Checking for DNS leaks

Discussion in 'privacy problems' started by Kid Shamrock, May 19, 2016.

  1. Kid Shamrock

    Kid Shamrock Registered Member

    Joined:
    Apr 3, 2007
    Posts:
    207
    I just started using a VPN and have a question on checking for DNS leaks. I've gone to dnsleaktest.com and run the test. I know if your ISPs servers show up that you have a leak. But what if the ISP is not there but you have several servers listed under Google? Is that a leak or is it ok? Is it preferable to have only one server listed from a location/country other than your real one? :doubt:
     
  2. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    731
    Got a screenshot?
     
  3. Kid Shamrock

    Kid Shamrock Registered Member

    Joined:
    Apr 3, 2007
    Posts:
    207
    Here you go. I'm actually connected to a VPN server in Bulgaria. The test shows several Google DNS servers in Finland. Would these results be considered a DNS leak?

    upload_2016-5-19_21-32-52.png
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,025
    High-end VPN services run their own DNS servers, often with non-public IPv4 addresses in the VPN tunnel subnet. Others use various public DNS servers, such as Google. Some let you specify what DNS servers to use. The clueless ones just let you use your default DNS servers, which are often the ones assigned by your ISP.
     
  5. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    731
    @Kid Shamrock - At first glance (not much of a glance can be made, it is a screenshot!), I doubt you are experiencing a DNS Leak. However, it looks like your VPN makes use of Google Public DNS addresses. I wouldn't call that a DNS Leak in its traditional definition... but still, it's a series of Google DNS servers. You might want to ask your VPN if they run their own DNS servers or make use of public DNS servers. Lets hope the monthly/yearly fee isn't too expensive; you shouldn't be paying for a VPN if it uses public DNS.

    @mirimir - Have you had much exposure to the "block-outside-dns" feature of OpenVPN?
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,025


    No. I'd never heard of it. But now I see that it's a Windows-specific patch for OpenVPN:
    https://sourceforge.net/p/openvpn/mailman/message/34620249/
    Have you used it? I wonder whether VPN providers include that in their Windows clients.
     
  7. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    731
    From what I have come across so far, it's to "improve" (laughs) on a flaw found in Windows 8 through to 10... relating specifically to how these Windows releases handle DNS resolving. For the most-part, W7 isn't included in the discussion. However, I have noticed some VPN providers offering this patch on client-side (eg: typing it into custom configs), or server-side (eg: every node you connect to has the patch activated). Just thought I'd ask the VPN Guru a question is all... :)

    Damn Linux, immune from most bullcrap out there!
     
  8. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,508
    Location:
    Slovakia
    Try to use a different browser for testing, since you are using Chrome and you are probably logged into your Google account. Mine for comparison.
     

    Attached Files:

  9. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,025
    Damn. It just keeps getting worse :eek: Windows knows best, kids ;)
    Interesting. Good to know.
    ;)
    Well, that's going a bit far. Network Manager is pretty bad. It often just falls over and dies if the uplink flaps, leaving you wide open, with direct connectivity :eek: It's pretty much OK if you have iptables locked down, however.
     
  10. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    731
    I knew I forgot to mention "try something else apart from Chrome!" :cautious:
     
  11. Kid Shamrock

    Kid Shamrock Registered Member

    Joined:
    Apr 3, 2007
    Posts:
    207
    I tried Cyberfox and Edge and got the same results as I did using Chrome, so it's not browser related. I guess there's no leak, but I question how anonymous it would be with Google involved. Pretty sure they log everything...
     
Loading...