have i dns leak?

Discussion in 'privacy technology' started by david banner, May 13, 2015.

  1. david banner

    david banner Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    576
    https://dnsleaktest.com and other sites say no but grc spooftest

    https://www.grc.com/dns/dns.htm

    list my isp as well as my vpn when i am connected through vpn. the other sites only list the vpn dns

    why would this be?

    even when i use the comodo dns and no vpn it shows my isp dns
     
    Last edited: May 13, 2015
  2. krustytheclown2

    krustytheclown2 Registered Member

    Joined:
    Nov 18, 2014
    Posts:
    210
    You need to be clearer, I'm not sure what you just said. IMHO, online tests for DNS leaks are BS, use Wireshark to capture traffic on the first interface (probably eth0 or wlan0, NOT tun0), if anything is going over port 53, you have a confirmed DNS leak, otherwise chill. If the second VPN is in a VM, run the capture in said VM. One way to eliminate any possibility of any DNS leak on Linux is a simple UFW script, blocking port 53 on the primary interface once the VPN is connected.

    WebRTC is still a leak problem on Windows, there's extensions to block it and you can disable it in settings (look on the massive thread on this forum for details)
     
  3. david banner

    david banner Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    576
    Thanks. i don't have WebRTC . media.peer.access disabled. Will check out wireshark
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    It sounds like your router is configured with your ISP's DMS server(s). Edit the ethernet connection properties, and have it get just an IP address from the router, rather than full DHCP. Then specify Comodo (or whatever) DNS servers. But you need to make sure that the VPN uses its DNS servers when it's up.

    This is one reason why I recommend using pfSense VMs as VPN gateways.
     
  5. david banner

    david banner Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    576
    "Edit the ethernet connection properties, and have it get just an IP address from the router, rather than full DHCP" How do i do this? Obtain an ip automatically is checked. What does not full DHCPmean? DHCP is enabled. Do I disable it?.. Thanks
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Unselect "Obtain DNS server address automatically". In the boxes for "Preferred DNS server" and "Alternate DNS server", enter Comodo DNS servers.
     
  7. david banner

    david banner Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    576
    Ok thanks. The grc test gives my VPN server when vpn not in use.is it a test of servers that HAVE been used rather than a leak?
     
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    No, the GRC test finds all DNS servers that your computer is currently using. The problem is that it doesn't forget about ones that it has used. It's best to use VPN services that provide private DNS servers, that can be reached only through the VPN. I believe that running "ipconfig /release" and "ipconfig /renew" will also delist DNS servers that aren't specified in adapter properties. But my Windows foo is fading :(
     
  9. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    That won't entirely do it, because using the ISP's DNS server through the VPN is also a leak. To be sure, you also need to block that.
     
  10. david banner

    david banner Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    576
    That is what i mean. When i use the vpn it is not forgetting the ones it had used. So i am not leaking but grc is remembering my isp servers

    "Obtain DNS server address automatically" is unselcted. It has use the following 0.0.0.0. What is that?

    i did ipconfig / release and renew and changed the obtain server automatically to my vpn but still grc lists isp. Must be remembering it

    Thanks
     
    Last edited: May 14, 2015
  11. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Sorry. I meant that your computer isn't forgetting. Not that GRC isn't forgetting.

    Have you tried the ipconfig /release and /renew steps after disconnecting the VPN?
    That's null aka blank, I think. Add the Comodo DNS servers: 156.154.70.22 and 156.154.71.22
    De nada :)
     
  12. david banner

    david banner Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    576
    i now did ipconfig / release and renew after disconnect from vpn and changed to comodo settings you suggested. i reconnect my vpn and go to grc and it still lists my isp? If my computer not forgetting would grc be reading it from my computer?


    muchas gracias
     
    Last edited: May 14, 2015
  13. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    As I understand it, the GRC test has been reporting your ISP's DNS server after you've connected the VPN. And it's also been reporting your VPN provider's DNS server after you've disconnected the VPN. Is that correct?

    It seems like your VPN client isn't working properly. Using whatismyipaddress.com or whatever, is your VPN actually connecting? The VPN client is supposed to tell Windows to use its DNS server(s) when it connects, and then tell Windows to use its default DNS server(s) when it disconnects. Given the popularity of Windows, most VPN providers have that sorted. If yours doesn't, try a different VPN service.

    Also, after you deselect "Obtain DNS server address automatically" and put in the Comodo DNS servers, your ISP's DNS server(s) shouldn't be showing up anywhere. I think, anyway. Maybe you also need to reconfigure your LAN router with the Comodo DNS servers.
     
  14. david banner

    david banner Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    576
    yes whatismyipaddress.com shows the vpn ip in a different country to me
     
  15. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    I don't know Comodo. Can you specify rules by port number? If so, add rules in both the host and VM to block all traffic on port 53. Add rules in the host to allow port 53 traffic to Comodo's DNS servers on the ethernet adapter, and to allow port 53 traffic to the VPN provider's DNS servers on the VPN adapter. Add rules in the VM to allow port 53 traffic to the VPN provider's DNS servers. That should do it.
     
  16. david banner

    david banner Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    576
    router.jpg
    you can configure comodo as far as i know i am not sure how. i tried changing to google DNS servers in my router but still show isp at that grc test
     
    Last edited: May 15, 2015
  17. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    OK, get help with Comodo and see what's doable.

    You don't want IPv6 !!! Disable it wherever you can, wherever there's an option !!!
     
  18. david banner

    david banner Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    576
    why is this?
     
  19. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Because, unless you understand exacting what's going on, IPv6 will hose privacy.
     
  20. david banner

    david banner Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    576
    @mirimir. Thanks for all your help. I sorted out the leak just by turning off pc and turning on again. Must have been holding is dns in memory? Also disabled ipv6 and changed my isp dns to the vpn dns

    I would be interested if you have time to know why and how unless you understand exacting what's going on,IPv6 will hose privacy
    What would i need to understand?
     
  21. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Good :) DNS isn't designed with privacy in mind. Not at all. It's designed to work, so your computer can connect to other computers.
    Basically, the IPv6 address space is so huge that every device on the Internet has its own unique address. It's rather like combining MAC with IPv4. So let's say that a device has shared its IPv6 address through connecting on the Internet. Now you connect it through a VPN. If the device shares that same IPv6 address, it's revealed its true identity. As IPv6 is implemented, such concerns are being addressed. But if you don't understand IPv6, the safest bet is to disable it.
     
    Last edited: May 16, 2015
  22. david banner

    david banner Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    576
    Ok I did disable it. Thanks
     
Loading...