DNS Leakage.. what to do, what to do?

SaltandSauce

SaltandSauce

SaltandSauce

Associate
Joined
30 May 2012
Posts
146
Alright guys and girls,

Now since my tin foil hat is now placed firmly upon my head, I’ve been awfully concerned with DNS leakage whilst using my VPN. As it stands, I’m currently using a Sky Router that prevents me from changing the DNS settings that Sky has assigned itself to something along the lines of GoogleDNS. Now this is very frustrating to say the least which is the reason I’ve been playing around with a Netgear that I’ve had laying round the house with DD-WRT firmware.

Now what I had considered doing was turning the Sky router into nothing more than a modem (disabling dhcp/wlan) and using the Netgear as a router. My plan is to assign the Netgear static DNS IP addresses and that as my primary access point.

What I’d like to know is whether or not a websites URL will be resolved by either the Sky Modem (since I cannot disable DNS) or the Netgear running two static GoogleDNS IP address. Does anyone know which of the two take priority?

If I can’t get round this, I might end up installing the old Netgear firmware back onto the router and seeing whether I can use that as both a modem/router instead. But I love what additional features DD-WRT offers which is the reason I’d like to stick with it.

Anyway, any help would be appreciated.

**EDIT:** Oh, and one last thing before I forget, if this plan all goes ahead to plan, which of the two should I have DHCP enabled? Does it even make any difference?
 
Last edited:
I appreciate your comments and it really is some good advice Cav but I've already made changed to each of the network adapters that are currently being used and I'm still getting the occasional DNS leakage from time to time.

Now the only real way round this is to do what I mentioned up above but I'm hoping someone more knowledgeable than myself in networking can come up with the goods. In the mean time, I'm going to have a play around and see what I can come up with!
 
Which provider are you using?

A number of 3rd party VPN clients have DNS leak protection built-in.
 
Set your local firewall to block outbound dns lookups unless sent over the VPN interface? Add the vpn host to your local hosts file so the connection can be established. Disable the rules if you don't want to run the VPN all the time.
 
If you're using a VPN, aren't your DNS servers updated when connected and thus no leakage? Open up wireshark and check to see if it's actually a problem of just you being paranoid. If you're getting the odd leak, is it consistant with certian addresses, or just random?
 
KIA said:
Which provider are you using?

A number of 3rd party VPN clients have DNS leak protection built-in.
Click to expand...

As it stands, my ISP is currently Sky and they provided me with a SageMCOM Pack F@ST 2304N modem/router which really is limited on what you can do. That's the simple reason for me making the switch over in the first place.
 
accod said:
Set your local firewall to block outbound dns lookups unless sent over the VPN interface? Add the vpn host to your local hosts file so the connection can be established. Disable the rules if you don't want to run the VPN all the time.
Click to expand...

I'm currently using the default firewall facility that comes with Windows 8. I might need to venture out and get my hands on another product to be able to carry out the process you mentioned above. That certainly sounds like a plan though!

It doesn't really resolve the QoS issues that I'm currently experiencing :(
 
SaltandSauce said:
As it stands, my ISP is currently Sky and they provided me with a SageMCOM Pack F@ST 2304N modem/router which really is limited on what you can do. That's the simple reason for me making the switch over in the first place.
Click to expand...

I believe KIA is asking about your VPN provider and not your ISP as KIA already mentioned some VPN provider has clients with DNS leak protection.
 
Oh right! Thanks for clearing that one up! Well as it stands I'm currently using SlickVPN who I must say have been pretty impressive with regards to their connection speeds. My issue is that I signed up with my credit card which in all honesty completely defeats the purpose.

As we speak, I'm looking into bitcoins as I quite fancy Mullvad. Has anyone got any experience with their service as a whole?
 
SaltandSauce said:
What I’d like to know is whether or not a websites URL will be resolved by either the Sky Modem (since I cannot disable DNS) or the Netgear running two static GoogleDNS IP address. Does anyone know which of the two take priority?
Click to expand...

Depends entirely on where you point your DNS client to. If you point it at the modem, it'll be the modem, if you point it at the router, it'll be the router, if you point it to an external DNS resolver, it'll be that external DNS resolver.

SaltandSauce said:
My issue is that I signed up with my credit card which in all honesty completely defeats the purpose.
Click to expand...

How does that defeat the purpose?

If you are using a VPN to be "untraceable" then you have no hope. If your VPN provider is asked who was using a given IP at a given time they will be able to point the authorities in your direction as your IP & username will be logged whether you used a credit car or not.

If you want to be untraceable you need to be looking more towards TOR or similar.
 
Last edited:
PistolPete said:
How does that defeat the purpose?

If you are using a VPN to be "untraceable" then you have no hope. If your VPN provider is asked who was using a given IP at a given time they will be able to point the authorities in your direction as your IP & username will be logged whether you used a credit car or not.

If you want to be untraceable you need to be looking more towards TOR or similar.
Click to expand...

First and foremost, never trust a VPN provider or anyone else for that matter that chooses not to accept bitcoins as a form of payment! Why you might ask? Well for a number of reasons but one example that springs to mind is your lack of privacy.

With bitcoin as a form of anonymous payment and the fact that several users are connected to the system server at any given time makes it far harder to distinguish who is currently doing what. And for once, I trust a VPN that states that it saves no logs.

Please feel free to contradict my opinion if you seek otherwise.
 
SaltandSauce said:
First and foremost, never trust a VPN provider or anyone else for that matter that chooses not to accept bitcoins as a form of payment! Why you might ask? Well for a number of reasons but one example that springs to mind is your lack of privacy.

With bitcoin as a form of anonymous payment and the fact that several users are connected to the system server at any given time makes it far harder to distinguish who is currently doing what. And for once, I trust a VPN that states that it saves no logs.

Please feel free to contradict my opinion if you seek otherwise.
Click to expand...

Bitcoin isn't really anonymous and it's a pretty new fad that I'm suprised has blown up as big as it is. You'd be better off buying a VPS and setting up your own VPN if you were that paranoid. Even then, at a network level, I assume providers could be doing all sorts of logging and I only expect they do not because it's not economically viable. Being truely anonymous is hard.
 
Well good luck in your search for a VPN provider that completely fulfills your requirements and don't forget about my comments re DNS client.
 
You must log in or register to reply here.
Back
Top Bottom