How do I prevent DNS leaks on Mozilla Firefox?

JoeAverage · Nov 10, 2013

Palancar said:

I tried to resist posting on this thread but as you see I failed. I agree with many of the posts on this thread. I have been reading around/posting here for awhile now and one thing I see constantly:

Please do yourselves a favor and learn to keep your own system safe and locked down. It is a MISTAKE to trust a "tick box" on some VPN client software and assume that little tick makes you now bullet proof. Take a little time and learn how to close down your system. Its the best time you will spend learning stuff. If this is perceived as a "soapbox rant" than I apologize, but I am fearful of those "Hey I am safe because my little VPN client says I am" posts.
Click to expand...

Don`t need to apologize Palancar, you are right. The problem is that, sometimes, noobs like me learn more making mistakes than listening to the advices of the more experienced ones.

OuterLimits · Nov 11, 2013

I'm surprised no one, yet, has come out with an application that uses DNSSEC to validate queries but is sent and received through SSL.

You can't be spoofed with DNSSEC and SSL keeps it private. DNS Curve or as OpenDNS called it DNSCrypt was an encryption scheme but they couldn't validate with a key because they redirect themselves at least that's my understanding anyway.

RollingThunder · Nov 22, 2013

Palancar:

This brings an interesting question. I run DNScrypt for both my Tapi and Nic. DNScrypt encrypts DNS from the adapter back to OpenDNS servers. Aside from trust issues with OpenDNS I suspect DNScrypt plugs the Windows based DNS leaks. What is your opinion on that? Yes, I have gone about 5-6 of the DNS leak test sites.

Palancar said:

In addition to observing dns leaktest's site. I would recommend going over to the AirVpn forums (you don't need to be an Air customer) and reading their headline threads about firewall rules to totally block dns leaks. The absolute and real culprit is the windows operating system. You can pretty much lock it down from these leaks if you write the correct global firewall rules.
Click to expand...

luciddream · Dec 2, 2013

Gitmo East said:

Comodo "hardwires" it's own DNS into it's browsers, there's scope for an add on/extension/tweak that will enable a user defined DNS to be set within the browser.
The dare I say fail-safe method is to set the DNS within the router.
Click to expand...

The DNS addresses you set in your Network Connections > TCP/IP will override what you have in your router. So setting them in your router is kind of a extra measure more than a fail-safe.

If you chose to use Comodo Secure DNS when you install the product it will set it's DNS servers in your Network Connections, but you can change it later.

Back to the OP... the best way to prevent DNS leaks is always with firewall rules IMO. Make it so that if your internet facing apps aren't using your VPN's address/range, they won't connect at all. And do the same with svchost, OpenVPN or whatever. This way it quite simply goes through your VPN or it doesn't work period. I trust this over any tool.

Like after making a tight (allow) ruleset for those things mentioned above, like a precise source address range your VPN uses (create a zone for it if you can), and exact DNS server addresses... below them create strong Block All rules. I'm talking Block all IP In/Out. This way anything else other than what your VPN is implicitly trusted to do is flat out blocked... no exceptions. If your VPN goes down your entire internet connection goes down with the ship too, like a good Captain.

Log in or Sign up

How do I prevent DNS leaks on Mozilla Firefox?

JoeAverage Registered Member

OuterLimits Registered Member

RollingThunder Registered Member

luciddream Registered Member

Log in or Sign up

How do I prevent DNS leaks on Mozilla Firefox?

JoeAverage Registered Member

OuterLimits Registered Member

RollingThunder Registered Member

luciddream Registered Member

Useful Searches