[SOLVED]How to fix dns leaks?
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
[SOLVED]How to fix dns leaks?
When I first boot Mint and start Firefox, there are no leaks. But after a minute or so, I have many. I don't know how or why. If it applies, though probably not, I use Firejail and several security add-ons that seem not to change it either way. Also I use IPVanish.
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 4 times in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
- catweazel
- Level 19
- Posts: 9763
- Joined: Fri Oct 12, 2012 9:44 pm
- Location: Australian Antarctic Territory
Re: How to fix dns leaks?
Edit the VPN config prior to importing it. Include this line:Mintuser998 wrote: ⤴Sat Jun 02, 2018 6:32 pm When I first boot Mint and start Firefox, there are no leaks. But after a minute or so, I have many. I don't know how or why. If it applies, though probably not, I use Firejail and several security add-ons that seem not to change it either way. Also I use IPVanish.
block-outside-dns
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.
Re: How to fix dns leaks?
how do you set DNS and which one you want to use ? https://dnsleaktest.com/
Re: How to fix dns leaks?
So I just add it at the end in the text editor for the ovpn file? It's strange they don't include it by default. Do you know of any other modifications I should make off the top of your head? Here is what is there now:
client
dev tun
proto udp
remote nyc-a26.ipvanish.com 443
resolv-retry infinite
nobind
persist-key
persist-tun
persist-remote-ip
ca ca.ipvanish.com.crt
verify-x509-name nyc-a26.ipvanish.com name
auth-user-pass
comp-lzo
verb 3
auth SHA256
cipher AES-256-CBC
keysize 256
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA
block-outside-dns
client
dev tun
proto udp
remote nyc-a26.ipvanish.com 443
resolv-retry infinite
nobind
persist-key
persist-tun
persist-remote-ip
ca ca.ipvanish.com.crt
verify-x509-name nyc-a26.ipvanish.com name
auth-user-pass
comp-lzo
verb 3
auth SHA256
cipher AES-256-CBC
keysize 256
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA
block-outside-dns
- catweazel
- Level 19
- Posts: 9763
- Joined: Fri Oct 12, 2012 9:44 pm
- Location: Australian Antarctic Territory
Re: How to fix dns leaks?
Yes, that's correct. You might also find out what the IPs are of your VPN provider's DNS servers are and set your router to use those instead of the ones provided by your ISP.Mintuser998 wrote: ⤴Sat Jun 02, 2018 7:30 pm So I just add it at the end in the text editor for the ovpn file? It's strange they don't include it by default. Do you know of any other modifications I should make off the top of your head? Here is what is there now:
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.
Re: How to fix dns leaks?
Hi Mintuser998,
There seems to be a lot of confusion over this topic as to whether it is an operating system issue (MS Windows, Mac, or Linux), or whether it is a VPN provider's configurations or a combination of both.
If you have not updated the openVPN VPN software using their repository, I would highly recommend doing so, see link below for relatively simple instructions.
Is it possible to install the latest openvpn without breaking everything[SOLVED]
viewtopic.php?f=157&t=242583&hilit=openvpn
1.) I always tell people regardless whether you use a VPN network server connection or not to immediately change your local ISP's default DNS server IP addresses to those from secure and anonymous ones from a reliable DNS provider for many good reasons, restart afterward. After doing this, even if your VPN server connection leaks, it would be leaking the secure and anonymous DNS provider's information not yours. "Cloudflare" is a new DNS provider that is supposed to be fast and very secure; I have been using this recently and it works very well. I have always like "dns.watch" as well.
How to change your Local ISP's default DNS server IP addresses from the Linux Mint/Cinnamon desktop – OpenDNS
https://support.opendns.com/hc/en-us/ar ... t-Cinnamon
Setup Guide | OpenDNS
https://www.opendns.com/setupguide/
Best free and public DNS servers of 2018 - TechRadar
https://www.techradar.com/news/best-dns-server
How to activate OpenVPN? - Linux Mint Forums
- Video link shows how to change DNS servers and add VPN connections.
viewtopic.php?f=47&t=268943&hilit=dns+leaks
2.) DNS Leaks: Some solutions to resolving DNS leaks from VPN connections are related to MS Windows not Linux. I just came across this article today, see #2.b
2.a.) The lines below added to each openVPN server configuration file, "somewhere.ovpn". Some VPN providers configuration files already have these lines in them.
block-outside-dns
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
# some recommend the line below as well
down-pre
2.b.) OpenVPN block-outside-dns · [self writeBlog];
https://iflorian.com/openvpn-block-outside-ds/
If you get an error with "block-outside-dns", edit the somwhere.ovpn file to add the line below
pull-filter ignore "block-outside-dns"
2.c.) masterkorp/openvpn-update-resolv-conf: Script that updates DNS settings are pushed by the OpenVPN server
https://github.com/masterkorp/openvpn-u ... esolv-conf
2.d.) OpenVPN with NordVPN has DNS leak - Linux Mint Forums
viewtopic.php?f=90&t=260970&p=1410738&s ... 4#p1410738
Fix DNS leaks in Linux? : VPN
https://www.reddit.com/r/VPN/comments/5 ... m-comments
Hope this helps ...
There seems to be a lot of confusion over this topic as to whether it is an operating system issue (MS Windows, Mac, or Linux), or whether it is a VPN provider's configurations or a combination of both.
If you have not updated the openVPN VPN software using their repository, I would highly recommend doing so, see link below for relatively simple instructions.
Is it possible to install the latest openvpn without breaking everything[SOLVED]
viewtopic.php?f=157&t=242583&hilit=openvpn
1.) I always tell people regardless whether you use a VPN network server connection or not to immediately change your local ISP's default DNS server IP addresses to those from secure and anonymous ones from a reliable DNS provider for many good reasons, restart afterward. After doing this, even if your VPN server connection leaks, it would be leaking the secure and anonymous DNS provider's information not yours. "Cloudflare" is a new DNS provider that is supposed to be fast and very secure; I have been using this recently and it works very well. I have always like "dns.watch" as well.
How to change your Local ISP's default DNS server IP addresses from the Linux Mint/Cinnamon desktop – OpenDNS
https://support.opendns.com/hc/en-us/ar ... t-Cinnamon
Setup Guide | OpenDNS
https://www.opendns.com/setupguide/
Best free and public DNS servers of 2018 - TechRadar
https://www.techradar.com/news/best-dns-server
How to activate OpenVPN? - Linux Mint Forums
- Video link shows how to change DNS servers and add VPN connections.
viewtopic.php?f=47&t=268943&hilit=dns+leaks
2.) DNS Leaks: Some solutions to resolving DNS leaks from VPN connections are related to MS Windows not Linux. I just came across this article today, see #2.b
2.a.) The lines below added to each openVPN server configuration file, "somewhere.ovpn". Some VPN providers configuration files already have these lines in them.
block-outside-dns
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
# some recommend the line below as well
down-pre
2.b.) OpenVPN block-outside-dns · [self writeBlog];
https://iflorian.com/openvpn-block-outside-ds/
If you get an error with "block-outside-dns", edit the somwhere.ovpn file to add the line below
pull-filter ignore "block-outside-dns"
2.c.) masterkorp/openvpn-update-resolv-conf: Script that updates DNS settings are pushed by the OpenVPN server
https://github.com/masterkorp/openvpn-u ... esolv-conf
2.d.) OpenVPN with NordVPN has DNS leak - Linux Mint Forums
viewtopic.php?f=90&t=260970&p=1410738&s ... 4#p1410738
Fix DNS leaks in Linux? : VPN
https://www.reddit.com/r/VPN/comments/5 ... m-comments
Hope this helps ...
Last edited by phd21 on Sat Jun 09, 2018 10:17 pm, edited 8 times in total.
Phd21: Mint 20 Cinnamon & xKDE (Mint Xfce + Kubuntu KDE) & KDE Neon 64-bit (new based on Ubuntu 20.04) Awesome OS's, Dell Inspiron I5 7000 (7573) 2 in 1 touch screen, Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram, Intel 4 Graphics.
Re: How to fix dns leaks?
The first test, it showed no leaks. The second test it showed many. I have 18.3 Linux Mint, and I've already updated OpenVPN. I did not see any error with block-outside-dns .
Here is what I have now:
client
dev tun
proto udp
remote nyc-a26.ipvanish.com 443
resolv-retry infinite
nobind
persist-key
persist-tun
persist-remote-ip
ca ca.ipvanish.com.crt
verify-x509-name nyc-a26.ipvanish.com name
auth-user-pass
comp-lzo
verb 3
auth SHA256
cipher AES-256-CBC
keysize 256
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA
block-outside-dns
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
Here is what I have now:
client
dev tun
proto udp
remote nyc-a26.ipvanish.com 443
resolv-retry infinite
nobind
persist-key
persist-tun
persist-remote-ip
ca ca.ipvanish.com.crt
verify-x509-name nyc-a26.ipvanish.com name
auth-user-pass
comp-lzo
verb 3
auth SHA256
cipher AES-256-CBC
keysize 256
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA
block-outside-dns
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
Re: How to fix dns leaks?
Also how do you change the dns on mint? I tried on my router and it did not accept only four numbers. I just tried the new config, dns leaks the first try.
Re: How to fix dns leaks?
Hi Mintuser998,
The links I provided from openDNS and the video link both have instructions on this, easy to do from desktops.
I would need to see a screenshot or picture of the router's menu for entering DNS on your router.
Hope this helps ...
. .
The links I provided from openDNS and the video link both have instructions on this, easy to do from desktops.
I would need to see a screenshot or picture of the router's menu for entering DNS on your router.
Hope this helps ...
. .
Phd21: Mint 20 Cinnamon & xKDE (Mint Xfce + Kubuntu KDE) & KDE Neon 64-bit (new based on Ubuntu 20.04) Awesome OS's, Dell Inspiron I5 7000 (7573) 2 in 1 touch screen, Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram, Intel 4 Graphics.
Re: How to fix dns leaks?
HI Mintuser998,
Ok, from your screenshot, it looks pretty easy to add DNS entries to your router.
Under the heading Domain Name Server DNS addresses, click "Use these DNS servers", enter in the IPv4 server IP addresses from whatever DNS provider you want. You have to enter in number period or number tab or number then click into each field. Click Apply at the top to save the changes. Then, restart computers or any other devices that connect to the internet using this router for the new DNS server IP addresses to take effect.
Hope this helps ...
Ok, from your screenshot, it looks pretty easy to add DNS entries to your router.
Under the heading Domain Name Server DNS addresses, click "Use these DNS servers", enter in the IPv4 server IP addresses from whatever DNS provider you want. You have to enter in number period or number tab or number then click into each field. Click Apply at the top to save the changes. Then, restart computers or any other devices that connect to the internet using this router for the new DNS server IP addresses to take effect.
Hope this helps ...
Phd21: Mint 20 Cinnamon & xKDE (Mint Xfce + Kubuntu KDE) & KDE Neon 64-bit (new based on Ubuntu 20.04) Awesome OS's, Dell Inspiron I5 7000 (7573) 2 in 1 touch screen, Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram, Intel 4 Graphics.
Re: How to fix dns leaks?
I tried to use Cloudflare's 1.1.1.1 and 1.0.0.1, but the router doesn't accept it. That is the issue. I now only have Cloudflare in the dns test. One or two of Cloudflare each time. Here is what I've done. I did not want to resize the pictures. Though if you for some reason won't click on the viewer links I will. I did the same for wireless as wired.The last one is a dns leak test. I'm not sure if having Cloudflare instead of IPVanish pop up is good or not. For some reason the lock on the network applet is gone when I use the vpn.
https://ibb.co/k49dtJ
https://ibb.co/mqf7nd
https://ibb.co/nkDSnd
https://ibb.co/cj9dtJ
https://ibb.co/gQMK0y
https://ibb.co/k49dtJ
https://ibb.co/mqf7nd
https://ibb.co/nkDSnd
https://ibb.co/cj9dtJ
https://ibb.co/gQMK0y
Re: How to fix dns leaks?
HI Mintuser998,
Re router: Are you using the numbers on the top of your keyboard or the number pad, use the numbers on top of the keyboard? Click on the first DNS field (xxx.) enter 1, click into the next field enter in 1, and so on, then click apply.
For computer DNS entries, you only need to change your local ISP network connection, so if you are using a wired connection change that, if you are using a wireless connection then change that.
You do not need to change the VPN server connections for DNS entries, reverse that, change the IPv4 and IPv6 tabs to automatic, and apply.
FYI: When using remote images from an image host, during your post or reply, click the "rimg" button then paste the image link URL, and the images will appear in the forum without having to click them.
Should look like below when creating a post or reply until you click submit.
As with any VPN provider's servers, one or more might not be working well (congested) or at all, so if you have any problems, try another one. The one image showed a VPN server in NY (a26), if you are having issues with it, add (import) another VPN server location and try it. I see 51 "ipvanish" VPN provider servers available in New York alone, but you can try a different New York server, or a different city or state or country. Given the choice, I would recommend using a VPN server that is not located where you actually are. If you find a bad VPN server location, delete it from your Network Manager connections.
Hope this helps ...
.
Re router: Are you using the numbers on the top of your keyboard or the number pad, use the numbers on top of the keyboard? Click on the first DNS field (xxx.) enter 1, click into the next field enter in 1, and so on, then click apply.
For computer DNS entries, you only need to change your local ISP network connection, so if you are using a wired connection change that, if you are using a wireless connection then change that.
You do not need to change the VPN server connections for DNS entries, reverse that, change the IPv4 and IPv6 tabs to automatic, and apply.
FYI: When using remote images from an image host, during your post or reply, click the "rimg" button then paste the image link URL, and the images will appear in the forum without having to click them.
Should look like below when creating a post or reply until you click submit.
Code: Select all
[rimg]https://ibb.co/k49dtJ[/rimg]
Hope this helps ...
.
Phd21: Mint 20 Cinnamon & xKDE (Mint Xfce + Kubuntu KDE) & KDE Neon 64-bit (new based on Ubuntu 20.04) Awesome OS's, Dell Inspiron I5 7000 (7573) 2 in 1 touch screen, Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram, Intel 4 Graphics.
Re: How to fix dns leaks?
Not sure why, but the router thing worked. It was probably because I was using spaces to get into the next box before. Also I'm not sure what you mean by local ISP network connection. I unfortunately do not know what that is.
Re: How to fix dns leaks?
Hi Mintuser998,
Glad to hear that your "Router" thing worked this time.
Whenever anyone connects to the Internet, you are using a wired (Ethernet) or wireless (WiFi) adapter that connects to your Internet Service Provider (ISP) whether that is paid for or free. That is the local ISP network connection that must be changed from the desktop for changing DNS server IP addresses. Clicking the Network Manager should show you this. The various versions of Linux Mint display network connections differently, it may show a DOT or Checkmark for Active Connections, or in my KDE it is always the first connection listed under Active Connections. In KDE I can right-click the Network Manager icon and select "Configure Network Connections", or I can click the NM icon and then the settings icon in the upper right, to get to the Connection Editor or to Edit Connections, then you click the connection you want to edit and click edit, or double-click it.
Hope this helps ...
. .
Glad to hear that your "Router" thing worked this time.
Whenever anyone connects to the Internet, you are using a wired (Ethernet) or wireless (WiFi) adapter that connects to your Internet Service Provider (ISP) whether that is paid for or free. That is the local ISP network connection that must be changed from the desktop for changing DNS server IP addresses. Clicking the Network Manager should show you this. The various versions of Linux Mint display network connections differently, it may show a DOT or Checkmark for Active Connections, or in my KDE it is always the first connection listed under Active Connections. In KDE I can right-click the Network Manager icon and select "Configure Network Connections", or I can click the NM icon and then the settings icon in the upper right, to get to the Connection Editor or to Edit Connections, then you click the connection you want to edit and click edit, or double-click it.
Hope this helps ...
. .
Last edited by phd21 on Sun Jun 03, 2018 4:26 pm, edited 1 time in total.
Phd21: Mint 20 Cinnamon & xKDE (Mint Xfce + Kubuntu KDE) & KDE Neon 64-bit (new based on Ubuntu 20.04) Awesome OS's, Dell Inspiron I5 7000 (7573) 2 in 1 touch screen, Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram, Intel 4 Graphics.
Re: How to fix dns leaks?
Okay then. Is it an issue that two of the three ips I have are in Ashburn instead of New York? I'm in NC, I am using a different location.
Re: How to fix dns leaks?
Hi Mintuser998,
Are you saying that you have 2-3 different local Internet Service Providers (ISP) in N.C. that you may connect to the Internet with? If so, then you would want to change all of them to use the new secure DNS server IP addresses. I also noticed that if you use more than one WiFi adapter that there will be more than one network connection entry for each one and all of those would need to be changed as well. This only needs to be done one time (usually). Now, if you travel a lot and connect to different WiFi hotspots at hotels/motels, airports, resturants, city WiFi, etc... then you should still change the DNS server IP addresses for those connections and restart afterward; having a portable mini travel router helps a lot in this travel scenario.
You can have as many VPN server locations and connections as you want, just add them (import them), and you do not have to change their DNS entries.
Since you are located in N.C. I would recommend adding and using VPN servers somewhere else.
Hope this helps ...
I do not understand what you are asking now. I would need to see screenshots of your Network Manager, and then the Connection's Editor screen; similar to what I just showed in my last reply.Mintuser998 wrote:Okay then. Is it an issue that two of the three ips I have are in Ashburn instead of New York? I'm in NC, I am using a different location.
Are you saying that you have 2-3 different local Internet Service Providers (ISP) in N.C. that you may connect to the Internet with? If so, then you would want to change all of them to use the new secure DNS server IP addresses. I also noticed that if you use more than one WiFi adapter that there will be more than one network connection entry for each one and all of those would need to be changed as well. This only needs to be done one time (usually). Now, if you travel a lot and connect to different WiFi hotspots at hotels/motels, airports, resturants, city WiFi, etc... then you should still change the DNS server IP addresses for those connections and restart afterward; having a portable mini travel router helps a lot in this travel scenario.
You can have as many VPN server locations and connections as you want, just add them (import them), and you do not have to change their DNS entries.
Since you are located in N.C. I would recommend adding and using VPN servers somewhere else.
Hope this helps ...
Phd21: Mint 20 Cinnamon & xKDE (Mint Xfce + Kubuntu KDE) & KDE Neon 64-bit (new based on Ubuntu 20.04) Awesome OS's, Dell Inspiron I5 7000 (7573) 2 in 1 touch screen, Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram, Intel 4 Graphics.
Re: How to fix dns leaks?
Also at one point something said my IP was from California.