connection leaks, it would be leaking the secure and anonymous DNS provider's information not yours. "Cloudflare" is a new DNS provider that is supposed to be fast and very secure; I have been using this recently and it works very well. I have always like "dns.watch" as well.

How to change your Local ISP's default DNS server IP addresses from the Linux Mint/Cinnamon desktop – OpenDNS
https://support.opendns.com/hc/en-us/ar ... t-Cinnamon

Setup Guide | OpenDNS
https://www.opendns.com/setupguide/

Best free and public DNS servers of 2018 - TechRadar
https://www.techradar.com/news/best-dns-server

How to activate OpenVPN? - Linux Mint Forums
- Video link shows how to change DNS servers and add VPN connections.
viewtopic.php?f=47&t=268943&hilit=dns+leaks

2.) DNS Leaks: Some solutions to resolving DNS leaks from VPN connections are related to MS Windows not Linux. I just came across this article today, see #2.b

2.a.) The lines below added to each openVPN server configuration file, "somewhere.ovpn". Some VPN providers configuration files already have these lines in them.

block-outside-dns
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
# some recommend the line below as well
down-pre


2.b.) OpenVPN block-outside-dns · [self writeBlog];
https://iflorian.com/openvpn-block-outside-ds/
If you get an error with "block-outside-dns", edit the somwhere.ovpn file to add the line below
pull-filter ignore "block-outside-dns"


2.c.) masterkorp/openvpn-update-resolv-conf: Script that updates DNS settings are pushed by the OpenVPN server
https://github.com/masterkorp/openvpn-u ... esolv-conf

2.d.) OpenVPN with NordVPN has DNS leak - Linux Mint Forums
viewtopic.php?f=90&t=260970&p=1410738&s ... 4#p1410738


Fix DNS leaks in Linux? : VPN
https://www.reddit.com/r/VPN/comments/5 ... m-comments

Hope this helps ...
Last edited by phd21 on Sat Jun 09, 2018 10:17 pm, edited 8 times in total.
Phd21: Mint 20 Cinnamon & xKDE (Mint Xfce + Kubuntu KDE) & KDE Neon 64-bit (new based on Ubuntu 20.04) Awesome OS's, Dell Inspiron I5 7000 (7573) 2 in 1 touch screen, Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram, Intel 4 Graphics.
Mintuser998

Re: How to fix dns leaks?

Post by Mintuser998 »

The first test, it showed no leaks. The second test it showed many. I have 18.3 Linux Mint, and I've already updated OpenVPN. I did not see any error with block-outside-dns .
Here is what I have now:
client
dev tun
proto udp
remote nyc-a26.ipvanish.com 443
resolv-retry infinite
nobind
persist-key
persist-tun
persist-remote-ip
ca ca.ipvanish.com.crt
verify-x509-name nyc-a26.ipvanish.com name
auth-user-pass
comp-lzo
verb 3
auth SHA256
cipher AES-256-CBC
keysize 256
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA
block-outside-dns
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
Mintuser998

Re: How to fix dns leaks?

Post by Mintuser998 »

Also how do you change the dns on mint? I tried on my router and it did not accept only four numbers. I just tried the new config, dns leaks the first try.
phd21
Level 20
Level 20
Posts: 10103
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: How to fix dns leaks?

Post by phd21 »

Hi Mintuser998,

The links I provided from openDNS and the video link both have instructions on this, easy to do from desktops.

I would need to see a screenshot or picture of the router's menu for entering DNS on your router.

Hope this helps ...
.
Router_DNS_Entry.jpg
.
Router_DNS_Entry_Advanced.jpg
Phd21: Mint 20 Cinnamon & xKDE (Mint Xfce + Kubuntu KDE) & KDE Neon 64-bit (new based on Ubuntu 20.04) Awesome OS's, Dell Inspiron I5 7000 (7573) 2 in 1 touch screen, Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram, Intel 4 Graphics.
Mintuser998

Re: How to fix dns leaks?

Post by Mintuser998 »

Image
phd21
Level 20
Level 20
Posts: 10103
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: How to fix dns leaks?

Post by phd21 »

HI Mintuser998,

Ok, from your screenshot, it looks pretty easy to add DNS entries to your router.

Under the heading Domain Name Server DNS addresses, click "Use these DNS servers", enter in the IPv4 server IP addresses from whatever DNS provider you want. You have to enter in number period or number tab or number then click into each field. Click Apply at the top to save the changes. Then, restart computers or any other devices that connect to the internet using this router for the new DNS server IP addresses to take effect.

Hope this helps ...
Phd21: Mint 20 Cinnamon & xKDE (Mint Xfce + Kubuntu KDE) & KDE Neon 64-bit (new based on Ubuntu 20.04) Awesome OS's, Dell Inspiron I5 7000 (7573) 2 in 1 touch screen, Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram, Intel 4 Graphics.
Mintuser998

Re: How to fix dns leaks?

Post by Mintuser998 »

I tried to use Cloudflare's 1.1.1.1 and 1.0.0.1, but the router doesn't accept it. That is the issue. I now only have Cloudflare in the dns test. One or two of Cloudflare each time. Here is what I've done. I did not want to resize the pictures. Though if you for some reason won't click on the viewer links I will. I did the same for wireless as wired.The last one is a dns leak test. I'm not sure if having Cloudflare instead of IPVanish pop up is good or not. For some reason the lock on the network applet is gone when I use the vpn.
https://ibb.co/k49dtJ
https://ibb.co/mqf7nd
https://ibb.co/nkDSnd
https://ibb.co/cj9dtJ
https://ibb.co/gQMK0y
Mintuser998

Re: How to fix dns leaks?

Post by Mintuser998 »

The lock on the network applet is back for some reason.
phd21
Level 20
Level 20
Posts: 10103
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: How to fix dns leaks?

Post by phd21 »

HI Mintuser998,

Re router: Are you using the numbers on the top of your keyboard or the number pad, use the numbers on top of the keyboard? Click on the first DNS field (xxx.) enter 1, click into the next field enter in 1, and so on, then click apply.

For computer DNS entries, you only need to change your local ISP network connection, so if you are using a wired connection change that, if you are using a wireless connection then change that.

You do not need to change the VPN server connections for DNS entries, reverse that, change the IPv4 and IPv6 tabs to automatic, and apply.

FYI: When using remote images from an image host, during your post or reply, click the "rimg" button then paste the image link URL, and the images will appear in the forum without having to click them.

Should look like below when creating a post or reply until you click submit.

Code: Select all

[rimg]https://ibb.co/k49dtJ[/rimg]
As with any VPN provider's servers, one or more might not be working well (congested) or at all, so if you have any problems, try another one. The one image showed a VPN server in NY (a26), if you are having issues with it, add (import) another VPN server location and try it. I see 51 "ipvanish" VPN provider servers available in New York alone, but you can try a different New York server, or a different city or state or country. Given the choice, I would recommend using a VPN server that is not located where you actually are. If you find a bad VPN server location, delete it from your Network Manager connections.


Hope this helps ...
.
Phd21: Mint 20 Cinnamon & xKDE (Mint Xfce + Kubuntu KDE) & KDE Neon 64-bit (new based on Ubuntu 20.04) Awesome OS's, Dell Inspiron I5 7000 (7573) 2 in 1 touch screen, Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram, Intel 4 Graphics.
Mintuser998

Re: How to fix dns leaks?

Post by Mintuser998 »

Not sure why, but the router thing worked. It was probably because I was using spaces to get into the next box before. Also I'm not sure what you mean by local ISP network connection. I unfortunately do not know what that is.
phd21
Level 20
Level 20
Posts: 10103
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: How to fix dns leaks?

Post by phd21 »

Hi Mintuser998,

Glad to hear that your "Router" thing worked this time.

Whenever anyone connects to the Internet, you are using a wired (Ethernet) or wireless (WiFi) adapter that connects to your Internet Service Provider (ISP) whether that is paid for or free. That is the local ISP network connection that must be changed from the desktop for changing DNS server IP addresses. Clicking the Network Manager should show you this. The various versions of Linux Mint display network connections differently, it may show a DOT or Checkmark for Active Connections, or in my KDE it is always the first connection listed under Active Connections. In KDE I can right-click the Network Manager icon and select "Configure Network Connections", or I can click the NM icon and then the settings icon in the upper right, to get to the Connection Editor or to Edit Connections, then you click the connection you want to edit and click edit, or double-click it.

Hope this helps ...
.
KDE_NetworkManager_Connections1.jpg
.
KDE_NetworkManager_Edit_Connections1.jpg
Last edited by phd21 on Sun Jun 03, 2018 4:26 pm, edited 1 time in total.
Phd21: Mint 20 Cinnamon & xKDE (Mint Xfce + Kubuntu KDE) & KDE Neon 64-bit (new based on Ubuntu 20.04) Awesome OS's, Dell Inspiron I5 7000 (7573) 2 in 1 touch screen, Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram, Intel 4 Graphics.
Mintuser998

Re: How to fix dns leaks?

Post by Mintuser998 »

Okay then. Is it an issue that two of the three ips I have are in Ashburn instead of New York? I'm in NC, I am using a different location.
phd21
Level 20
Level 20
Posts: 10103
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: How to fix dns leaks?

Post by phd21 »

Hi Mintuser998,
Mintuser998 wrote:Okay then. Is it an issue that two of the three ips I have are in Ashburn instead of New York? I'm in NC, I am using a different location.
I do not understand what you are asking now. I would need to see screenshots of your Network Manager, and then the Connection's Editor screen; similar to what I just showed in my last reply.

Are you saying that you have 2-3 different local Internet Service Providers (ISP) in N.C. that you may connect to the Internet with? If so, then you would want to change all of them to use the new secure DNS server IP addresses. I also noticed that if you use more than one WiFi adapter that there will be more than one network connection entry for each one and all of those would need to be changed as well. This only needs to be done one time (usually). Now, if you travel a lot and connect to different WiFi hotspots at hotels/motels, airports, resturants, city WiFi, etc... then you should still change the DNS server IP addresses for those connections and restart afterward; having a portable mini travel router helps a lot in this travel scenario.

You can have as many VPN server locations and connections as you want, just add them (import them), and you do not have to change their DNS entries.

Since you are located in N.C. I would recommend adding and using VPN servers somewhere else.

Hope this helps ...
Phd21: Mint 20 Cinnamon & xKDE (Mint Xfce + Kubuntu KDE) & KDE Neon 64-bit (new based on Ubuntu 20.04) Awesome OS's, Dell Inspiron I5 7000 (7573) 2 in 1 touch screen, Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram, Intel 4 Graphics.
Mintuser998

Re: How to fix dns leaks?

Post by Mintuser998 »

I meant this. The first is in Brooklyn NY the other two are in Ashburn VA.
Image
Mintuser998

Re: How to fix dns leaks?

Post by Mintuser998 »

Also at one point something said my IP was from California.
Locked

Return to “Networking”