[SOLVED]How to fix dns leaks?
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Re: How to fix dns leaks?
Hi Mintuser998,
Those are DNS server IP addresses. As long as those do not reflect your current ISP or your current location, you should be alright. I noticed that when going to "ipleak.net" or other test websites, that DNS server IP addresses can be from all over the place, and there can be many of them or just one or a few. Theoretically, once you connect to a VPN provider's server, your system should inherit and reflect that location, but I noticed with some VPN providers (regardless of possible DNS leaks), they might use DNS servers from various places, even different countries.
.
Those are DNS server IP addresses. As long as those do not reflect your current ISP or your current location, you should be alright. I noticed that when going to "ipleak.net" or other test websites, that DNS server IP addresses can be from all over the place, and there can be many of them or just one or a few. Theoretically, once you connect to a VPN provider's server, your system should inherit and reflect that location, but I noticed with some VPN providers (regardless of possible DNS leaks), they might use DNS servers from various places, even different countries.
.
Phd21: Mint 20 Cinnamon & KDE Neon 64-bit Awesome OS's, Dell Inspiron I5 7000 (7573, quad core i5-8250U ) 2 in 1 touch screen
Re: How to fix dns leaks?
Hi Mintuser998
You are welcome...
Those lines are to help prevent VPN DNS leaks by adding them to the ".ovpn" configuration files.
But, as I stated before not all VPN providers servers leak DNS information, and even if they did, as long as you have changed your local ISP connection's default DNS server IP addresses to a DNS provider's server IP addresses it will not matter, it won't be your local ISP DNS servers, and so you are still secure and anonymous. I am currently in Florida, USA. I did not add those lines to my vpngate server configuration file and yet no DNS leaks, ProtonVPN already had them in their configuration files and no leaks, and I did add them to vpnbook servers which did help.
Here some screenshots of various VPN providers and their server locations along with the results from "ipleqak.net" for each one, and my real (public / wan) IP address is not displayed, nor are my ISP's default DNS server IP addresses. And, as you can see the DNS servers can vary a lot. I am using the "cloudflare" DNS secure server IP addresses.
. . .
You are welcome...
Those lines are to help prevent VPN DNS leaks by adding them to the ".ovpn" configuration files.
But, as I stated before not all VPN providers servers leak DNS information, and even if they did, as long as you have changed your local ISP connection's default DNS server IP addresses to a DNS provider's server IP addresses it will not matter, it won't be your local ISP DNS servers, and so you are still secure and anonymous. I am currently in Florida, USA. I did not add those lines to my vpngate server configuration file and yet no DNS leaks, ProtonVPN already had them in their configuration files and no leaks, and I did add them to vpnbook servers which did help.
Here some screenshots of various VPN providers and their server locations along with the results from "ipleqak.net" for each one, and my real (public / wan) IP address is not displayed, nor are my ISP's default DNS server IP addresses. And, as you can see the DNS servers can vary a lot. I am using the "cloudflare" DNS secure server IP addresses.
. . .
Phd21: Mint 20 Cinnamon & KDE Neon 64-bit Awesome OS's, Dell Inspiron I5 7000 (7573, quad core i5-8250U ) 2 in 1 touch screen
Re: How to fix dns leaks?
Do you know of a way to STOP dns leaks? Regardless of whether it matters or not. And is it showing the dns connected to prior connecting to the vpn, or is it showing the one after connecting to the vpn?
Re: How to fix dns leaks?
Hi Mintuser998
I already gave you all the information and links to various options regarding DNS Leaks in this post and its replies.
My screenshots are showing DNS servers after connecting to the various VPN providers.
I already gave you all the information and links to various options regarding DNS Leaks in this post and its replies.
My screenshots are showing DNS servers after connecting to the various VPN providers.
Phd21: Mint 20 Cinnamon & KDE Neon 64-bit Awesome OS's, Dell Inspiron I5 7000 (7573, quad core i5-8250U ) 2 in 1 touch screen
Re: How to fix dns leaks?
You're right. I missed it. Can you tell me what this line of code does in a .ovpn file? I can't read terminal code very well.
Code: Select all
setenv PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Re: How to fix dns leaks?
me neither, all i see is the woman in the red dressMintuser998 wrote: ⤴Tue Jun 05, 2018 7:23 pm You're right. I missed it. Can you tell me what this line of code does in a .ovpn file? I can't read terminal code very well.Code: Select all
setenv PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
this just means that usr/bin has all these aliases. when you open a terminal and type a command for a program like gedit for example the terminal will look in these directories for a program called gedit in theory you can place an executable file in any of these folders and the terminal will find it
Re: How to fix dns leaks?
Then why did this say to use it?
viewtopic.php?f=90&t=260970&p=1410738&s ... 4#p1410148
viewtopic.php?f=90&t=260970&p=1410738&s ... 4#p1410148
Re: How to fix dns leaks?
Just saw this thread. I use VPN Gate (Open VPN). I searched a long time for a way to stop my vpn from leaking.
I found this and it has worked for me.
1.Open a terminal and enter:
sudo apt-get install openresolv nscd unbound
2. Restart the pc.
3. Activate the VPN.
4. Check for leaks on https://ipleak.net/
I found this and it has worked for me.
1.Open a terminal and enter:
sudo apt-get install openresolv nscd unbound
2. Restart the pc.
3. Activate the VPN.
4. Check for leaks on https://ipleak.net/
Linux Mint 21.2 Cinnamon.. 64-bit
Windows 11
Windows 11
Re: How to fix dns leaks?
Doesn't any dns showing up mean I have a leak? If so, then the links you've given me won't work to fix it.
Re: How to fix dns leaks?
Hi Mintuser998,
After doing some more research on this, and I came across more articles and some posts from "ProtonVPN", here are some more comments.
I just assumed that all Linux Mint editions and versions already have "resolvconf" installed which would help with DNS when using VPN connections.
But as member "rbsudo" just mentioned and new information I located state that using "openresolve" may work better. I am going to install "openresolve" and experiment with that which will remove "resolvconf", so restart afterward. I am not sure about installing the "nscd" and "unbound" packages because I have not researched those (yet).
openresolv - Roy's Place
* Reasons for using openresolv
https://roy.marples.name/projects/openresolv
FYI-1: Regarding "vpngate" servers: Using the excellent application "vpngate with proxy" I have never had DNS leaks.
Domain name resolution - ArchWiki
https://wiki.archlinux.org/index.php/Do ... resolution
Update on DNS leak with Linux? : ProtonVPN
https://www.reddit.com/r/ProtonVPN/comm ... ith_linux/
FYI-2: ProtonVPN: For Linux users using the superb ProtonVPN provider, they also have a new Linux Client script.
ProtonVPN client tool for Linux - ProtonVPN Support
https://protonvpn.com/support/linux-vpn-tool/
ProtonVPN/protonvpn-cli: protonvpn-cli: ProtonVPN Command-Line Tool for Linux and macOS.
https://github.com/ProtonVPN/protonvpn-cli
Hope this helps ...
After doing some more research on this, and I came across more articles and some posts from "ProtonVPN", here are some more comments.
I just assumed that all Linux Mint editions and versions already have "resolvconf" installed which would help with DNS when using VPN connections.
Code: Select all
sudo apt install resolvconf
Code: Select all
sudo apt install openresolv
* Reasons for using openresolv
https://roy.marples.name/projects/openresolv
FYI-1: Regarding "vpngate" servers: Using the excellent application "vpngate with proxy" I have never had DNS leaks.
Domain name resolution - ArchWiki
https://wiki.archlinux.org/index.php/Do ... resolution
Update on DNS leak with Linux? : ProtonVPN
https://www.reddit.com/r/ProtonVPN/comm ... ith_linux/
FYI-2: ProtonVPN: For Linux users using the superb ProtonVPN provider, they also have a new Linux Client script.
ProtonVPN client tool for Linux - ProtonVPN Support
https://protonvpn.com/support/linux-vpn-tool/
ProtonVPN/protonvpn-cli: protonvpn-cli: ProtonVPN Command-Line Tool for Linux and macOS.
https://github.com/ProtonVPN/protonvpn-cli
Hope this helps ...
Last edited by phd21 on Thu Jun 07, 2018 2:27 pm, edited 1 time in total.
Phd21: Mint 20 Cinnamon & KDE Neon 64-bit Awesome OS's, Dell Inspiron I5 7000 (7573, quad core i5-8250U ) 2 in 1 touch screen
Re: How to fix dns leaks?
phd21, I don't have any idea what the packages nscd and unbound do. I found the suggestion, saw where a couple of people confirmed it worked for them, and tried it. It worked for me too.
I just did a search on those two packages and found this.
https://linux.die.net/man/8/nscd
https://www.unbound.net/
If that helps, let us know...... it's outside my "pay range."
Thanks!
I just did a search on those two packages and found this.
https://linux.die.net/man/8/nscd
https://www.unbound.net/
If that helps, let us know...... it's outside my "pay range."
Thanks!
Linux Mint 21.2 Cinnamon.. 64-bit
Windows 11
Windows 11
Re: How to fix dns leaks?
Hi rbsudo & everyone else,
After exhaustive testing, I think I found out how to stop DNS leaks, at least on my systems with VPN's added (imported) into the Network Manager. This worked with various VPN provider's OpenVPN configuration files (somewhere.ovpn) whether they were TCP or UDP, they recommend UDP.
Steps 1-3 only need to be done once, step 4 editing your VPN provider's VPN configuration files may need to be done for each VPN server location you want to use.
1.) Update your "openvpn" software using their repository.
This link has instructions for updating openVPN software. Linux Mint 19.x already has the updated OpenVPN software.
Is it possible to install the latest openvpn without breaking everything[SOLVED]
viewtopic.php?f=157&t=242583&hilit=openvpn
2.) Install "resolvconf" or "openresolv" (I used the openresolv), make sure you have the "network-manager-openvpn" installed (usually is), install "unbound" ("nscd" did not seem necessary). Recommend openresolv vs resolvconf.
Install all of these with this one console terminal command
or
Updated info 02-23-2019: I do not seem to need to install "unbound" or "bind9" packages to stop VPN DNS leaks in Linux Mint 19.x (Ubuntu 18.04+), although I think it is still a good idea to do so. I do need the "bind9-host" because of dependencies with other applications and this is usually installed already anyway. I still need to make sure the OpenVPN server configuration files have the lines below in them per step4.
3.) Then check to make sure the NetworkManager Configuration file has "dnsmasq" disabled with a # in front of that line, save the change, exit the text editor. If there is not a "dnsmasq" entry, do not worry about it, there is nothing to change, go to next step. You can also use your file manager to browse to the file and right-click open as root to edit these files and make changes.
To edit this file in Cinnamon, Mate, Xfce, use the command below. "xed" is the text editor.
To edit this file in KDE use the gedit text editor or xed in command below.
Install gedit and xed text editors
Edit Network Manager configuration file.
Here is an example of a "vpnbook" provider's US server (vpnbook-us1-tcp80.ovpn) file with the changes
5.) Restart, try connecting to your VPN server(s), or import new VPN server(s) and try it. Verify the VPN is working and check the DNS entries by going to a website like "www.ipleak.net".
* 02-23-2019 * I now also recommend using "DNS over TLS"
How to Protect Your DNS Privacy on Ubuntu 18.04 with DNS over TLS
https://www.linuxbabe.com/ubuntu/ubuntu ... s-over-tls
Hope this helps ...
After exhaustive testing, I think I found out how to stop DNS leaks, at least on my systems with VPN's added (imported) into the Network Manager. This worked with various VPN provider's OpenVPN configuration files (somewhere.ovpn) whether they were TCP or UDP, they recommend UDP.
Steps 1-3 only need to be done once, step 4 editing your VPN provider's VPN configuration files may need to be done for each VPN server location you want to use.
1.) Update your "openvpn" software using their repository.
This link has instructions for updating openVPN software. Linux Mint 19.x already has the updated OpenVPN software.
Is it possible to install the latest openvpn without breaking everything[SOLVED]
viewtopic.php?f=157&t=242583&hilit=openvpn
2.) Install "resolvconf" or "openresolv" (I used the openresolv), make sure you have the "network-manager-openvpn" installed (usually is), install "unbound" ("nscd" did not seem necessary). Recommend openresolv vs resolvconf.
Install all of these with this one console terminal command
Code: Select all
sudo apt install openresolv easy-rsa network-manager-openvpn bind9 unbound
Code: Select all
sudo apt install openresolv easy-rsa network-manager-openvpn
3.) Then check to make sure the NetworkManager Configuration file has "dnsmasq" disabled with a # in front of that line, save the change, exit the text editor. If there is not a "dnsmasq" entry, do not worry about it, there is nothing to change, go to next step. You can also use your file manager to browse to the file and right-click open as root to edit these files and make changes.
To edit this file in Cinnamon, Mate, Xfce, use the command below. "xed" is the text editor.
Code: Select all
sudo -i xed /etc/NetworkManager/NetworkManager.conf
Install gedit and xed text editors
Code: Select all
sudo apt install gedit gedit-plugins xed
Code: Select all
sudo -i gedit /etc/NetworkManager/NetworkManager.conf
4.) Check your VPN Providers openVPN configuration files (somewhere.ovpn) to see if these lines are in them before the start of the certificate line <ca>. You can usually right-click a "somewhere.ovpn" file and "open with" any text editor to view or edit them, save it if you make changes. You can click "select all" below and right-click copy to copy this code and then paste into any of your ".ovpn" files, save changes, exit the text editor.NetworkManager.conf wrote: [main]
plugins=ifupdown,keyfile,ofono
#dns=dnsmasq
[ifupdown]
managed=false
Code: Select all
# To prevent DNS Leaks
block-outside-dns
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
down-pre
Code: Select all
client
dev tun3
proto tcp
remote 198.7.62.204 80
remote us1.vpnbook.com 80
resolv-retry infinite
nobind
persist-key
persist-tun
auth-user-pass
comp-lzo
verb 3
cipher AES-128-CBC
fast-io
pull
route-delay 2
redirect-gateway
# To prevent DNS Leaks
block-outside-dns
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
down-pre
<ca>
-----BEGIN CERTIFICATE-----
MIIDyzCCAzSgAwIBAgIJAKRtpjsIvek1MA0GCSqGSIb3DQEBBQUAMIGgMQswCQYD
VQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxFDASBgNV
BAoTC3ZwbmJvb2suY29tMQswCQYDVQQLEwJJVDEUMBIGA1UEAxMLdnBuYm9vay5j
b20xFDASBgNVBCkTC3ZwbmJvb2suY29tMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkB2
cG5ib29rLmNvbTAeFw0xMzA0MjQwNDA3NDhaFw0yMzA0MjIwNDA3NDhaMIGgMQsw
CQYDVQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxFDAS
BgNVBAoTC3ZwbmJvb2suY29tMQswCQYDVQQLEwJJVDEUMBIGA1UEAxMLdnBuYm9v
ay5jb20xFDASBgNVBCkTC3ZwbmJvb2suY29tMSAwHgYJKoZIhvcNAQkBFhFhZG1p
bkB2cG5ib29rLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyNwZEYs6
WN+j1zXYLEwiQMShc1mHmY9f9cx18hF/rENG+TBgaS5RVx9zU+7a9X1P3r2OyLXi
WzqvEMmZIEhij8MtCxbZGEEUHktkbZqLAryIo8ubUigqke25+QyVLDIBuqIXjpw3
hJQMXIgMic1u7TGsvgEUahU/5qbLIGPNDlUCAwEAAaOCAQkwggEFMB0GA1UdDgQW
BBRZ4KGhnll1W+K/KJVFl/C2+KM+JjCB1QYDVR0jBIHNMIHKgBRZ4KGhnll1W+K/
KJVFl/C2+KM+JqGBpqSBozCBoDELMAkGA1UEBhMCQ0gxDzANBgNVBAgTBlp1cmlj
aDEPMA0GA1UEBxMGWnVyaWNoMRQwEgYDVQQKEwt2cG5ib29rLmNvbTELMAkGA1UE
CxMCSVQxFDASBgNVBAMTC3ZwbmJvb2suY29tMRQwEgYDVQQpEwt2cG5ib29rLmNv
bTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AdnBuYm9vay5jb22CCQCkbaY7CL3pNTAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAKaoCEWk2pitKjbhChjl1rLj
6FwAZ74bcX/YwXM4X4st6k2+Fgve3xzwUWTXinBIyz/WDapQmX8DHk1N3Y5FuRkv
wOgathAN44PrxLAI8kkxkngxby1xrG7LtMmpATxY7fYLOQ9yHge7RRZKDieJcX3j
+ogTneOl2w6P0xP6lyI6
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIID6DCCA1GgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBoDELMAkGA1UEBhMCQ0gx
DzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMRQwEgYDVQQKEwt2cG5i
b29rLmNvbTELMAkGA1UECxMCSVQxFDASBgNVBAMTC3ZwbmJvb2suY29tMRQwEgYD
VQQpEwt2cG5ib29rLmNvbTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AdnBuYm9vay5j
b20wHhcNMTMwNTA2MDMyMTIxWhcNMjMwNTA0MDMyMTIxWjB4MQswCQYDVQQGEwJD
SDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxFDASBgNVBAoTC3Zw
bmJvb2suY29tMQ8wDQYDVQQDEwZjbGllbnQxIDAeBgkqhkiG9w0BCQEWEWFkbWlu
QHZwbmJvb2suY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkTM/8E+JH
CjskqMIwgYDrNCBTWZLa+qKkJjZ/rliJomTfVYwKwv1AHYYU6RHpCxS1qFp3BEKL
vQlASuzycSv1FGnNiLmg94fqzzWdmjs1XWosnLqbOwxx2Ye/1WoakSHia0pItoZk
xK7/fllm42+Qujri/ERGga5Cb/TfiP6pUQIDAQABo4IBVzCCAVMwCQYDVR0TBAIw
ADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRl
MB0GA1UdDgQWBBTDr4BCNSdOEh+Lx6+4RRK11x8XcDCB1QYDVR0jBIHNMIHKgBRZ
4KGhnll1W+K/KJVFl/C2+KM+JqGBpqSBozCBoDELMAkGA1UEBhMCQ0gxDzANBgNV
BAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMRQwEgYDVQQKEwt2cG5ib29rLmNv
bTELMAkGA1UECxMCSVQxFDASBgNVBAMTC3ZwbmJvb2suY29tMRQwEgYDVQQpEwt2
cG5ib29rLmNvbTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AdnBuYm9vay5jb22CCQCk
baY7CL3pNTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZI
hvcNAQEFBQADgYEAoDgD8mpVPnHUh7RhQziwhp8APC8K3jToZ0Dv4MYXQnzyXziH
QbewJZABCcOKYS0VRB/6zYX/9dIBogA/ieLgLrXESIeOp1SfP3xt+gGXSiJaohyA
/NLsTi/Am8OP211IFLyDLvPqZuqlh/+/GOLcMCeCrMj4RYxWstNxtguGQFc=
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCkTM/8E+JHCjskqMIwgYDrNCBTWZLa+qKkJjZ/rliJomTfVYwK
wv1AHYYU6RHpCxS1qFp3BEKLvQlASuzycSv1FGnNiLmg94fqzzWdmjs1XWosnLqb
Owxx2Ye/1WoakSHia0pItoZkxK7/fllm42+Qujri/ERGga5Cb/TfiP6pUQIDAQAB
AoGANX508WQf9nVUUFlJ8LUZnnr4U2sEr5uPPNbcQ7ImTZm8MiMOV6qo/ikesMw5
8qCS+5p26e1PJWRFENPUVhOW9c07z+nRMyHBQzFnNAFD7TiayjNk1gz1oIXarceR
edNGFDdWCwXh+nJJ6whbQn9ioyTg9aqScrcATmHQxTit0GECQQDR5FmwC7g0eGwZ
VHgSc/bZzo0q3VjNGakrA2zSXWUWrE0ybBm2wJNBYKAeskzWxoc6/gJa8mKEU+Vv
ugGb+J/tAkEAyGSEmWROUf4WX5DLl6nkjShdyv4LAQpByhiwLjmiZL7F4/irY4fo
ct2Ii5uMzwERRvHjJ7yzJJic8gkEca2adQJABxjZj4JV8DBCN3kLtlQFfMfnLhPd
9NFxTusGuvY9fM7GrXXKSMuqLwO9ZkxRHNIJsIz2N20Kt76+e1CmzUdS4QJAVvbQ
WKUgHBMRcI2s3PecuOmQspxG+D+UR3kpVBYs9F2aEZIEBuCfLuIW9Mcfd2I2NjyY
4NDSSYp1adAh/pdhVQJBANDrlnodYDu6A+a4YO9otjd+296/T8JpePI/KNxk7N0A
gm7SAhk379I6hr5NXdBbvTedlb1ULrhWV8lpwZ9HW2k=
-----END RSA PRIVATE KEY-----
</key>
* 02-23-2019 * I now also recommend using "DNS over TLS"
How to Protect Your DNS Privacy on Ubuntu 18.04 with DNS over TLS
https://www.linuxbabe.com/ubuntu/ubuntu ... s-over-tls
Hope this helps ...
Last edited by phd21 on Thu Nov 21, 2019 2:50 pm, edited 10 times in total.
Phd21: Mint 20 Cinnamon & KDE Neon 64-bit Awesome OS's, Dell Inspiron I5 7000 (7573, quad core i5-8250U ) 2 in 1 touch screen
Re: How to fix dns leaks?
Lots of good info on this thread. Should it be pinned for ease of future reference?
Linux Mint 21.2 Cinnamon.. 64-bit
Windows 11
Windows 11
Re: How to fix dns leaks?
Or just install dnscrypt from the Mint repositories
Re: How to fix dns leaks?
My gosh. It worked, thank you so much. But what does easy-rsa and unbound do? Also what exactly does this do? I'm not sure if I asked this before, but if I did, I didn't get an answer.
Code: Select all
block-outside-dns
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
down-pre
Re: [SOLVED]How to fix dns leaks?
There are many google organic results show some VPN provider's websites tools which are misleading user's highly recommended if you can use https://www.vpninsights.com/ip-leak-test this one
Re: [SOLVED]How to fix dns leaks?
A year or two ago I looked at many VPNs in their default configuration and found that only few protected from DNS leaks. The sites I looked at are listed in viewtopic.php?f=90&t=242032&start=40. At the time I chose PIA as they do protect against DNS links in their default configuration. Things may have changed since then, of course, but I was happy with them at the time.
Last edited by Laugh2 on Sun Aug 12, 2018 12:33 am, edited 1 time in total.