How to resolve DNS leaks

www.DNSLeakTest.com is back up.   During its downtime though users were left wondering if they are leaking.   If you are unsure (and in the case of future downtime) you should assume are you and follow their procedure:

How can I fix a DNS leak?

The solution is to ensure that once connected to the anonymity network, you are using ONLY the DNS server/s provided by the anonymity service. As this problem affects predominantly windows clients, only solutions for Windows appear here.

3 basic steps to fix the problem;

  1. Before connecting to the VPN, set static IP address properties if you are using DHCP
  2. After connecting, remove DNS settings for the primary interface
  3. After disconnecting, switch back to DHCP if neccessary or reapply original static DNS servers

Solution A – Automatic

If you are using OpenVPN on Windows XP/Vista/7 then a fully automated solution is available.

Download dnsfixsetup.exe - (md5 checksum: f212a015a890bd2dae67bc8f8aa8bfd9)   [mirror]

After installation, when you connect to a VPN server, a batch file will be run executing the 3 steps above.

Three scripts are generated for each OpenVPN configuration file;

  1. configfilename_pre.bat - executed when you initiate the connection but before the connection is established – Calls pre.vbs – If any active DHCP adapters exist, switch to static
  2. configfilename_up.bat - executed when the connection is established – Calls up.vbs – Clear the DNS servers for all active adapter except the TAP32 adapter
  3. configfilename_down.bat - executed after the connection is disconnected – Calls down.vbs – Reconfigure adapters back to their original configuration

Solution B – Manually clearing the DNS

The solution below does not switch the adapter to static if you are using DHCP. If you do not switch to a static IP configuration and your computer renews its IP address whilst connected to the VPN, the DNS settings may be overwritten. It is highly recommended to switch to a static IP configuration.

    1. Open the command prompt (cmd.exe) as an administrator.
    2. Before connecting identify the name of the connected network interface. In the case below it is “Local Area Connection”
      netsh interface show interface

    3. Connect to the VPN. Once connected proceed to the next step.
    4. Flush the DNS resolver cache
      ipconfig /flushdns
    5. Disable the DNS configuration for the Interface identified in step 1
netsh interface IPv4 set dnsserver "Local Area Connection" static 0.0.0.0 both
  1. Test for DNS leaks.
  2. After disconnecting, reconfigure the adapter to renew the previous DNS settings
    netsh interface IPv4 set dnsserver "Local Area Connection" dhcp
  3. Once again, flush the DNS resolver cache.
    ipconfig /flushdns
  4. Done.

 

What is a DNS Leak?   I’ve mentioned it before, but once again www.DNSLeakTest.com says it best:

What is a DNS leak and why should I care?

When using an anonymity or privacy service, it is extremely important that all traffic originating from your computer is routed through the anonymity network. If any traffic leaks outside of the secure connection to the network, any adversary monitoring your traffic will be able to log your activity.

DNS or the domain name system is used to translate domain names such as www.privacyinternational.org into numerical IP addresses e.g. 123.123.123.123 which are required to route packets of data on the Internet. Whenever your computer needs to contact a server on the Internet, such as when you enter a URL into your browser, your computer contacts a DNS server and requests the IP address. Most Internet service providers assign their customers a DNS server which they control and use for logging and recording your Internet activities.

Under certain conditions, even when connected to the anonymity network, the operating system will continue to use its default DNS servers instead of the anonymous DNS servers assigned to your computer by the anonymity network. DNS leaks are a major privacy threat since the anonymity network may be providing a false sense of security while private data is leaking.

If you are concerned about DNS leaks, you should also understand transparent DNS proxy technology to ensure that the solution you choose will stop the dns leak.

 

I hope this article will act as a mirror in case of any future downtime.   We all owe  Jeremy Campbel big time for putting such as easy to use, but powerful tool together for us.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Home Tech Tips How to resolve DNS leaks