https://dnsleaktest.com and other sites say no but grc spooftest https://www.grc.com/dns/dns.htm list my isp as well as my vpn when i am connected through vpn. the other sites only list the vpn dns why would this be? even when i use the comodo dns and no vpn it shows my isp dns
You need to be clearer, I'm not sure what you just said. IMHO, online tests for DNS leaks are BS, use Wireshark to capture traffic on the first interface (probably eth0 or wlan0, NOT tun0), if anything is going over port 53, you have a confirmed DNS leak, otherwise chill. If the second VPN is in a VM, run the capture in said VM. One way to eliminate any possibility of any DNS leak on Linux is a simple UFW script, blocking port 53 on the primary interface once the VPN is connected. WebRTC is still a leak problem on Windows, there's extensions to block it and you can disable it in settings (look on the massive thread on this forum for details)
It sounds like your router is configured with your ISP's DMS server(s). Edit the ethernet connection properties, and have it get just an IP address from the router, rather than full DHCP. Then specify Comodo (or whatever) DNS servers. But you need to make sure that the VPN uses its DNS servers when it's up. This is one reason why I recommend using pfSense VMs as VPN gateways.
"Edit the ethernet connection properties, and have it get just an IP address from the router, rather than full DHCP" How do i do this? Obtain an ip automatically is checked. What does not full DHCPmean? DHCP is enabled. Do I disable it?.. Thanks
Unselect "Obtain DNS server address automatically". In the boxes for "Preferred DNS server" and "Alternate DNS server", enter Comodo DNS servers.
Ok thanks. The grc test gives my VPN server when vpn not in use.is it a test of servers that HAVE been used rather than a leak?
No, the GRC test finds all DNS servers that your computer is currently using. The problem is that it doesn't forget about ones that it has used. It's best to use VPN services that provide private DNS servers, that can be reached only through the VPN. I believe that running "ipconfig /release" and "ipconfig /renew" will also delist DNS servers that aren't specified in adapter properties. But my Windows foo is fading
That won't entirely do it, because using the ISP's DNS server through the VPN is also a leak. To be sure, you also need to block that.
That is what i mean. When i use the vpn it is not forgetting the ones it had used. So i am not leaking but grc is remembering my isp servers "Obtain DNS server address automatically" is unselcted. It has use the following 0.0.0.0. What is that? i did ipconfig / release and renew and changed the obtain server automatically to my vpn but still grc lists isp. Must be remembering it Thanks
Sorry. I meant that your computer isn't forgetting. Not that GRC isn't forgetting. Have you tried the ipconfig /release and /renew steps after disconnecting the VPN? That's null aka blank, I think. Add the Comodo DNS servers: 156.154.70.22 and 156.154.71.22 De nada
i now did ipconfig / release and renew after disconnect from vpn and changed to comodo settings you suggested. i reconnect my vpn and go to grc and it still lists my isp? If my computer not forgetting would grc be reading it from my computer? muchas gracias
As I understand it, the GRC test has been reporting your ISP's DNS server after you've connected the VPN. And it's also been reporting your VPN provider's DNS server after you've disconnected the VPN. Is that correct? It seems like your VPN client isn't working properly. Using whatismyipaddress.com or whatever, is your VPN actually connecting? The VPN client is supposed to tell Windows to use its DNS server(s) when it connects, and then tell Windows to use its default DNS server(s) when it disconnects. Given the popularity of Windows, most VPN providers have that sorted. If yours doesn't, try a different VPN service. Also, after you deselect "Obtain DNS server address automatically" and put in the Comodo DNS servers, your ISP's DNS server(s) shouldn't be showing up anywhere. I think, anyway. Maybe you also need to reconfigure your LAN router with the Comodo DNS servers.
I don't know Comodo. Can you specify rules by port number? If so, add rules in both the host and VM to block all traffic on port 53. Add rules in the host to allow port 53 traffic to Comodo's DNS servers on the ethernet adapter, and to allow port 53 traffic to the VPN provider's DNS servers on the VPN adapter. Add rules in the VM to allow port 53 traffic to the VPN provider's DNS servers. That should do it.
you can configure comodo as far as i know i am not sure how. i tried changing to google DNS servers in my router but still show isp at that grc test
OK, get help with Comodo and see what's doable. You don't want IPv6 !!! Disable it wherever you can, wherever there's an option !!!
@mirimir. Thanks for all your help. I sorted out the leak just by turning off pc and turning on again. Must have been holding is dns in memory? Also disabled ipv6 and changed my isp dns to the vpn dns I would be interested if you have time to know why and how unless you understand exacting what's going on,IPv6 will hose privacy What would i need to understand?
Good DNS isn't designed with privacy in mind. Not at all. It's designed to work, so your computer can connect to other computers. Basically, the IPv6 address space is so huge that every device on the Internet has its own unique address. It's rather like combining MAC with IPv4. So let's say that a device has shared its IPv6 address through connecting on the Internet. Now you connect it through a VPN. If the device shares that same IPv6 address, it's revealed its true identity. As IPv6 is implemented, such concerns are being addressed. But if you don't understand IPv6, the safest bet is to disable it.