[SOLVED]How to fix dns leaks?

Connection sharing, Firewall, Samba..etc
Forum rules
Before you post please read how to get help
User avatar
Mintuser998
Level 1
Level 1
Posts: 37
Joined: Thu May 31, 2018 1:57 pm

Re: How to fix dns leaks?

Post by Mintuser998 » Sun Jun 03, 2018 5:25 pm

This one says NY and NJ
Image

User avatar
phd21
Level 16
Level 16
Posts: 6322
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: How to fix dns leaks?

Post by phd21 » Sun Jun 03, 2018 5:31 pm

Hi Mintuser998,

Those are DNS server IP addresses. As long as those do not reflect your current ISP or your current location, you should be alright. I noticed that when going to "ipleak.net" or other test websites, that DNS server IP addresses can be from all over the place, and there can be many of them or just one or a few. Theoretically, once you connect to a VPN provider's server, your system should inherit and reflect that location, but I noticed with some VPN providers (regardless of possible DNS leaks), they might use DNS servers from various places, even different countries.

.
VPNbook_US2_Server.jpg
vpnbook US2 location - my ipleak.net results
Phd21: Mint KDE 17.3 & 18.3, 64-bit Awesome OS, Ancient Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram,256gb SDD, Video: Intel 4 Graphics, DVD Lightscribe. Why I use KDE?:https://opensource.com/life/15/4/9-reasons-to-use-kde

User avatar
Mintuser998
Level 1
Level 1
Posts: 37
Joined: Thu May 31, 2018 1:57 pm

Re: How to fix dns leaks?

Post by Mintuser998 » Sun Jun 03, 2018 5:40 pm

Thanks. What do those lines added to the ovpn config do?

User avatar
phd21
Level 16
Level 16
Posts: 6322
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: How to fix dns leaks?

Post by phd21 » Sun Jun 03, 2018 6:00 pm

Hi Mintuser998

You are welcome...

Those lines are to help prevent VPN DNS leaks by adding them to the ".ovpn" configuration files.

But, as I stated before not all VPN providers servers leak DNS information, and even if they did, as long as you have changed your local ISP connection's default DNS server IP addresses to a DNS provider's server IP addresses it will not matter, it won't be your local ISP DNS servers, and so you are still secure and anonymous. I am currently in Florida, USA. I did not add those lines to my vpngate server configuration file and yet no DNS leaks, ProtonVPN already had them in their configuration files and no leaks, and I did add them to vpnbook servers which did help.

Here some screenshots of various VPN providers and their server locations along with the results from "ipleqak.net" for each one, and my real (public / wan) IP address is not displayed, nor are my ISP's default DNS server IP addresses. And, as you can see the DNS servers can vary a lot. I am using the "cloudflare" DNS secure server IP addresses.

.
VPNbook_US2_Server.jpg
vpnbook US2 server location
.
ProtonVPN_US2_Server.jpg
protonVPN US2 server location
.
vpngate_US_server1.jpg
a generic vpngate US server location
Phd21: Mint KDE 17.3 & 18.3, 64-bit Awesome OS, Ancient Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram,256gb SDD, Video: Intel 4 Graphics, DVD Lightscribe. Why I use KDE?:https://opensource.com/life/15/4/9-reasons-to-use-kde

User avatar
Mintuser998
Level 1
Level 1
Posts: 37
Joined: Thu May 31, 2018 1:57 pm

Re: How to fix dns leaks?

Post by Mintuser998 » Tue Jun 05, 2018 3:29 pm

Do you know of a way to STOP dns leaks? Regardless of whether it matters or not. And is it showing the dns connected to prior connecting to the vpn, or is it showing the one after connecting to the vpn?

User avatar
phd21
Level 16
Level 16
Posts: 6322
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: How to fix dns leaks?

Post by phd21 » Tue Jun 05, 2018 5:12 pm

Hi Mintuser998

I already gave you all the information and links to various options regarding DNS Leaks in this post and its replies.

My screenshots are showing DNS servers after connecting to the various VPN providers.
Phd21: Mint KDE 17.3 & 18.3, 64-bit Awesome OS, Ancient Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram,256gb SDD, Video: Intel 4 Graphics, DVD Lightscribe. Why I use KDE?:https://opensource.com/life/15/4/9-reasons-to-use-kde

User avatar
Mintuser998
Level 1
Level 1
Posts: 37
Joined: Thu May 31, 2018 1:57 pm

Re: How to fix dns leaks?

Post by Mintuser998 » Tue Jun 05, 2018 7:23 pm

You're right. I missed it. Can you tell me what this line of code does in a .ovpn file? I can't read terminal code very well.

Code: Select all

setenv PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

User avatar
trytip
Level 7
Level 7
Posts: 1631
Joined: Tue Jul 05, 2016 1:20 pm

Re: How to fix dns leaks?

Post by trytip » Tue Jun 05, 2018 7:32 pm

Mintuser998 wrote:
Tue Jun 05, 2018 7:23 pm
You're right. I missed it. Can you tell me what this line of code does in a .ovpn file? I can't read terminal code very well.

Code: Select all

setenv PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
me neither, all i see is the woman in the red dress :lol:
this just means that usr/bin has all these aliases. when you open a terminal and type a command for a program like gedit for example the terminal will look in these directories for a program called gedit in theory you can place an executable file in any of these folders and the terminal will find it
Image

User avatar
Mintuser998
Level 1
Level 1
Posts: 37
Joined: Thu May 31, 2018 1:57 pm

Re: How to fix dns leaks?

Post by Mintuser998 » Tue Jun 05, 2018 7:42 pm


rbsudo
Level 1
Level 1
Posts: 49
Joined: Sat Jul 15, 2017 10:59 am

Re: How to fix dns leaks?

Post by rbsudo » Tue Jun 05, 2018 8:03 pm

Just saw this thread. I use VPN Gate (Open VPN). I searched a long time for a way to stop my vpn from leaking.
I found this and it has worked for me.

1.Open a terminal and enter:
sudo apt-get install openresolv nscd unbound

2. Restart the pc.

3. Activate the VPN.

4. Check for leaks on https://ipleak.net/
Linux Mint 18.3 Sylvia.. Cinnamon.. 32-bit and 64-bit
"I learn by going where I have to go," Roethke

User avatar
Mintuser998
Level 1
Level 1
Posts: 37
Joined: Thu May 31, 2018 1:57 pm

Re: How to fix dns leaks?

Post by Mintuser998 » Tue Jun 05, 2018 8:11 pm

Then I would have to remove resolvconf.

User avatar
Mintuser998
Level 1
Level 1
Posts: 37
Joined: Thu May 31, 2018 1:57 pm

Re: How to fix dns leaks?

Post by Mintuser998 » Tue Jun 05, 2018 8:16 pm

Doesn't any dns showing up mean I have a leak? If so, then the links you've given me won't work to fix it.

User avatar
phd21
Level 16
Level 16
Posts: 6322
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: How to fix dns leaks?

Post by phd21 » Wed Jun 06, 2018 3:44 pm

Hi Mintuser998,

After doing some more research on this, and I came across more articles and some posts from "ProtonVPN", here are some more comments.

I just assumed that all Linux Mint editions and versions already have "resolvconf" installed which would help with DNS when using VPN connections.

Code: Select all

sudo apt install resolvconf
But as member "rbsudo" just mentioned and new information I located state that using "openresolve" may work better. I am going to install "openresolve" and experiment with that which will remove "resolvconf", so restart afterward. I am not sure about installing the "nscd" and "unbound" packages because I have not researched those (yet).

Code: Select all

sudo apt install openresolv
openresolv - Roy's Place
* Reasons for using openresolv
https://roy.marples.name/projects/openresolv

FYI-1: Regarding "vpngate" servers: Using the excellent application "vpngate with proxy" I have never had DNS leaks.


Domain name resolution - ArchWiki
https://wiki.archlinux.org/index.php/Do ... resolution


Update on DNS leak with Linux? : ProtonVPN
https://www.reddit.com/r/ProtonVPN/comm ... ith_linux/

FYI-2: ProtonVPN: For Linux users using the superb ProtonVPN provider, they also have a new Linux Client script.
ProtonVPN client tool for Linux - ProtonVPN Support
https://protonvpn.com/support/linux-vpn-tool/

ProtonVPN/protonvpn-cli: protonvpn-cli: ProtonVPN Command-Line Tool for Linux and macOS.
https://github.com/ProtonVPN/protonvpn-cli



Hope this helps ...
Last edited by phd21 on Thu Jun 07, 2018 2:27 pm, edited 1 time in total.
Phd21: Mint KDE 17.3 & 18.3, 64-bit Awesome OS, Ancient Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram,256gb SDD, Video: Intel 4 Graphics, DVD Lightscribe. Why I use KDE?:https://opensource.com/life/15/4/9-reasons-to-use-kde

rbsudo
Level 1
Level 1
Posts: 49
Joined: Sat Jul 15, 2017 10:59 am

Re: How to fix dns leaks?

Post by rbsudo » Thu Jun 07, 2018 9:51 am

phd21, I don't have any idea what the packages nscd and unbound do. I found the suggestion, saw where a couple of people confirmed it worked for them, and tried it. It worked for me too.

I just did a search on those two packages and found this.

https://linux.die.net/man/8/nscd

https://www.unbound.net/

If that helps, let us know...... it's outside my "pay range." :wink:

Thanks!
Linux Mint 18.3 Sylvia.. Cinnamon.. 32-bit and 64-bit
"I learn by going where I have to go," Roethke

User avatar
phd21
Level 16
Level 16
Posts: 6322
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: How to fix dns leaks?

Post by phd21 » Sat Jun 09, 2018 10:16 pm

Hi rbsudo & everyone else,

After exhaustive testing, I think I found out how to stop DNS leaks, at least on my systems with VPN's added (imported) into the Network Manager. This worked with various VPN provider's OpenVPN configuration files (somewhere.ovpn) whether they were TCP or UDP, they recommend UDP.

Steps 1-3 only need to be done once, step 4 editing your VPN provider's VPN configuration files may need to be done for each VPN server location you want to use.

1.) Update your "openvpn" software using their repository.

This link has instructions for updating openVPN software.
Is it possible to install the latest openvpn without breaking everything[SOLVED]
viewtopic.php?f=157&t=242583&hilit=openvpn

2.) Install "resolvconf" or "openresolv" (I used the openresolv), make sure you have the "network-manager-openvpn" installed (usually is), install "unbound" ("nscd" did not seem necessary).

Install all of these with this one console terminal command

Code: Select all

sudo apt install openresolv easy-rsa network-manager-openvpn unbound

3.) Then check to make sure the NetworkManager Configuration file has "dnsmasq" disabled with a # in front of that line, save the change, exit the text editor. If there is not a "dnsmasq" entry, do not worry about it, there is nothing to change, go to next step. You can also use your file manager to browse to the file and right-click open as root to edit these files and make changes.

To edit this file in Cinnamon, Mate, Xfce, use the command below. "xed" is the text editor.

Code: Select all

gksudo xed /etc/NetworkManager/NetworkManager.conf
To edit this file in KDE use the command below. "kate" is the text editor.

Code: Select all

kdesudo kate /etc/NetworkManager/NetworkManager.conf
NetworkManager.conf wrote: [main]
plugins=ifupdown,keyfile,ofono
#dns=dnsmasq

[ifupdown]
managed=false
4.) Check your VPN Providers openVPN configuration files (somewhere.ovpn) to see if these lines are in them before the start of the certificate line <ca>. You can usually right-click a "somewhere.ovpn" file and "open with" any text editor to view or edit them, save it if you make changes. You can click "select all" below and right-click copy to copy this code and then paste into any of your ".ovpn" files, save changes, exit the text editor.

Code: Select all

# To prevent DNS Leaks
block-outside-dns
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
down-pre
Here is an example of a "vpnbook" provider's US server (vpnbook-us1-tcp80.ovpn) file with the changes

Code: Select all

client
dev tun3
proto tcp
remote 198.7.62.204 80
remote us1.vpnbook.com 80
resolv-retry infinite
nobind
persist-key
persist-tun
auth-user-pass
comp-lzo
verb 3
cipher AES-128-CBC
fast-io
pull
route-delay 2
redirect-gateway
# To prevent DNS Leaks
block-outside-dns
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
down-pre

<ca>
-----BEGIN CERTIFICATE-----
MIIDyzCCAzSgAwIBAgIJAKRtpjsIvek1MA0GCSqGSIb3DQEBBQUAMIGgMQswCQYD
VQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxFDASBgNV
BAoTC3ZwbmJvb2suY29tMQswCQYDVQQLEwJJVDEUMBIGA1UEAxMLdnBuYm9vay5j
b20xFDASBgNVBCkTC3ZwbmJvb2suY29tMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkB2
cG5ib29rLmNvbTAeFw0xMzA0MjQwNDA3NDhaFw0yMzA0MjIwNDA3NDhaMIGgMQsw
CQYDVQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxFDAS
BgNVBAoTC3ZwbmJvb2suY29tMQswCQYDVQQLEwJJVDEUMBIGA1UEAxMLdnBuYm9v
ay5jb20xFDASBgNVBCkTC3ZwbmJvb2suY29tMSAwHgYJKoZIhvcNAQkBFhFhZG1p
bkB2cG5ib29rLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyNwZEYs6
WN+j1zXYLEwiQMShc1mHmY9f9cx18hF/rENG+TBgaS5RVx9zU+7a9X1P3r2OyLXi
WzqvEMmZIEhij8MtCxbZGEEUHktkbZqLAryIo8ubUigqke25+QyVLDIBuqIXjpw3
hJQMXIgMic1u7TGsvgEUahU/5qbLIGPNDlUCAwEAAaOCAQkwggEFMB0GA1UdDgQW
BBRZ4KGhnll1W+K/KJVFl/C2+KM+JjCB1QYDVR0jBIHNMIHKgBRZ4KGhnll1W+K/
KJVFl/C2+KM+JqGBpqSBozCBoDELMAkGA1UEBhMCQ0gxDzANBgNVBAgTBlp1cmlj
aDEPMA0GA1UEBxMGWnVyaWNoMRQwEgYDVQQKEwt2cG5ib29rLmNvbTELMAkGA1UE
CxMCSVQxFDASBgNVBAMTC3ZwbmJvb2suY29tMRQwEgYDVQQpEwt2cG5ib29rLmNv
bTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AdnBuYm9vay5jb22CCQCkbaY7CL3pNTAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAKaoCEWk2pitKjbhChjl1rLj
6FwAZ74bcX/YwXM4X4st6k2+Fgve3xzwUWTXinBIyz/WDapQmX8DHk1N3Y5FuRkv
wOgathAN44PrxLAI8kkxkngxby1xrG7LtMmpATxY7fYLOQ9yHge7RRZKDieJcX3j
+ogTneOl2w6P0xP6lyI6
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIID6DCCA1GgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBoDELMAkGA1UEBhMCQ0gx
DzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMRQwEgYDVQQKEwt2cG5i
b29rLmNvbTELMAkGA1UECxMCSVQxFDASBgNVBAMTC3ZwbmJvb2suY29tMRQwEgYD
VQQpEwt2cG5ib29rLmNvbTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AdnBuYm9vay5j
b20wHhcNMTMwNTA2MDMyMTIxWhcNMjMwNTA0MDMyMTIxWjB4MQswCQYDVQQGEwJD
SDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxFDASBgNVBAoTC3Zw
bmJvb2suY29tMQ8wDQYDVQQDEwZjbGllbnQxIDAeBgkqhkiG9w0BCQEWEWFkbWlu
QHZwbmJvb2suY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkTM/8E+JH
CjskqMIwgYDrNCBTWZLa+qKkJjZ/rliJomTfVYwKwv1AHYYU6RHpCxS1qFp3BEKL
vQlASuzycSv1FGnNiLmg94fqzzWdmjs1XWosnLqbOwxx2Ye/1WoakSHia0pItoZk
xK7/fllm42+Qujri/ERGga5Cb/TfiP6pUQIDAQABo4IBVzCCAVMwCQYDVR0TBAIw
ADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRl
MB0GA1UdDgQWBBTDr4BCNSdOEh+Lx6+4RRK11x8XcDCB1QYDVR0jBIHNMIHKgBRZ
4KGhnll1W+K/KJVFl/C2+KM+JqGBpqSBozCBoDELMAkGA1UEBhMCQ0gxDzANBgNV
BAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMRQwEgYDVQQKEwt2cG5ib29rLmNv
bTELMAkGA1UECxMCSVQxFDASBgNVBAMTC3ZwbmJvb2suY29tMRQwEgYDVQQpEwt2
cG5ib29rLmNvbTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AdnBuYm9vay5jb22CCQCk
baY7CL3pNTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZI
hvcNAQEFBQADgYEAoDgD8mpVPnHUh7RhQziwhp8APC8K3jToZ0Dv4MYXQnzyXziH
QbewJZABCcOKYS0VRB/6zYX/9dIBogA/ieLgLrXESIeOp1SfP3xt+gGXSiJaohyA
/NLsTi/Am8OP211IFLyDLvPqZuqlh/+/GOLcMCeCrMj4RYxWstNxtguGQFc=
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCkTM/8E+JHCjskqMIwgYDrNCBTWZLa+qKkJjZ/rliJomTfVYwK
wv1AHYYU6RHpCxS1qFp3BEKLvQlASuzycSv1FGnNiLmg94fqzzWdmjs1XWosnLqb
Owxx2Ye/1WoakSHia0pItoZkxK7/fllm42+Qujri/ERGga5Cb/TfiP6pUQIDAQAB
AoGANX508WQf9nVUUFlJ8LUZnnr4U2sEr5uPPNbcQ7ImTZm8MiMOV6qo/ikesMw5
8qCS+5p26e1PJWRFENPUVhOW9c07z+nRMyHBQzFnNAFD7TiayjNk1gz1oIXarceR
edNGFDdWCwXh+nJJ6whbQn9ioyTg9aqScrcATmHQxTit0GECQQDR5FmwC7g0eGwZ
VHgSc/bZzo0q3VjNGakrA2zSXWUWrE0ybBm2wJNBYKAeskzWxoc6/gJa8mKEU+Vv
ugGb+J/tAkEAyGSEmWROUf4WX5DLl6nkjShdyv4LAQpByhiwLjmiZL7F4/irY4fo
ct2Ii5uMzwERRvHjJ7yzJJic8gkEca2adQJABxjZj4JV8DBCN3kLtlQFfMfnLhPd
9NFxTusGuvY9fM7GrXXKSMuqLwO9ZkxRHNIJsIz2N20Kt76+e1CmzUdS4QJAVvbQ
WKUgHBMRcI2s3PecuOmQspxG+D+UR3kpVBYs9F2aEZIEBuCfLuIW9Mcfd2I2NjyY
4NDSSYp1adAh/pdhVQJBANDrlnodYDu6A+a4YO9otjd+296/T8JpePI/KNxk7N0A
gm7SAhk379I6hr5NXdBbvTedlb1ULrhWV8lpwZ9HW2k=
-----END RSA PRIVATE KEY-----
</key>
5.) Restart, try connecting to your VPN server(s), or import new VPN server(s) and try it. Verify the VPN is working and check the DNS entries by going to a website like "www.ipleak.net".


Hope this helps ...
Phd21: Mint KDE 17.3 & 18.3, 64-bit Awesome OS, Ancient Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram,256gb SDD, Video: Intel 4 Graphics, DVD Lightscribe. Why I use KDE?:https://opensource.com/life/15/4/9-reasons-to-use-kde

rbsudo
Level 1
Level 1
Posts: 49
Joined: Sat Jul 15, 2017 10:59 am

Re: How to fix dns leaks?

Post by rbsudo » Tue Jun 12, 2018 8:42 am

Lots of good info on this thread. Should it be pinned for ease of future reference?
Linux Mint 18.3 Sylvia.. Cinnamon.. 32-bit and 64-bit
"I learn by going where I have to go," Roethke

User avatar
majpooper
Level 5
Level 5
Posts: 578
Joined: Thu May 09, 2013 1:56 pm
Location: North Carolina, USA

Re: How to fix dns leaks?

Post by majpooper » Tue Jun 12, 2018 12:00 pm

Or just install dnscrypt from the Mint repositories

User avatar
Mintuser998
Level 1
Level 1
Posts: 37
Joined: Thu May 31, 2018 1:57 pm

Re: How to fix dns leaks?

Post by Mintuser998 » Sun Jun 17, 2018 11:02 pm

My gosh. It worked, thank you so much. But what does easy-rsa and unbound do? Also what exactly does this do? I'm not sure if I asked this before, but if I did, I didn't get an answer.

Code: Select all

block-outside-dns
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
down-pre

Post Reply

Return to “Other networking topics”