Mullvad Failed DNS Leak Test

Discussion in 'privacy technology' started by wisegun, Mar 6, 2012.

Thread Status:
Not open for further replies.
  1. wisegun

    wisegun Registered Member

    Joined:
    Mar 6, 2012
    Posts:
    4
    Location:
    Netherlands
    Hi. I'm using mullvad vpn (paid) and the results of the dns leak test disappointed me. Both my mullvad and my ISP servers were listed. Is this problem caused by my pc settings or mullvad? And can i fix it? Thanks
     
  2. CasperFace

    CasperFace Registered Member

    Joined:
    Jul 31, 2010
    Posts:
    200
    If you're using the default "Obtain DNS server address automatically" setting in your virtual network adapter, then the problem is on your end, not Mullvad's. To prevent leaks, you should hard-code the DNS address instead. Go into your VPN's TAP Adapter settings > Internet Protocol (TCP/IP) > Properties, and set the desired Primary & Secondary DNS addresses manually.
     
  3. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    I'm on them right now. I don't have any DNS servers specified in the TAP adapter. The only thing I have checked is the Comodo Firewall Driver and IPv4, everything else is deselected. Going to DNS Leak Test.com, I get:

    Going to OARC I get:

    ...with only that IP listed.

    Must be something with your setupo_O

    PD
     
  4. wisegun

    wisegun Registered Member

    Joined:
    Mar 6, 2012
    Posts:
    4
    Location:
    Netherlands
    Ok so when I changed the dns of both my own wireless adapter and the vpn to comodo secure dns, the leak test listed a couple IPs named no-dns-yet.ccanet.co.uk and my ISP was not listed. When i changed only my own wireless adapter -not the vpn-, the leak test listed mullvad, again my ISP wasn't listed. Which one should I go with?
     
  5. CasperFace

    CasperFace Registered Member

    Joined:
    Jul 31, 2010
    Posts:
    200
    That's up to you... you can set the DNS addresses in both adapters, if you want. Better yet, do some DNS benchmark testing (including Mullvad's DNS) to find out which ones gives you the best balance of speed/quality, and set 2 different pairs: one for your VPN and one for your ISP.
     
  6. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    its happening cause you most likely got your ip set to auto optain , set your internet connection adapter's ip to a static aka manually enter one under ipv4 and it shouldnt leak your dns anymore and it wont let you select autoset dns anymore itll just be an empty space ;)

    p.s: i dont see a problem with your vpns dns "leaking" as long as theres nothing about your real isp in the dns leak tests then you should be ok , no need to play around with your tap adapter or router , so same as paulydefran ;)
     
    Last edited: Mar 7, 2012
  7. marktor

    marktor Registered Member

    Joined:
    Dec 4, 2011
    Posts:
    143
  8. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    or just manually enter an ip? lols ;)
     
  9. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Are you using Mullvad's client, or OpenVPN proper (the client is OpenVPN too)?

    I use the client and in the status, for DNS, I get:

    Configuration for interface "TAP Adapter"
    DNS servers configured through DHCP: 10.8.0.1
    Register with which suffix: Primary only

    Which I think means that the Mullvad client assumes DNS duty and sends it through the tunnel to a Mullvad server.

    PD
     
  10. marktor

    marktor Registered Member

    Joined:
    Dec 4, 2011
    Posts:
    143
    True that is what this tool does that I posted. It just automates the process and makes it quicker ;)
     
  11. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    i see lols
     
  12. wisegun

    wisegun Registered Member

    Joined:
    Mar 6, 2012
    Posts:
    4
    Location:
    Netherlands
    Ok I tested my dns from dns-oarc.net and dnsleaktest.com and both listed only mullvad which is good news right? As happyyarou666 said I think I'm safe as long as my ISP isn't listed. Thank you all for helping me out.
     
  13. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    If I am connected to a VPN, will this choose my VPN providers DNS specifically? Or does this fix choose something else?
     
  14. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    I have the same problem, it picks up the opendns ip. Any solutions for linux(ubuntu).

    EDIT: Ok I fixed it by disabling to feature to bypass swedish traffic. Now nothing shows up.
     
    Last edited: Mar 21, 2012
  15. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Mullvad recommends NOT enabling that option unless you are in Sweden, BTW.

    PD
     
  16. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
  17. especiallyespresso

    especiallyespresso Registered Member

    Joined:
    Mar 23, 2012
    Posts:
    2
    I wish I found you guys earlier. I was using ivpn.net and loved them, until I performed a leak test, actually several leak tests and I found my connection leaking. I followed Sam from ivpn advice and I downloaded dnsleaktest.com fix. It worked, however If I closed the vpn connection and tried to use my ISP I could not connect. I leave my computer on and after a while it goes to sleep. When I wake it up and and try to connect to any server I get a string of commands telling me it cannot connect. The only way I can get it to work is if I go into network settings and manage network connections. There my TAP-32 adapter has a red X on it. When I go into the properties of my wireless connection I need to select "obtain IP address automatically and obtain dns server automatically. Then I can open and log into ivpn. I can then connect to all servers. Now when I look into network connections the TAP-32 adapter is clear and my IP v4 properties have changed to

    Use the following IP address 192.168.100.110
    subnet mask 255.255.255.0

    Each time I tried to access the Internet, either through ivpn connections or my own connection, I would have to make changes first in my wireless adapter. Is there a permanet fix around this issue??
     
  18. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,025
    In Windows, your best bet is using a firewall. There are also better ways to toggle your networking settings. There's lots about that on Wilders.
     
  19. firefox2008

    firefox2008 Registered Member

    Joined:
    May 17, 2007
    Posts:
    125
    If people are still concerned with this then here is the solution.


    You are seeing your ISP's dns address because it is still in the cache. You need to flush the cache so only Mullvads address shows up. Mullvads DNS address: 95.211.10.3

    Go to a command prompt and type this in:

    ipconfig /flushdns
     
  20. popcorn

    popcorn Registered Member

    Joined:
    Apr 3, 2012
    Posts:
    239
    Hi
    I have started using openDNScrypt and when I check for leaks at http://www.dnsleaktest.com/ I see this...
    IP: 208.69.**.**
    Hostname: m3.ams.opendns.com
    ISP: OpenDNS, LLC
    Country: Netherlands
    Im not using Mullvad but a similar open VPN client (Anonine) I also have run dnsfixsetup.exe and still get the same results.
    Prior to using openDNScrypt I had my DNS pointed at the privacy foundations servers which never showed up on any leak test.
    Am I correct in thinking that DNS requests are encrypted thru open VPN anyway and openDNScrypt is possibly overkill ?
    Apologies in advance for any misunderstanding :rolleyes:
    EDIT-also flushed DNS cache using cmd prompt and ipconfig /flushdns.
     
  21. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    I don't know how this problem can still persist if you flush your DNS cache on connect? By doing so there should be no DNS addy's listed in your ISP's connection properties. And then enter your VPN's DNS addy's manually (something other than the ones your ISP assigns you). It seems inconceivable that this problem could still persist if you do this?

    Also make some firewall rules to harden against DNS leaks, and in the event your VPN connection drops it drops your internet connection altogether. This can be achieved with some svchost.exe rules & tweaking of app rules. There was a good thread (or 3) about this awhile back but I don't know where they are now. I haven't been here in over a year. Casper schooled me really good on it and it was very helpful. Much more reliable than relying on functionality built into a client to do it, or 3'rd party software... and more trustworthy as well.
     
    Last edited: Jun 18, 2012
  22. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    You are correct if your OpenVPN provider 'Pushes' DHCP/DNS instructions to your client. It should, but check the log.

    PD
     
  23. popcorn

    popcorn Registered Member

    Joined:
    Apr 3, 2012
    Posts:
    239
    Hi
    ok thanx for response guys,
    I continued to see openDNS on the leak test site which didn't fill me with confidence, after looking at my VPN log I saw that my DNS had been changed obviously as I was using DNScrypt. I then had a closer look using wireshark, during both instances there was no record of DNS as all traffic was wrapped in UDP which I was happy to see, this left me with the question....how well do i trust openDNS ??
    Needless to say I'm back to using privacy foundations DNS.
    Apologies again for taking this thread (slightly) off track and for (possibly :rolleyes:) trampling over old ground,
    Thanx again.
     
Loading...
Thread Status:
Not open for further replies.