Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

How do I stop DNS LEAKS in Ubuntu with wicd as the network manager?

584 views
Skip to first unread message

JJ

unread,
Dec 30, 2015, 2:57:26 PM12/30/15
to
How do I stop DNS LEAKS in Ubuntu 14.04 with wicd as the network manager?

I definitely have a DNS leak because I changed my DNS servers in
my home wireless broadband router, and I ran three tests from
both https://www.dnsleaktest.com & from https://ipleak.net

SETUP: Router primary DNS = 195.46.39.39 secondary = 195.46.39.40
TEST1: No VPN My DNS Server showed up as 195.46.39.29
TEST2: On VPN My DNS Server showed up as 195.46.39.29
SWITCH: Router primary DNS = 209.244.0.3 secondary = 209.244.0.4
TEST3: No VPN My DNS Server showed up as 209.244.0.13
TEST4: On VPN My DNS Server showed up as 209.244.0.13

Where in Linux do I even start to fix this DNS leak?

JJ

unread,
Dec 30, 2015, 10:11:21 PM12/30/15
to
> Where in Linux do I even start to fix this DNS leak?

I've been searching for hours, and I can only find a Windows solution.
https://www.dnsleaktest.com/how-to-fix-a-dns-leak.html

I found a Linux suggestion to modify the conf file for
"network manager" but I'm using Wicd (Ubuntu 14.04 with KDE 4).

I don't think wicd uses the "/etc/NetworkManager/NetworkManager.conf"
file (do you?).

Even so, I tried changing that network manager conf file to
move the cache from the local machine to the router, but,
the change didn't do anything.

I used to use "network manager" but it was terrible compared
to wicd so I deleted network manager long ago, but the conf file
is still there:

$ cat /etc/NetworkManager/NetworkManager.conf
[main]
plugins=ifupdown,keyfile,ofono
dns=dnsmasq

[ifupdown]
managed=false

The confusing suggestion I found on the web was to comment
out the "dnsmasq" line and then to restart the service, so,
I did that (even though I don't use the network manager).

$ sudo service network-manager restart
network-manager stop/waiting
network-manager start/running

It seems the DIG command is deferring to the router for its
DNS server definition, whether or not I modify the network
manager conf file (so that may be a red herring).
$ dig redhat.com | grep SERVER
;; SERVER: 192.168.1.1#53(192.168.1.1)

Since it didn't make any difference when I went to the
https://ipleak.net or https://www.dnsleaktest.com
dns leak test sites, I'm still at a loss as to how to
fix this DNS leak in Linux.

On or off VPN, my DNS is still leaking.
Do you have an Linux tools suggestions to debug?

Marek Novotny

unread,
Dec 30, 2015, 10:21:29 PM12/30/15
to
On 2015-12-31, JJ <jj4p...@vfemail.net> wrote:
>> Where in Linux do I even start to fix this DNS leak?

> $ cat /etc/NetworkManager/NetworkManager.conf
> [main]
> plugins=ifupdown,keyfile,ofono
> dns=dnsmasq

comment out the dns=dnsmasq

> It seems the DIG command is deferring to the router for its
> DNS server definition, whether or not I modify the network
> manager conf file (so that may be a red herring).
> $ dig redhat.com | grep SERVER
> ;; SERVER: 192.168.1.1#53(192.168.1.1)

Is your host adapter set to dhcp? If yes, is your dhcp source the
router, which is on 192.168.1.1?

Once the dns masq has been commented out, restart the network manager
and then try the dig command again:

$ dig www.redhat.com | grep -i server

--
Marek Novotny
https://github.com/marek-novotny

JJ

unread,
Dec 30, 2015, 10:43:26 PM12/30/15
to
Marek Novotny <marek....@marspolar.com> wrote in message
AoWdndqnEb2qAhnL...@giganews.com

> comment out the dns=dnsmasq

Yes. I already did that. And rebooted. Earlier today.
But commenting out the dns line made no difference.
That's probably because I'm not using "network manager".

The "/etc/NetworkManager/NetworkManager.conf" file is
almost certainly a non-functional leftover vestige of the
original Ubuntu setup before I used apt-get to purge
network manager about six months ago in favor of the much
more stable Wicd.

Since I don't have network manager, these instructions
for stopping Network Manager DNS leaks I found on the
web wouldn't work because the network manager doesn't exist:
https://www.opennicproject.org/configure-your-dns/how-to-set-up-dns-servers-in-ubuntu-linux/

However, those instructions gave me the idea to find where
in WiCD they store similar settings.
https://imgur.com/8VaMdME

In WiCd:
a. Right-click on the Wicd icon in the panel
b. Wicd configuration > General settings > [ ]Use Global DNS Servers

The question now is WHAT to put in those WiCD settings?
https://imgur.com/8VaMdME

Marek Novotny

unread,
Dec 30, 2015, 10:59:55 PM12/30/15
to
On 2015-12-31, JJ <jj4p...@vfemail.net> wrote:
Okay, I see. I don't have experience with this, but we can at least test
that these settings are or are not being used. We can do that much with
the dig command.

Check the [] use global DNS servers.

DNS Server 1 - 8.8.8.8
DNS Server 2 - 8.8.4.4

Apply that.

Then use dig to see the reply again.

$ dig www.redhat.com | grep -i server

You should see 8.8.8.8 or 8.8.4.4 in the server instead of 192.168.1.1

Try that and report back.

JJ

unread,
Dec 30, 2015, 11:02:19 PM12/30/15
to
> Is your host adapter set to dhcp? If yes, is your dhcp source the
> router, which is on 192.168.1.1?

I don't know how to tell but I certainly know my router (which is
IP address 192.168.1.1) is definitely set to hand out DHCP internal
192.168.1.x addresses to almost all devices (except the printer),
and I have been on that router for two years so I know that the
Ubuntu laptop gets different IP addresses all the time as evidenced
by an ifconfig command and looking at the IP address for wlan0.

> Once the dns masq has been commented out, restart the network manager
> and then try the dig command again:
> $ dig www.redhat.com | grep -i server

That won't work because I'm not using network manager.
I'm using wicd.

But wicd has its own directory in /etc/ where I can see these files.
$ ls -l /etc/wicd
total 28
-rw-r--r-- 1 root root 927 Oct 9 2014 dhclient.conf.template
-rw-r--r-- 1 root root 927 Sep 18 2011 dhclient.conf.template.default
drwxr-xr-x 3 root root 4096 Dec 24 2013 encryption
-rw------- 1 root root 482 Dec 30 13:24 manager-settings.conf
drwxr-xr-x 6 root root 4096 Aug 23 21:46 scripts
-rw------- 1 root root 322 Dec 30 13:24 wired-settings.conf
-rw------- 1 root root 2283 Dec 30 13:25 wireless-settings.conf

It seems the December 30 files are merely text outputs of the
current settings and values for a variety of things.

I'm never wired, so, the only two files that may matter are:
- manager-settings.conf
- wireless-settings.conf

I can easily see that the "manager-settings.conf" is merely a text
output of the right click Wicd configuration form:
https://imgur.com/8VaMdME

$ sudo cat /etc/wicd/manager-settings.conf
[Settings]
backend = external
wireless_interface = wlan0
wired_interface = eth0
wpa_driver = wext
always_show_wired_interface = False
use_global_dns = False
global_dns_1 = None
global_dns_2 = None
global_dns_3 = None
global_dns_dom = None
global_search_dom = None
auto_reconnect = True
debug_mode = 0
wired_connect_mode = 1
signal_display_type = 1
should_verify_ap = 1
dhcp_client = 0
link_detect_tool = 0
flush_tool = 0
sudo_app = 0
prefer_wired = False
show_never_connect = True

The /etc/wicd/wireless-settings.conf is too long to post, but,
it seems to just be a log file of all WiFi connections made
in the past month or two (I see old public library & Starbucks
connections listed in that file, for example).

The thing is that I need to somehow tell Linux to get the DNS
server from the VPN provider. That's what I don't know how to
do.

How do I tell Linux to get the DNS server from the VPN provider?

JJ

unread,
Dec 30, 2015, 11:34:22 PM12/30/15
to
Marek Novotny <marek....@marspolar.com> wrote in message
qOWdnbGzv4ukNRnL...@giganews.com

> Check the [] use global DNS servers.
> DNS Server 1 - 8.8.8.8
> DNS Server 2 - 8.8.4.4
> Apply that.
> Then use dig to see the reply again.
> $ dig www.redhat.com | grep -i server
> You should see 8.8.8.8 or 8.8.4.4 in the server instead of 192.168.1.1
> Try that and report back.

1. I set the wifi router at 192.168.1.1 to use the following DNS servers:
primary = 8.20.247.20 (Comodo Secure DNS Public DNS Server 1)
secondary = 8.26.56.26 (Comodo Secure DNS Public DNS Server 2)
https://i.imgur.com/oAN6Ot6.gif

2. I left wicd at the default as shown in this screenshot below:
https://imgur.com/8VaMdME

3. On VPN or off VPN, I ran the DIG command on Ubuntu, as suggested:
$ dig www.redhat.com | grep -i server
;; SERVER: 192.168.1.1#53(192.168.1.1)

4. I then changed wicd graphical setup to use the following DNS servers:
primary = 8.8.8.8 (Google Public DNS Server 1)
secondary = 8.8.4.4 (Google Public DNS Server 2)
https://i.imgur.com/gyEj6Mo.gif

5. That made no difference in the dig command result on or off VPN:
$ dig www.redhat.com | grep -i server
;; SERVER: 192.168.1.1#53(192.168.1.1)

6. I'm not sure which result I want to see in order to ensure that
the DNS server is the one set by the VPN provider and not the
DNS server set up in the router, or in wicd's graphical interface.

I think if the Ubuntu laptop were caching the DNS servers,
the dig would have resulted in a 127.0.0.1, like this:
SERVER: 127.0.1.1#53(127.0.1.1)

7. So, I guess I need to understand which is the correct output
from the dig command that I am aiming for and what each means?
;; SERVER: 192.168.1.1#53(192.168.1.1) [Use the router as dns cache?]
;; SERVER: 127.0.1.1#53(127.0.1.1) [Use Ubuntu as the dns cache?]

8. BTW, notice the image in step 1 (https://i.imgur.com/oAN6Ot6.gif).
I do NOT want to check "Get Automatically from ISP", but I will test
that next, just to see if it gets the DNS from the VPN provider.

Marek Novotny

unread,
Dec 30, 2015, 11:43:15 PM12/30/15
to
On 2015-12-31, JJ <jj4p...@vfemail.net> wrote:
192.168.1.1 means the router got the address.
127.0.1.1 means the host got the address.

You have both correct.

> 8. BTW, notice the image in step 1 (https://i.imgur.com/oAN6Ot6.gif).
> I do NOT want to check "Get Automatically from ISP", but I will test
> that next, just to see if it gets the DNS from the VPN provider.

The settings you applied should have over wrote this. Since I am not
familiar with the service you're using try a reboot to insure the
service has indeed restarted. Or if you know the service, just restart
it. Then try the dig command once more. And if it still fails, then that
config file is being ignored.

Bit Twister

unread,
Dec 30, 2015, 11:55:15 PM12/30/15
to
On Thu, 31 Dec 2015 04:02:18 +0000 (UTC), JJ wrote:
> Marek Novotny <marek....@marspolar.com> wrote in message

>> Once the dns masq has been commented out, restart the network manager
>> and then try the dig command again:
>> $ dig www.redhat.com | grep -i server
>
> That won't work because I'm not using network manager.
> I'm using wicd.

Well, make the change, tell wicd to restart the network and run the dig command.

When someone is trying to help you with your problem the least you can
do is make the requested change and provide the requested information.

You may be absolutely correct about your setup but the person helping
you wants to rule out possibilities that something you _think_ is not
part of the problem.

JJ

unread,
Dec 31, 2015, 12:35:27 AM12/31/15
to
Bit Twister <BitTw...@mouse-potato.com> wrote in message
slrnn89d9i.8...@wb.home.test

> Well, make the change, tell wicd to restart the network and run the dig command.

Thank you for that advice which I agree with and understand.
Your reply came probably before I had finished the detailed documentation of
what happened when I made the change and tested it.

It takes a LOT of time to document the changes step by step,
which is what I did, so, you see it in a later response than the
one you were responding to.

But I do appreciate and understand your suggestion and I "was" doing
exactly what you said. It just took time.

I am confused as to what DIG results I want to see though.

SERVER: 127.0.1.1#53(127.0.1.1)
SERVER: 192.168.1.1#53(192.168.1.1)

Which DIG result means that the VPN service DNS server will be used?


Marek Novotny

unread,
Dec 31, 2015, 12:46:21 AM12/31/15
to
On 2015-12-31, JJ <jj4p...@vfemail.net> wrote:
the dig command doesn't change. What change we hope to see is in the
response.

try running a little script before and after you connect with vpn so you
can familiar with what changes while you use the vpn....

#!/bin/bash
#################################################
#
# Script: vpntest.sh
# written by: Marek Novotny
# version: 1.2
# Date: 2015-04-19
# Notes: Network Testing
#
#################################################

let mtab=22

divider()
{
printf "%$(tput cols)s\n" "" | tr ' ' '='
}

versionHeader()
{
version='1.2'
versionDate='2015-04-19'
printf "%*s\n" "$(tput cols)" "$(date)"
printf "%*s\n" "$(tput cols)" "Version $version, released: $versionDate"
}

network()
{
printf "%s\n" "Network Info"
divider
deviceIP=$(ip route get 8.8.8.8 | awk 'NR==1 {print $7}')
deviceID=$(ip route get 8.8.8.8 | awk 'NR==1 {print $5}')
printf "%${mtab}s %s %s\n" "Device IP:" "$deviceIP" "($deviceID)"
defaultRoute=$(route | egrep -i default.*${deviceID} | awk '{print $2}')
printf "%${mtab}s %s\n" "Default Route:" "$defaultRoute"

if [ $(wget -4 -qO- icanhazip.com) ] ; then
externalIP=$(wget -4 -qO- icanhazip.com)
printf "%${mtab}s %s\n" "External IP:" "$externalIP"
else
externalIP="Not Detected"
printf "%${mtab}s %s\n" "External IP:" "$externalIP"
return 1
exit 1
fi

isp=$(wget -4 -qO- ipinfo.io/$externalIP/org)
country=$(wget -4 -qO- ipinfo.io/$externalIP/country)
printf "%${mtab}s %s\n" "ISP:" "$isp"
printf "%${mtab}s %s\n" "Country:" "$country"
dnsIP=$(dig redhat.com | awk '/SERVER/{print $3}' | awk -F \# '{print $1}')
dnsName=$(dig +short -x $dnsIP)
if [ ! $dnsName ]; then
dnsName="Not Detected"
fi
printf "%${mtab}s %s\n" "DNS IP:" "$dnsIP"
printf "%${mtab}s %s\n\n" "DNS Name:" "$dnsName"
}

errorStatus()
{
errorCon="$?"
if ((errorCon >= 1)) ; then
printf "%${mtab}s %s\n" "Exit Status:" "${errorCon}"
fi
}

wp()
{
((count++))
printf "%${mtab}s %s --> %s: %s\n" "Status:" "Pass" "Host" "$ix"
}

wf()
{
printf "%${mtab}s %s --> %s: %s\n" "Status:" "Fail" "Host" "$ix"
}

webTest()
{
printf "Spider Web Crawl \n"
divider
let count=0
sites=("www.redhat.com" "www.ubuntu.com" "www.google.com" "www.yahoo.com")

for ix in ${sites[@]}
do
wget -q -t1 -T5 --spider $ix && wp || wf
done
printf "\n"
if ((count >= 1))
then
return 0
fi
}

versionHeader
network
errorStatus
webTest

#end

JJ

unread,
Dec 31, 2015, 12:49:34 AM12/31/15
to
Marek Novotny <marek....@marspolar.com> wrote in message
ht6dncft_In_LxnL...@giganews.com

> 192.168.1.1 means the router got the address.
> 127.0.1.1 means the host got the address.
> You have both correct.

Thank you for confirming my understanding.
One more detail is what I want to get out of the DIG command.

Since I'm getting 192.168.1.1 out of the dig command, and since I'm
definitely leaking that router-supplied DNS when on VPN, that must
mean that what I "want" to get from the dig command is the 127.0.0.1.

Is that correct that I "want" to see 127.0.0.1 out of the dig command?

> The settings you applied should have over wrote this. Since I am not
> familiar with the service you're using try a reboot to insure the
> service has indeed restarted. Or if you know the service, just restart
> it. Then try the dig command once more. And if it still fails, then that
> config file is being ignored.

That is a good suggestion to reboot since I'm not familiar with the
service either.

I just rebooted after seeing this message, and now I'm back.
Unfortunately, the dig is still reporting 192.168.1.1.

Am I correct in assuming that I "want" to see 127.0.0.1 instead of
192.168.1.1 as the output of the dig command?

That is, do I want the computer itself to determine the DNS server?

Marek Novotny

unread,
Dec 31, 2015, 1:04:17 AM12/31/15
to
On 2015-12-31, JJ <jj4p...@vfemail.net> wrote:
Either way that's a leak. what you want is for the DNS to take place
through the vpn tunnel. Ideally, if you set the DNS to 8.8.8.8 then I'd
like to see that in the dig response so we know where the DNS settings
are. So far it doesn't look like they are working from the wic to me.

If it is coming from 127.0.1.1 we know it's the local host. If it is
192.168.1.1 we know it is from the router. If the host is set to dhcp
and dig replies with 192.168.1.1 then we can assume the router did the
lookup because the host is set to dhcp.

the problem here is so far we're not identifying the settings
responsible for your dns. wic or network manager. You tried adding
8.8.8.8 to wic. Have you tried the same with network manager to be sure
it is in fact not still responsible for your dns settings?

JJ

unread,
Dec 31, 2015, 1:14:26 AM12/31/15
to
Marek Novotny <marek....@marspolar.com> wrote in message
WdqdnWCb4Ke2XBnL...@giganews.com

> the dig command doesn't change. What change we hope to see is in the
> response.

Since I am definitely leaking my DNS server on VPN, and since the DIG
command is currently resulting in the router at 192.168.1.1, I guess
I want to see the dig command result in the computer at 127.0.0.1

> try running a little script before and after you connect with vpn so you
> can familiar with what changes while you use the vpn....

That script gave a strange output of a DNS server of 92.242.144.50
whether I was off VPN or on VPN (I tried it twice).

I don't know where that 92.242.144.50 DNS server comes from because the
router is currently set to these two servers:
primary = 8.20.247.20 (Comodo Secure DNS Public DNS Server 1)
secondary = 8.26.56.26 (Comodo Secure DNS Public DNS Server 2)
And the wicd graphical interface is set to these two servers:
primary = 8.8.8.8 (Google Public DNS Server 1)
secondary = 8.8.4.4 (Google Public DNS Server 2)

So, "where" that 92.242.144.50 DNS server came from is beyond my
comprehension!

Here is the actual log file of running your program in four steps:
STEP 1 --> Off of VPN
STEP 2 --> On VPN 1
STEP 3 --> Off of VPN again
STEP 4 --> On a different VPN 2

The only thing I edited in the output was my static ip address was removed.

$ script ./output.log
Script started on Wed 30 Dec 2015 09:53:39 PM PST
$ vpntest.sh
vpntest.sh: command not found
$ chmod u+x ./vpntest.sh
$ ./vpntest.sh
Wed Dec 30 21:53:48 PST 2015
Version 1.2, released: 2015-04-19
Network Info
=======================================================================================
Device IP: 192.168.1.10 (wlan0)
Default Route: router
External IP: <my static ip address>
ISP: AS8121 TCH Network Services
Country: US
DNS IP: 192.168.1.1
DNS Name: 92.242.144.50

Spider Web Crawl
=======================================================================================
Status: Pass --> Host: www.redhat.com
Status: Pass --> Host: www.ubuntu.com
Status: Pass --> Host: www.google.com
Status: Pass --> Host: www.yahoo.com

$ !!
./vpntest.sh
Wed Dec 30 21:54:30 PST 2015
Version 1.2, released: 2015-04-19
Network Info
=======================================================================================
Device IP: 10.211.1.5 (tun0)
Default Route: 10.211.1.6
External IP: 97.95.108.187
ISP: AS20115 Charter Communications
Country: US
DNS IP: 192.168.1.1
DNS Name: 92.242.144.50

Spider Web Crawl
=======================================================================================
Status: Pass --> Host: www.redhat.com
Status: Fail --> Host: www.ubuntu.com
Status: Pass --> Host: www.google.com
Status: Pass --> Host: www.yahoo.com

$ !!
./vpntest.sh
Wed Dec 30 21:55:04 PST 2015
Version 1.2, released: 2015-04-19
Network Info
=======================================================================================
Device IP: 192.168.1.10 (wlan0)
Default Route: router
External IP: <my static ip address>
ISP: AS8121 TCH Network Services
Country: US
DNS IP: 192.168.1.1
DNS Name: 92.242.144.50

Spider Web Crawl
=======================================================================================
Status: Pass --> Host: www.redhat.com
Status: Pass --> Host: www.ubuntu.com
Status: Pass --> Host: www.google.com
Status: Pass --> Host: www.yahoo.com

$ !!
./vpntest.sh
Wed Dec 30 21:56:01 PST 2015
Version 1.2, released: 2015-04-19
Network Info
=======================================================================================
Device IP: 10.211.1.33 (tun0)
Default Route: 10.211.1.34
External IP: 99.111.116.252
ISP: AS7018 AT&T Services, Inc.
Country: US
DNS IP: 192.168.1.1
DNS Name: 92.242.144.50

Spider Web Crawl
=======================================================================================
Status: Pass --> Host: www.redhat.com
Status: Fail --> Host: www.ubuntu.com
Status: Pass --> Host: www.google.com
Status: Pass --> Host: www.yahoo.com

$ exit
exit

Script done on Wed 30 Dec 2015 09:56:14 PM PST

JJ

unread,
Dec 31, 2015, 1:25:13 AM12/31/15
to
Marek Novotny <marek....@marspolar.com> wrote in message
d4idnW0Vkp79WBnL...@giganews.com

> the problem here is so far we're not identifying the settings
> responsible for your dns. wic or network manager. You tried adding
> 8.8.8.8 to wic. Have you tried the same with network manager to be sure
> it is in fact not still responsible for your dns settings?

There is no way to set up network manager because, I believe,
it was deleted about half a year ago when I switched to wicd.

$ which network-manager
(nothing found)
$ which network-manager-gnome
(nothing found)

Marek Novotny

unread,
Dec 31, 2015, 1:31:15 AM12/31/15
to
On 2015-12-31, JJ <jj4p...@vfemail.net> wrote:
> Marek Novotny <marek....@marspolar.com> wrote in message
> WdqdnWCb4Ke2XBnL...@giganews.com
>
>> the dig command doesn't change. What change we hope to see is in the
>> response.
>
> Since I am definitely leaking my DNS server on VPN, and since the DIG
> command is currently resulting in the router at 192.168.1.1, I guess
> I want to see the dig command result in the computer at 127.0.0.1
>
>> try running a little script before and after you connect with vpn so you
>> can familiar with what changes while you use the vpn....
>
> That script gave a strange output of a DNS server of 92.242.144.50
> whether I was off VPN or on VPN (I tried it twice).

Try this on the command line...

$ dig +short -x 192.168.1.1

JJ

unread,
Dec 31, 2015, 1:49:37 AM12/31/15
to
Marek Novotny <marek....@marspolar.com> wrote in message
99udnbotnd4vVhnL...@giganews.com

> Try this on the command line...
>
> $ dig +short -x 192.168.1.1

That's a new command for me, which outputs that very strange address
again of 92.242.144.50.

I do not at all understand WHERE that 92.242.144.50 is coming from!

$ dig +short -x 192.168.1.1
92.242.144.50

$ dig 192.168.1.1

; <<>> DiG 9.9.5-3ubuntu0.2-Ubuntu <<>> 192.168.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59504
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;192.168.1.1. IN A

;; ANSWER SECTION:
192.168.1.1. 1 IN A 92.242.144.50

;; Query time: 88 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Wed Dec 30 22:43:08 PST 2015
;; MSG SIZE rcvd: 56


$ dig -x 192.168.1.1

; <<>> DiG 9.9.5-3ubuntu0.2-Ubuntu <<>> -x 192.168.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6507
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;1.1.168.192.in-addr.arpa. IN PTR

;; ANSWER SECTION:
1.1.168.192.in-addr.arpa. 1 IN A 92.242.144.50

;; Query time: 172 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Wed Dec 30 22:47:22 PST 2015
;; MSG SIZE rcvd: 69

JJ

unread,
Dec 31, 2015, 2:27:47 AM12/31/15
to
JJ <jj4p...@vfemail.net> wrote in message n62j5v$lcd$1...@news.albasani.net

> I do not at all understand WHERE that 92.242.144.50 is coming from!
>
> $ dig +short -x 192.168.1.1
> 92.242.144.50

I'm looking all over for where that 92.242.144.50 came from.


It's not in the /etc/resolv.conf

$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.1.1

I will keep looking.

DecadentLinuxUserNumeroUno

unread,
Dec 31, 2015, 3:05:39 AM12/31/15
to
On Thu, 31 Dec 2015 07:27:46 +0000 (UTC), JJ <jj4p...@vfemail.net>
Gave us:

>92.242.144.50

My search shows it coming from London:
"barefruit Ltd."

http://whatismyipaddress.com/ip/92.242.144.50

JJ

unread,
Dec 31, 2015, 3:27:24 AM12/31/15
to
DecadentLinuxUserNumeroUno <DL...@DecadentLinuxUser.org> wrote in message
8co98bpc4ggm6l3q0...@4ax.com

>>92.242.144.50
>
> My search shows it coming from London:
> "barefruit Ltd."

Yes. I had done a few "whois" lookups, and found the same.

I hate to report this, because it adds even more confusion,
but, to test out whether the choice of DNS servers in the
router mattered, I changed just now the router DNS servers.

FROM:
primary = 8.20.247.20 (Comodo Secure DNS Public DNS Server 1)
secondary = 8.26.56.26 (Comodo Secure DNS Public DNS Server 2)
TO:
primary = 107.150.40.234 (OpenNIC8 public dns server 1)
secondary = 50.116.23.211 (OpenNIC8 public dns server 2)

Then I tested for DNS leaks and a NEW! strange IP address showed
up in the DNS leak web pages, both on and off of VPN:
96.126.112.223 (whois => Linode Network Operations, in NJ)

Then I ran Marek's suggested reverse-dig command but, this
time, nothing was output (whereas before, 92.242.144.50 was output!)
$ dig +short -x 192.168.1.1
(didn't output anything)

Then I ran Marek's test program first off of VPN and then on VPN,
which showed no DNS detection also (whereas before 92.242.144.50
had shown up in the results).

THIS IS OFF VPN BELOW:
Thu Dec 31 00:03:07 PST 2015
Version 1.2, released: 2015-04-19
Network Info
==========================================================================================
Device IP: 192.168.1.10 (wlan0)
Default Route: router
External IP: <I removed my static IP address>
ISP: AS8121 TCH Network Services
Country: US
DNS IP: 192.168.1.1
DNS Name: Not Detected

Spider Web Crawl
==========================================================================================
Status: Pass --> Host: www.redhat.com
Status: Fail --> Host: www.ubuntu.com
Status: Pass --> Host: www.google.com
Status: Pass --> Host: www.yahoo.com

THIS IS ON VPN BELOW:
Version 1.2, released: 2015-04-19
Network Info
==========================================================================================
Device IP: 10.211.1.17 (tun0)
Default Route: 10.211.1.18
External IP: 178.158.149.91
ISP: AS50780 EAST-NET Ltd
Country: UA
DNS IP: 192.168.1.1
DNS Name: Not Detected

Spider Web Crawl
==========================================================================================
Status: Pass --> Host: www.redhat.com
Status: Fail --> Host: www.ubuntu.com
Status: Pass --> Host: www.google.com
Status: Pass --> Host: www.yahoo.com


So now I'm completely confused what is going on.
All that I know for sure is that I have a DNS leak.
The odd thing is that strange IP addresses are popping up that are unexpected.

DecadentLinuxUserNumeroUno

unread,
Dec 31, 2015, 3:33:23 AM12/31/15
to
On Thu, 31 Dec 2015 08:27:23 +0000 (UTC), JJ <jj4p...@vfemail.net>
Gave us:
Maybe it is a Usenet NNTP hook or something new client related..

It shouldn't be, but then I would say it shouldn't be a browser thing
either, but it likely is.

Kind of like the Android invasion by app of "can we use your
location?"

So "location services" are popping up everywhere now.

The stupid shit should be illegal. Leaving ANY stub in memory and
particularly using a network hook to pass info should be strictly
illegal.

JJ

unread,
Dec 31, 2015, 4:19:30 AM12/31/15
to
DecadentLinuxUserNumeroUno <DL...@DecadentLinuxUser.org> wrote in message
d2q98bdlati70f7mn...@4ax.com

> The stupid shit should be illegal. Leaving ANY stub in memory and
> particularly using a network hook to pass info should be strictly
> illegal.

I'm still digging, and getting more and more confused.

For example, I just read this page on openvpn dns leaks, and I don't
understand it at all, partly because "my" ubuntu doesn't have the same
files as theirs does.

https://forum.vpn.ac/discussion/13/running-openvpn-in-linux-terminal-with-no-dns-leaks0

J G Miller

unread,
Dec 31, 2015, 8:07:35 AM12/31/15
to
On Wednesday, December 30th, 2015, at 19:59:59h -0800,
Marek Novotny advised:

> Check the [] use global DNS servers.
>
> DNS Server 1 - 8.8.8.8
> DNS Server 2 - 8.8.4.4

These are both DNS servers operated by Google:

google-public-dns-a.google.com and
ns2.google.com

If you are concerned about anonymity and privacy, do you really
want Google Corporation tracking not just the sites you visit via
the Google search engine but all others you are interested in as
well via your DNS lookups?

JJ

unread,
Dec 31, 2015, 8:54:33 AM12/31/15
to
J G Miller <mil...@yoyo.ORG> wrote in message n6395o$qqa$2...@dont-email.me

>
> These are both DNS servers operated by Google:
>
> google-public-dns-a.google.com and
> ns2.google.com
>
> If you are concerned about anonymity and privacy, do you really
> want Google Corporation tracking not just the sites you visit via
> the Google search engine but all others you are interested in as
> well via your DNS lookups?

This is a good point, and one which is aptly pointed out here
https://www.bestvpn.com/blog/8146/help-build-freer-internet-using-opennic-dns-servers
"With the recent and ongoing Edward Snowden revelations however,
plus the growing trend in many countries of blocking or censoring
certain websites...it is becoming increasingly clear that anyone
who values privacy on the internet...should not trust privately
owned centralised companies who can be bullied into blocking
website addresses, hand over information about who is trying
to access certain website, and who can have domains seized
from them. Google, OpenDNS and your ISP all fall into this
category."

Here's what Google says they keep
https://developers.google.com/speed/public-dns/privacy

Here is a list of Free & Public DNS Servers (Valid December 2015)
http://pcsupport.about.com/od/tipstricks/a/free-public-dns-servers.htm

At this point, for me, it doesn't matter what DNS server I use so
long as I can figure out why my Ubuntu is leaking it.

Caver1

unread,
Dec 31, 2015, 10:18:53 AM12/31/15
to
One question did you check the [] use global DNS servers?
It's my understanding that if that is checked you can't have
a dns leak.

--
Caver1

JJ

unread,
Dec 31, 2015, 10:42:35 AM12/31/15
to
Caver1 <cav...@inthemud.org> wrote in message n63gru$4h7$1...@dont-email.me

> One question did you check the [] use global DNS servers?
> It's my understanding that if that is checked you can't have
> a dns leak.

The problem with testing is that there are multiple variables.

And, the problem with multiple variables is that I don't know
which variables NOT to change!

Right now, I have Global DNS turned off in WiCD.

$ sudo cat /etc/wicd/manager-settings.conf
[Settings]
backend = external
wireless_interface = wlan0
wired_interface = eth0
wpa_driver = wext
always_show_wired_interface = False
use_global_dns = False <===============TURNED OFF
global_dns_1 = 8.8.8.8
global_dns_2 = None
global_dns_3 = None
global_dns_dom = None
global_search_dom = None
auto_reconnect = True
debug_mode = 1
wired_connect_mode = 1
signal_display_type = 1
should_verify_ap = 1
dhcp_client = 0
link_detect_tool = 0
flush_tool = 0
sudo_app = 0
prefer_wired = False
show_never_connect = True

If you say that I should always turn ON global DNS,
then I will turn it on in Wicd and keep it on.

(I don't need more variables to confuse me so the
more I know to just set and keep, the better!)

Caver1

unread,
Dec 31, 2015, 10:43:34 AM12/31/15
to
A DNS leak occurs when a DNS server is queried against
system settings for a particular connection. This can happen
if a system lacks the concept of global DNS and starts
querying randomly all the DNS servers it can find anywhere
configured in any network card. Since Windows lacks the
concept of global DNS and Linux does not, a DNS leak by
definition can occur on Windows and can not occur on Linux.
On 100% of the cases, so-called DNS leaks on Linux are
configuration mistakes.

I did a test.
I have my DNS servers set up on my router. That way all of
my computers use those dns servers without having it set up
on each computer.
Being so I show no DNS leaks while connected to my VPN.
I also configured the DNS servers on this computer. I
ended up with a DNS leak.
Deleted the DNS servers from this computer and I am back to
no DNS leak.
Don't know if this will help you or not.

--
Caver1

JJ

unread,
Dec 31, 2015, 10:53:05 AM12/31/15
to
> $ sudo cat /etc/wicd/manager-settings.conf
> use_global_dns = False <===============TURNED OFF

I just turned on the global DNS in the WiCd graphical interface,
and then checked the file which shows that Global DNS is now on.

$ sudo cat /etc/wicd/manager-settings.conf |grep -i dns
use_global_dns = True
global_dns_1 = None
global_dns_2 = None
global_dns_3 = None
global_dns_dom = None

The more variables I can lock down, the easier it will be to
figure out how to stop this DNS leak in Wicd/Ubuntu.

So, I'm fine with the maxim to ALWAYS set Global DNS to true.

Should I also always set the primary and secondary DNS servers
in the Wicd graphical interface?

JJ

unread,
Dec 31, 2015, 11:02:27 AM12/31/15
to
JJ <jj4p...@vfemail.net> wrote in message n63j0v$gaa$1...@news.albasani.net

> Should I also always set the primary and secondary DNS servers
> in the Wicd graphical interface?

In case the answer is that the maxim is to do TWO things:
I. Always set global dns to true in the Wicd graphical interface
II. Always set a specific dns server in the Wicd graphical interface

I just picked an easily remembered set of DNS servers from this web page:
http://pcsupport.about.com/od/tipstricks/a/free-public-dns-servers.htm

primary = 77.88.8.8 (Yandex basic dns)
secondary = 77.88.8.8 (Yandex basic dns)

And then I checked the configuration file:

$ sudo cat manager-settings.conf | grep dns
use_global_dns = True
global_dns_1 = 77.88.8.8
global_dns_2 = 77.88.8.1
global_dns_3 = None
global_dns_dom = None

Were you recommending BOTH actions?
A. Always set global dns to true ?
B. Always set dns servers ?

Cybe R. Wizard

unread,
Dec 31, 2015, 11:26:01 AM12/31/15
to
From:
http://www.barefruit.com/
----------
"Barefruit generates highly targeted traffic for ISPs by replacing DNS
and HTTP errors with relevant advertising."
----------

Cybe R. Wizard
--
Registered GNU/Linux user # 126326
Registered Ubuntu User (deprecated) # 2136

JJ

unread,
Dec 31, 2015, 11:26:59 AM12/31/15
to
Caver1 <cav...@inthemud.org> wrote in message n63ia8$9hl$1...@dont-email.me

> A DNS leak occurs when a DNS server is queried against
> system settings for a particular connection.

This is a very confusing sentence so allow me to try to clarify by
rewriting the sentence the way I interpret what you are trying to
teach me:
"A DNS leak occurs when the operating system asks for a DNS lookup
from a DNS server that isn't the actual DNS server that the
operating system was "supposed" to use."

Is that correct?

> This can happen
> if a system lacks the concept of global DNS and starts
> querying randomly all the DNS servers it can find anywhere
> configured in any network card.

Again, I have to wrap my head around your specific words.
I don't actually know what a "Global DNS" even means yet.
To me, all DNS servers are "global", in so much as all DNS
servers get you to all the servers in the world.

So, "Global DNS" means absolutely nothing to me at the moment.
I realize "Global" means "something" to you.
I'm trying to figure out what "Global" means to you.

Searching for "What does global dns mean", the concept of a
"Global DNS" is not explained here or in any result I found:
https://en.wikipedia.org/wiki/Domain_Name_System

May I ask WHAT a "Global DNS" setting of true actually means?

Caver1

unread,
Dec 31, 2015, 12:15:52 PM12/31/15
to
On 12/31/2015 11:26 AM, JJ wrote:
> Caver1 <cav...@inthemud.org> wrote in message n63ia8$9hl$1...@dont-email.me
>
>> A DNS leak occurs when a DNS server is queried against
>> system settings for a particular connection.
>
> This is a very confusing sentence so allow me to try to clarify by
> rewriting the sentence the way I interpret what you are trying to
> teach me:
> "A DNS leak occurs when the operating system asks for a DNS lookup
> from a DNS server that isn't the actual DNS server that the
> operating system was "supposed" to use."
>
> Is that correct?
>
>> This can happen
>> if a system lacks the concept of global DNS and starts
>> querying randomly all the DNS servers it can find anywhere
>> configured in any network card.

> Again, I have to wrap my head around your specific words.
> I don't actually know what a "Global DNS" even means yet.
> To me, all DNS servers are "global", in so much as all DNS
> servers get you to all the servers in the world.
>
> So, "Global DNS" means absolutely nothing to me at the moment.
> I realize "Global" means "something" to you.
> I'm trying to figure out what "Global" means to you.

The Global here is in reference to your network not the world.

> Searching for "What does global dns mean", the concept of a
> "Global DNS" is not explained here or in any result I found:
> https://en.wikipedia.org/wiki/Domain_Name_System
>
> May I ask WHAT a "Global DNS" setting of true actually means?
>

Tis is from Debian man page for wicd;

use_global_dns = <True|False>
If set to "True" and values are specified in the
global DNS settings below, this
will cause Wicd to use these DNS settings.

global_dns_dom = <plaintext_domain_name>
This specifies the default search domain to be used
by the resolver.

global_dns_1 = <ip_address>

global_dns_2 = <ip_address>

global_dns_3 = <ip_address>

In other words when you enter what DNS servers to use and
set it to use global DNS servers you tell it to use those
DNS servers.

--
Caver1

Caver1

unread,
Dec 31, 2015, 12:24:53 PM12/31/15
to
On 12/31/2015 11:26 AM, JJ wrote:
I just thought of something. Do you know what a DNS leak
actually is?

--
Caver1

JJ

unread,
Dec 31, 2015, 12:25:30 PM12/31/15
to
Caver1 <cav...@inthemud.org> wrote in message n63ia8$9hl$1...@dont-email.me

> Deleted the DNS servers from this computer and I am back to
> no DNS leak.

How are you (or anyone) defining a DNS leak?

I'm defining it as two things that occur concurrently:

1. The leaktest sites show the same DNS server on VPN as not on VPN
(ipleak.net or dnsleaktest.com)
2. The DNS server they show is one that I recognize being the one I set
(set either on the computer or on the router)

Are you using a similar definition for a dns leak?

JJ

unread,
Dec 31, 2015, 12:45:53 PM12/31/15
to
Caver1 <cav...@inthemud.org> wrote in message n63nn9$4os$1...@dont-email.me

> In other words when you enter what DNS servers to use and
> set it to use global DNS servers you tell it to use those
> DNS servers.

Thanks for the clarification of what a "global" DNS server
means to the computer.

One natural question is how the "global=true" setting affects
the dns used when VPN is running.

Does the global "also" win even when on VPN?

Also, from what I can tell from what you reported, just setting
"global=true" seems to be useless without also setting at least
one DNS server below that setting. You didn't say that, but, it
seems to me to be a natural inference that global=true is useless
without ALSO setting a DNS server.

That's not obvious in the GUI, since the GUI allows you to set
one but not the other, but, I guess it's simple enough to assume
two thing:
1. When I set Wicd global=true, then
2. I must also set at least one DNS server at the same time!

At the moment, I have global dns=true as proved by this command:
$ use_global_dns = True
global_dns_1 = 156.154.70.1
global_dns_2 = 156.154.71.1
global_dns_3 = None
global_dns_dom = None

However, "other" indications are that global is not working!
$ dig www.redhat.com|grep -i server
;; SERVER: 192.168.1.1#53(192.168.1.1)
Does this result above imply that the global=true is not working?

$ cat /etc/resolv.conf|grep nameserver
nameserver 192.168.1.1
Does this result above imply that the global=true is not working?

$ cat /etc/dhcp/dhclient.conf|grep domain-name-servers
#prepend domain-name-servers 127.0.0.1;
domain-name, domain-name-servers, domain-search, host-name,
#require subnet-mask, domain-name-servers;
# option domain-name-servers 127.0.0.1;
Should I uncomment the 127.0.0.1 lines above?

In summary, I wonder if the wicd global=true is actually working?
How would I know?

SEE NEWLY CREATED ALIASES BELOW:
alias leak1='dig www.redhat.com|grep -i server'
alias leak2='dig +short -x 192.168.1.1'
alias leak3='vpnstatus.sh'
alias leak4='sudo cat /etc/wicd/manager-settings.conf|grep -i dns'
alias leak5='cat /etc/resolv.conf|grep nameserver'
alias leak6='cat /etc/dhcp/dhclient.conf|grep domain-name-servers'
alias leak7='echo "Pinging www.eecs.mit.edu";ping 18.62.0.96'

Caver1

unread,
Dec 31, 2015, 12:47:13 PM12/31/15
to
DNS is used to translate domain names into numerical IP
addresses . This translation service is usually performed by
your ISP, using its DNS servers.
When you use a VPN service, the DNS request should instead
be routed through the VPN tunnel to your VPN provider’s DNS
servers (rather than those of your ISP).
However it does happen that the request to be sent to the
ISP’s DNS server rather than through the VPN tunnel. This is
known as a DNS leak.
When you go to the likes of dnsleaktest.com you should see
the IP of your VPN not the IP that your ISP gives you, while
connected to the VPN.
If you see your IP at dnsleaktest.com when connected to your
VPN the you have a DNS leak. Which means that you are using
your ISP's DNS servers and not the VPN's. This results in
your ISP being able to track your internet movements,
regardless of whether you are using a VPN or not.
This happens quite often in Windows as it has no Global
setting to stop this from happening. Linux has this Global
setting so only a misconfiguration can cause it.
Some VPN's, but not all, have built in DNS leak protection.
--
Caver1

JJ

unread,
Dec 31, 2015, 12:52:07 PM12/31/15
to
Caver1 <cav...@inthemud.org> wrote in message n63o87$6mi$1...@dont-email.me

> I just thought of something.
> Do you know what a DNS leak actually is?

Funny you should have asked that because I just asked
YOU the same question a few moments before I saw this.

I asked in that post whether we both actually agreed
on what a dns leak actually is.

I assume a dns leak can be observed in two concurrent
ways when I go to a dnsleak web site in two situations:
1. While off VPN
2. While on VPN

The two dnsleak web sites I'm using are:
$ firefox http://ipleak.net http://dnsleaktest.com

I assume I have a dns leak if:
a. the reported DNS server is the same off VPN
as it is on VPN, and,
b. the reported DNS server while on VPN is a DNS
server that "I" set somewhere (either I set
the DNS server in the router or on the computer).

Is my assumption for how to "observe" a DNS leak correct?

Caver1

unread,
Dec 31, 2015, 12:52:43 PM12/31/15
to
Is 156.154.70.1 your ISP?

--
Caver1

JJ

unread,
Dec 31, 2015, 12:55:45 PM12/31/15
to
"Cybe R. Wizard" <cybe_r...@WizardsTower.invalid> wrote in message
20151231102...@wizardstower.lan

> From:
> http://www.barefruit.com/
> ----------
> "Barefruit generates highly targeted traffic for ISPs by replacing DNS
> and HTTP errors with relevant advertising."

Thank you for explaining that.

I am guessing, but, I think what may have happened to cause
barefruit to be invoked, is that I'm using various DNS servers
found in this file:
http://pcsupport.about.com/od/tipstricks/a/free-public-dns-servers.htm

I think I was using the "Comodo" dns servers at the time that
barefruit popped up.

Perhaps what was happening when I was running the Linux queries
was that the Comodo dns was consulted by my linux command, but
that Comodo dns servers didn't know what to do, so they handed
off my query to barefruit???????

I'm guessing - but that kind of sort of makes sense if I assume
that's where barefruit came into the picture.

Caver1

unread,
Dec 31, 2015, 12:58:52 PM12/31/15
to
Ok I now see that 156.154.70.1 is a DNS server. when I
looked it up at Whois 156.154.70.1 wasn't shown as a DNS
server. which they normally are shown as.

--
Caver1

Caver1

unread,
Dec 31, 2015, 1:05:29 PM12/31/15
to
Basically yes. I explained in my reply to you.
Your VPN should use it's own DNS server. You shouldn't be
able to get around this.
Some VPN use OpenDNS which I use even if I'm not using the
VPN. That is the reason to enter your own preference for a
DNS server in Wicd/Network Manager, for when you're not
using the VPN.

--
Caver1

JJ

unread,
Dec 31, 2015, 1:07:04 PM12/31/15
to
Caver1 <cav...@inthemud.org> wrote in message n63psd$bse$2...@dont-email.me

> Is 156.154.70.1 your ISP?

No.
I do not know what my ISP uses for a DNS server as I have always
previously simply had the Google DNS servers set up in my router:
primary dns server = 8.8.8.8 (Google preferred DNS server)
secondary dns server = 8.8.4.4 (Google alternate DNS server)

I changed from Google in my router for testing purposes (to see
if the leaktest results showed the new servers and they did).

I picked the 156.154.70.1 & 156.154.71.1 IP addresses from here
(which was the first hit in my query for "list of public dns servers"):
http://pcsupport.about.com/od/tipstricks/a/free-public-dns-servers.htm

primary dns server = 156.154.70.1 (DNS Advantage preferred DNS server)
secondary dns server = 156.154.71.1 (DNS Advantage alternate DNS server)

The only reason I'm setting the servers to these values is that
Google is so big that they can have many DNS servers with different
IP addresses - so I am picking smaller DNS servers so that I can
observe if I get the leak of those smaller DNS servers both on and
off vpn.

Pretty consistently, no matter what DNS server I choose, I see that
chosen dns server in the dns leak web sites, both on and off VPN.

I would "expect" to see that chosen DNS server when I'm off of VPN,
but I would NOT expect to see that chosen DNS server when I'm on VPN.

That's what I'm interpreting as a dns leak.

Caver1

unread,
Dec 31, 2015, 1:25:53 PM12/31/15
to
While using your VPN go to dnsleaktest.com and see what IP
is showing. It should show your VPN's IP.
If it shows yours then you have a DNS leak.
Depending on what DNS sever your VPN is using the DNS server
maybe the same on/off the VPN.
My VPN uses the same DNS server that I do when I'm not using
the VPN so it would show the same in my case.
Do you know what DNS server your VPN uses? May or may not be
the same.
A DNS leak is when your IP is leaked out when using a VPN,
not the DNS server.

--
Caver1

Marek Novotny

unread,
Dec 31, 2015, 2:54:34 PM12/31/15
to
On 2015-12-31, JJ <jj4p...@vfemail.net> wrote:
> Marek Novotny <marek....@marspolar.com> wrote in message
> 99udnbotnd4vVhnL...@giganews.com
>
>> Try this on the command line...
>>
>> $ dig +short -x 192.168.1.1
>
> That's a new command for me, which outputs that very strange address
> again of 92.242.144.50.
>
> I do not at all understand WHERE that 92.242.144.50 is coming from!
>
> $ dig +short -x 192.168.1.1
> 92.242.144.50

its a reverse lookup meant to find the name associated with the ip
address;

sorry guys i had to be rushed to the hospital. im tapped in via my cell
phone to my ssh server running my slrn app

its all i have with me

blood clot in my lung

thiught id read posts to oass time barely a signal

--
Marek Novotny
https://github.com/marek-novotny

JJ

unread,
Dec 31, 2015, 3:48:26 PM12/31/15
to
Marek Novotny <marek....@marspolar.com> wrote in message
MPKdnYXh_tBkGhjL...@giganews.com

> sorry guys i had to be rushed to the hospital

Yikes. Please get better fast!
I hope they fix it up fine.

Eeeks. What does a blood clot in the lungs look like?

How did you even know that you had a clot in your lungs?

I hope it didn't hurt.

Marek Novotny

unread,
Dec 31, 2015, 4:08:25 PM12/31/15
to
On 2015-12-31, JJ <jj4p...@vfemail.net> wrote:
its been a bad month for me. i tried to blow my nose last night and
ended up calling 911. thought my lung collapsed. they found a clot a
few weeks ago and i've been dealing with blood thinners and pain
killers, but i keep losing the fight. my second ambulance an third
emergency visit. so i just have my smart phone and one hand to type.
but im just waiting here. theyre watching me since my pain is so
severe.

Caver1

unread,
Dec 31, 2015, 4:18:42 PM12/31/15
to
Hopefully you get well and home soon.

--
Caver1

Jonathan N. Little

unread,
Dec 31, 2015, 4:31:50 PM12/31/15
to
It is something ISPs do to improve their bottom line, it is called DNS
Assistance "Feature". Instead of failed DNS lookups giving you the ol'
Server not found error, you get redirected to ad server site. For
example my Verizon SOOOOOO-DSL's default DNS servers are 71.252.0.12 &
68.238.112.12 Verizon does have non-assistance servers 71.252.0.14 &
68.238.112.14

--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com

Jonathan N. Little

unread,
Dec 31, 2015, 4:41:39 PM12/31/15
to
Dude! If you have a blood clot in your lung WHY are you posting to
Usenet? Now that is hopelessly geek!

Kirk_Von_Rockstein

unread,
Dec 31, 2015, 5:07:12 PM12/31/15
to
+1
sorry to hear such.

Marek Novotny

unread,
Dec 31, 2015, 5:33:51 PM12/31/15
to
im just sitting in bed in the hospital with my phone. there is
nothing to do to takemy mind off the pain. so im reading posts

Cybe R. Wizard

unread,
Jan 1, 2016, 12:23:35 AM1/1/16
to
On Thu, 31 Dec 2015 11:54:39 -0800
Marek Novotny <marek....@marspolar.com> wrote:

> blood clot in my lung

Oh, man, take care.

gamo

unread,
Jan 1, 2016, 4:18:32 AM1/1/16
to
El 31/12/15 a las 22:08, Marek Novotny escribió:
Hope you will be fine as soon as posible.

Best regards.

--
http://gamo.eu.pn/
The generation of random numbers is too important to be left to chance

Dirk T. Verbeek

unread,
Jan 1, 2016, 6:14:04 AM1/1/16
to
Op 31-12-15 om 23:33 schreef Marek Novotny:
>> >Dude! If you have a blood clot in your lung WHY are you posting to
>> >Usenet? Now that is hopelessly geek!
> im just sitting in bed in the hospital with my phone. there is
> nothing to do to takemy mind off the pain. so im reading posts

The very best wishes for the New Year and especially with your health!

Take it easy, listen to the docs.

JJ

unread,
Jan 1, 2016, 9:04:36 PM1/1/16
to
Caver1 <cav...@inthemud.org> wrote in message n63rqj$kkc$1...@dont-email.me

> While using your VPN go to dnsleaktest.com and see what IP
> is showing. It should show your VPN's IP.

I apologize that I'm only now getting back to this problem.
I was, um, well, I had a splitting headache.
That's all I'll say why I was gone for a while.

As for what the DNS leak tests show, they consistently show the
correct IP address, whether I'm on or off VPN.

That is, when I'm off VPN, they show my correct static IP address.
When I'm on VPN, they correctly show the VPN IP address.

That is not the part that is leaking!

> If it shows yours then you have a DNS leak.

I think that is not correct.

If I'm off VPN, then the IP address that should show up is indeed
my static public IP address.

However, if my static public IP address showed up when I'm on
VPN (which it doesn't, by the way), *that* would be *extremely*
bad news.

That would mean the VPN isn't working.
But that's *not* my problem here.

> Depending on what DNS sever your VPN is using the DNS server
> maybe the same on/off the VPN.

I understand that what you're saying is that the VPN provider
*could* be using the exact same DNS server that I'm using.

But, consistently I have seen that the DNS server that I set
in my router is the one that is showing up in the DNS leak
tests, whether or not I'm on VPN.

Since I have been *changing* the DNS Servers based on those in
this list, while keeping to the same or different VPN, I do not
see any indication that my problem is due to the mere chance
that the VPN provider is using the same DNS server as I have
set in my router.
Main http://pcsupport.about.com/od/tipstricks/a/free-public-dns-servers.htm
Google https://developers.google.com/speed/public-dns/docs/using
OpenNIC https://www.opennicproject.org
OpenDNS https://store.opendns.com/setup/#/familyshield

JJ

unread,
Jan 1, 2016, 9:07:11 PM1/1/16
to
Caver1 <cav...@inthemud.org> wrote in message n63q7t$e1p$1...@dont-email.me

> Ok I now see that 156.154.70.1 is a DNS server. when I
> looked it up at Whois 156.154.70.1 wasn't shown as a DNS
> server. which they normally are shown as.

Thanks for helping me out.
I apologize for being out of action for the past day.
I won't explain why.

I have tested this pretty thoroughly using the tools that I have on
hand, and switching the DNS servers using any of those in this list:
http://pcsupport.about.com/od/tipstricks/a/free-public-dns-servers.htm

Consistently, I find the following to be the case:

1. It doesn't matter *what* I set in the WICD GUI because Ubuntu
is deferring to the router no matter what I do in WICD! :(

2. The router DNS server is what is showing up in the dns leak tests
whether or not I'm on VPN :(

This is bad news.

Unfortunately, I don't have the tools to debug why.

JJ

unread,
Jan 1, 2016, 9:12:30 PM1/1/16
to
Caver1 <cav...@inthemud.org> wrote in message n63qkb$g5l$1...@dont-email.me

> Basically yes. I explained in my reply to you.
> Your VPN should use it's own DNS server. You shouldn't be
> able to get around this.

I agree that the VPN should use its own DNS server.
I'm sure they do.

Why my router DNS setting keeps showing up in the DNS leak tests,
even when I'm on VPN, is the first of two things that is frustrating
me to no end!

> Some VPN use OpenDNS which I use even if I'm not using the
> VPN. That is the reason to enter your own preference for a
> DNS server in Wicd/Network Manager, for when you're not
> using the VPN

The second thing that is frustrating me to no end is that it doesn't
seem to matter *what* I put into the WICD configuration settings.

The router DNS servers *always* win!

Both of these situations are bad.
I don't have the Linux tools to debug this problem.

I think I completely don't understand *how* the DNS server is set on
Ubuntu with WICD, because *nothing* I type into the WICD seems to matter.

JJ

unread,
Jan 1, 2016, 9:35:07 PM1/1/16
to
Caver1 <cav...@inthemud.org> wrote in message n63pi2$bse$1...@dont-email.me

> DNS is used to translate domain names into numerical IP
> addresses . This translation service is usually performed by
> your ISP, using its DNS servers.

I do not know what my ISP's DNS servers are, but, I can prove to myself
that whatever DNS servers I have set on the router are what is being
shown in the DNS leak tests whether or not I'm on VPN.

I can prove that simply by changing the DNS servers set on the router.

Whatever I set as the DNS servers on the router is what shows up
as the DNS server in the DNS leak tests.

That is bad news for a bunch of reasons.
1. It means I don't have control of the DNS server from Linux.
2. It means that the VPN isn't fully working for me.

It's good news for one reason:
3. It means that the ISP's DNS server is *not* being used.

> When you use a VPN service, the DNS request should instead
> be routed through the VPN tunnel to your VPN provider’s DNS
> servers (rather than those of your ISP).

Yes. I agree!
I wish the DNS server that showed up in the DNS leak tests was
that of the VPN.

Currently, whatever DNS servers I set in my router are the DNS
servers that show up in the DNS leak tests, whether or not I'm
on VPN.

I don't understand a lot, but I do understand that this is a
classic DNS Leak which isn't supposed to happen on Linux.

As someone said, the only way it can happen is that I have Linux
misconfigured.

I do believe that is the case.
But how do I debug Linux DNS setup is the problem.

Specifically, how to I change the output from this:
$ dig www.redhat.com|grep -i server
;; SERVER: 192.168.1.1#53(192.168.1.1)

To this?
$ dig www.redhat.com | grep -i server
;; SERVER: 127.0.1.1#53(127.0.1.1)

> However it does happen that the request to be sent to the
> ISP’s DNS server rather than through the VPN tunnel. This is
> known as a DNS leak.

Yes. I have the classic DNS leak.
What is so frustrating is that I have been told it's due to a
misconfiguration of Linux, and I believe that.

But *what* is misconfigured?
I may have to switch back to the problematic "network manager"
temporarily, to debug this, because there is more support on the
net for the default Ubuntu network manager than there is for
WiCD.

WICD works great (much better than Network Manager did), but,
I can't find much on the web by way of how to test this problem.

> When you go to the likes of dnsleaktest.com you should see
> the IP of your VPN not the IP that your ISP gives you, while
> connected to the VPN.

Yes. I completely understand and agree with what you are saying.

When I go to the dns leak web sites, I should see two things:
1. I should see whatever IP address I would see simply by going
to http://whatismyipaddress.com or by running a curl command
or inxi -i, or any command that reveals my current public
IP address:
$ curl http://myip.dnsomatic.com; echo
$ inxi -i | grep "WAN IP:"
$ wget -qO- http://myip.dnsomatic.com; echo
$ curl ifconfig.me && curl ifconfig.me/host
etc.

2. I should see whatever DNS server I'm using, which should be
whatever DNS I set up in my router for when I'm NOT on VPN,
but it should be whatever VPN server the VPN provider is
using when I *am* on VPN.

> If you see your IP at dnsleaktest.com when connected to your
> VPN the you have a DNS leak.

I do not wish to piss you off, but I think that is an incorrect
statement.

It would be really horrid if I actually saw the IP address my
ISP has assigned me when I go to the DNS leak tests!

Luckily, *that* is not happening!

> Which means that you are using your ISP's DNS servers and
> not the VPN's.

It's very clear to me that I am *not* using my ISP's DNS servers
because I can clearly see that most of the time I see exactly
the DNS server that I set on my router, whether or not I'm
on VPN.

This is, as I understand it, the classic dns leak.
Since I'm on Linux, that's *not* supposed to happen.

I think Linux is, somehow, misconfigured.
My problem is figuring how where the misconfigure is happening.

If I could somehow get the output of the dig command to switch
from the router to the local machine, I could test it further.

There must be some secret to getting WICD to actually do what
the GUI is set to do (and rebooting isn't that, because I have
rebooted a few times now to no effect).

> This results in
> your ISP being able to track your internet movements,
> regardless of whether you are using a VPN or not.

You are correct that whomever controls the DNS server can track
my movements, whether or not I'm on VPN.

You are also probably correct that the ISP can *see* the lookups
I make to the DNS Server set on the router. Even though these
are not the DNS Servers that the ISP uses, they are probably
made in the clear.

So, I would assume that the ISP *can* see the cleartext calls
to the DNS servers that are set up in my router.

That's bad.

> This happens quite often in Windows as it has no Global
> setting to stop this from happening. Linux has this Global
> setting so only a misconfiguration can cause it.

I agree with you that I almost certainly have a Linux misconfiguration.
But how do I find this linux misconfiguration is the question.

JJ

unread,
Jan 1, 2016, 9:54:06 PM1/1/16
to
"Jonathan N. Little" <lws...@gmail.com> wrote in message
n646n7$rtf$1...@dont-email.me

> It is something ISPs do to improve their bottom line, it is called DNS
> Assistance "Feature". Instead of failed DNS lookups giving you the ol'
> Server not found error, you get redirected to ad server site. For
> example my Verizon SOOOOOO-DSL's default DNS servers are 71.252.0.12 &
> 68.238.112.12 Verizon does have non-assistance servers 71.252.0.14 &
> 68.238.112.14

I'm not sure the best way to test this from the Linux command line,
but I would think we could test whether an ad pops up when a domain
doesn't exist is to just go to that non-existing domain in a web
browser.

I tried example1.com, example2.com, etc., until I came across

http://www.example99.com

JJ

unread,
Jan 1, 2016, 9:56:24 PM1/1/16
to
Marek Novotny <marek....@marspolar.com> wrote in message
8MGdnWOdrujaBBjL...@giganews.com

> its been a bad month for me. i tried to blow my nose last night and
> ended up calling 911. thought my lung collapsed.

Egads. I hope you're healing well.
What a lousy way to start off the new year.
Please get well soon!

Caver1

unread,
Jan 1, 2016, 10:27:55 PM1/1/16
to
On 01/01/2016 09:04 PM, JJ wrote:
> Caver1 <cav...@inthemud.org> wrote in message n63rqj$kkc$1...@dont-email.me
>
>> While using your VPN go to dnsleaktest.com and see what IP
>> is showing. It should show your VPN's IP.
>
> I apologize that I'm only now getting back to this problem.
> I was, um, well, I had a splitting headache.
> That's all I'll say why I was gone for a while.
>
> As for what the DNS leak tests show, they consistently show the
> correct IP address, whether I'm on or off VPN.
>
> That is, when I'm off VPN, they show my correct static IP address.
> When I'm on VPN, they correctly show the VPN IP address.
>
> That is not the part that is leaking!

If when you are on the VPN and the DNS leak test shows your
real IP and not the VPN's IP, that is what shows the DNS
leak. It means that you are using your ISP's DNS and not
your VPN's.

>> If it shows yours then you have a DNS leak.
>
> I think that is not correct.
>
> If I'm off VPN, then the IP address that should show up is indeed
> my static public IP address.
>
> However, if my static public IP address showed up when I'm on
> VPN (which it doesn't, by the way), *that* would be *extremely*
> bad news.
>
That is a DNS leak. Why do you think that the DNS leak tests
show IPs?
Thet don't show DNS servers.

> That would mean the VPN isn't working.
> But that's *not* my problem here.
>
>> Depending on what DNS sever your VPN is using the DNS server
>> maybe the same on/off the VPN.
>
> I understand that what you're saying is that the VPN provider
> *could* be using the exact same DNS server that I'm using.
>
> But, consistently I have seen that the DNS server that I set
> in my router is the one that is showing up in the DNS leak
> tests, whether or not I'm on VPN.
>
What leak test do you use to Show DNS servers?

> Since I have been *changing* the DNS Servers based on those in
> this list, while keeping to the same or different VPN, I do not
> see any indication that my problem is due to the mere chance
> that the VPN provider is using the same DNS server as I have
> set in my router.
> Main http://pcsupport.about.com/od/tipstricks/a/free-public-dns-servers.htm
> Google https://developers.google.com/speed/public-dns/docs/using
> OpenNIC https://www.opennicproject.org
> OpenDNS https://store.opendns.com/setup/#/familyshield
>
>

As I said that is only a possibility. I never use my ISP's
DNS server.

>> My VPN uses the same DNS server that I do when I'm not using
>> the VPN so it would show the same in my case.
>> Do you know what DNS server your VPN uses? May or may not be
>> the same.
>> A DNS leak is when your IP is leaked out when using a VPN,
>> not the DNS server.
>

Just remember that both dnsleaktest.com and ipleak.net show
IPs to show whether you have a DNS leak.
Being that if your real IP shows you are not using the VPNs
DNS and your ISP then knows and can track where ever you go.

--
Caver1

JJ

unread,
Jan 1, 2016, 10:45:44 PM1/1/16
to
Caver1 <cav...@inthemud.org> wrote in message n67fur$r26$1...@dont-email.me

> If when you are on the VPN and the DNS leak test shows your
> real IP and not the VPN's IP, that is what shows the DNS
> leak. It means that you are using your ISP's DNS and not
> your VPN's.

I think we're confusing each other.
The DNS leak tests I am using are the following (best to worst):
1. http://ipleak.net
2. http://dnsleaktest.com
3. http://dnsleak.com

There are *TWO* IP addresses (fundamentally) reported by those sites:
A. My current public IP address
B. My current DNS Server

I am not confusing them.
They each tell me different things.

I have no problem with what the current IP address is telling me:
a. When I'm not on VPN, that shows the IP address my ISP has assigned to me
b. When I'm on VPN, that shows the IP address the VPN provider has assigned me

The problem I have is with the display of the DNS Server:
a. When I'm not on VPN, that shows whatever DNS server I have set in my router.
b. When I'm on VPN, that still shows whatever DNS server I have set in my router.

This is bad.
This is consistent no matter *what* DNS server I set in my router!

107.150.40.234 = OpenNIC8 public dns server (https://www.opennicproject.org)
50.116.23.211 = OpenNIC8 public dns server (https://www.opennicproject.org)

8.8.4.4 = Google public dns server
8.8.8.8 = Google public dns server

8.20.247.20 = Comodo Secure DNS public dns server
8.26.56.26 = Comodo Secure DNS public dns server

208.67.220.220 = OpenDNS Home4 public dns server
208.67.222.222 = OpenDNS Home4 public dns server

209.244.0.3 = Level31 public dns server
209.244.0.4 = Level31 public dns server
etc.


> That is a DNS leak. Why do you think that the DNS leak tests
> show IPs?
> They don't show DNS servers.

I think we disagree on what constitutes a DNS leak.
Maybe someone else can explain it, as I've explained it as I know it a few
times now.

I ask someone else (other than Caver1 and me) to explain what they think
a DNS leak is, since Caver1 and I seem to disagree on what constitutes
an indication of a DNS leak.

> What leak test do you use to Show DNS servers?

Given that I have the following aliases, below is a sample output of
my current tests (I need better Linux commands to test the problem!).

I. I do the tests below off VPN first, and then,
II. I do the same tests below on VPN.
NOTE: I make sure I close down Firefox between tests, and if I change anything
on Linux between tests, I make sure I reboot.

alias leak1='echo "$ dig www.redhat.com|grep -i server";dig www.redhat.com|grep -i server'
alias leak2='echo "$ dig +short -x 192.168.1.1";dig +short -x 192.168.1.1'
alias leak3='echo "$ echo netinfo.sh";netinfo.sh' <== this is Marek's vpnstatus.sh script renamed.
alias leak4='echo "$ sudo cat /etc/wicd/manager-settings.conf|grep -i dns"; sudo cat /etc/wicd/manager-settings.conf|grep -i dns'
alias leak5='echo "$ cat /etc/resolv.conf|grep nameserver";cat /etc/resolv.conf|grep nameserver'
alias leak6='echo "$ cat /etc/dhcp/dhclient.conf|grep domain-name-servers";cat /etc/dhcp/dhclient.conf|grep domain-name-servers'
alias leak='firefox https://ipleak.net https://www.dnsleaktest.com http://dnsleak.com'

The way I test it is as follows:
$ leak1
$ leak2
$ leak3
$ leak4
$ leak5
$ leak6
$ leak

Here is one set of results, but I need *better* Linux tools!
******************************************************************
TEST 1 OFF OF VPN:
******************************************************************
vpn <the ip address assigned to me by my ISP>
radio 8.8.8.8 Google public dns server
8.8.4.4 Google public dns server
router 172.81.176.146 (ns1.tor.ca) OpenNIC https://www.opennicproject.org
50.116.40.226 (ns8.ga.us) OpenNIC https://www.opennicproject.org
ubuntu Global = true
208.67.222.123 OpenDNS(Cisco) https://store.opendns.com/setup/#/familyshield
208.67.220.123 OpenDNS(Cisco) https://store.opendns.com/setup/#/familyshield
http://ipleak.net => DNS SERVER = 172.81.176.146
http://dnsleaktest.com => DNS SERVER = 172.81.176.146 146.176.81.172.rdns.lunanode.com Luna Node
http://dnsleak.com => DNS SERVER = 50.116.40.226 gemma.zee.li ISP=Linode in Absecon, US
$ dig www.redhat.com|grep -i server
;; SERVER: 192.168.1.1#53(192.168.1.1)
$ dig +short -x 192.168.1.1
<nothing reported>
$ netinfo.sh
Fri Jan 1 04:08:51 PST 2016
Version 1.2, released: 2015-04-19
Network Info
==================================================================
Device IP: 192.168.1.10 (wlan0)
Default Route: router
External IP: <the ip address assigned to me by my ISP>
ISP: AS8121 TCH Network Services
Country: US
DNS IP: 192.168.1.1
DNS Name: Not Detected

Spider Web Crawl
==================================================================
Status: Pass --> Host: www.redhat.com
Status: Fail --> Host: www.ubuntu.com
Status: Pass --> Host: www.google.com
Status: Pass --> Host: www.yahoo.com
==================================================================
$ sudo cat /etc/wicd/manager-settings.conf|grep -i dns
use_global_dns = True
global_dns_1 = 208.67.222.123
global_dns_2 = 208.67.220.123
global_dns_3 = None
global_dns_dom = None

$ cat /etc/resolv.conf|grep nameserver
nameserver 192.168.1.1

$ cat /etc/dhcp/dhclient.conf|grep domain-name-servers
#prepend domain-name-servers 127.0.0.1;
domain-name, domain-name-servers, domain-search, host-name,
#require subnet-mask, domain-name-servers;
# option domain-name-servers 127.0.0.1;
==================================================================
******************************************************************
TEST 2 ON VPN:
******************************************************************
VPN: 66.131.132.91
http://ipleak.net => DNS SERVER = 50.116.40.226
http://dnsleaktest.com => DNS SERVER = 50.116.40.226 gemma.zee.li Linode United States
http://dnsleak.com => DNS SERVER = 172.81.176.146 146.176.81.172.rdns.lunanode.com
$ echo netinfo.sh
Fri Jan 1 04:40:12 PST 2016
Version 1.2, released: 2015-04-19
Network Info
==================================================================
Device IP: 10.211.1.9 (tun0)
Default Route: 10.211.1.10
External IP: 66.131.132.91
ISP: AS5769 Videotron Telecom Ltee
Country: CA
DNS IP: 192.168.1.1
DNS Name: Not Detected

Spider Web Crawl
==================================================================
Status: Pass --> Host: www.redhat.com
Status: Pass --> Host: www.yahoo.com

Caver1

unread,
Jan 1, 2016, 10:49:08 PM1/1/16
to
On 01/01/2016 09:07 PM, JJ wrote:
> Caver1 <cav...@inthemud.org> wrote in message n63q7t$e1p$1...@dont-email.me
>
>> Ok I now see that 156.154.70.1 is a DNS server. when I
>> looked it up at Whois 156.154.70.1 wasn't shown as a DNS
>> server. which they normally are shown as.
>
> Thanks for helping me out.
> I apologize for being out of action for the past day.
> I won't explain why.
>
> I have tested this pretty thoroughly using the tools that I have on
> hand, and switching the DNS servers using any of those in this list:
> http://pcsupport.about.com/od/tipstricks/a/free-public-dns-servers.htm
>
> Consistently, I find the following to be the case:
>
> 1. It doesn't matter *what* I set in the WICD GUI because Ubuntu
> is deferring to the router no matter what I do in WICD! :(
>

All you should have to do is leave the DNS servers on your
router blank and then it should default to WICD.

> 2. The router DNS server is what is showing up in the dns leak tests
> whether or not I'm on VPN :(

What DNS leak tests?

> This is bad news.
>
> Unfortunately, I don't have the tools to debug why.
>


--
Caver1

Caver1

unread,
Jan 1, 2016, 10:53:55 PM1/1/16
to
If your DNS servers are designated on your router then the
routers settings is what will be used. You should be able to
change them on the router.
On one hand you say that the DNS leak test is showing your
DNS servers, then you say that the DNS leak tests show your
VPN's IP when connected to the VPN, which means you don't
have a DNS leak.
So I ask again what leak test are you using that shows what
DNS server you are using?

--
Caver1

Caver1

unread,
Jan 1, 2016, 11:01:20 PM1/1/16
to
The dig command shows the DNS servers on your router which
doesn't prove a DNS leak.

> There must be some secret to getting WICD to actually do what
> the GUI is set to do (and rebooting isn't that, because I have
> rebooted a few times now to no effect).

Remove the DNS servers on your router then it has to default
to WICD.
Setting the DNS servers on your router servers a purpose so
that you don't have to set them up on all computers,
phones, tablets that connect to your network.
To be honest I don't know how to do it on phones and tablets.

>> This results in
>> your ISP being able to track your internet movements,
>> regardless of whether you are using a VPN or not.
>
> You are correct that whomever controls the DNS server can track
> my movements, whether or not I'm on VPN.
>

If the DNS online leak tests don't show your real IP then
you don't have a leak.

> You are also probably correct that the ISP can *see* the lookups
> I make to the DNS Server set on the router. Even though these
> are not the DNS Servers that the ISP uses, they are probably
> made in the clear.
>
> So, I would assume that the ISP *can* see the cleartext calls
> to the DNS servers that are set up in my router.
>
> That's bad.



>> This happens quite often in Windows as it has no Global
>> setting to stop this from happening. Linux has this Global
>> setting so only a misconfiguration can cause it.
>
> I agree with you that I almost certainly have a Linux misconfiguration.
> But how do I find this linux misconfiguration is the question.
>


--
Caver1

Caver1

unread,
Jan 1, 2016, 11:19:19 PM1/1/16
to
On 01/01/2016 10:45 PM, JJ wrote:
> Caver1 <cav...@inthemud.org> wrote in message n67fur$r26$1...@dont-email.me
>
>> If when you are on the VPN and the DNS leak test shows your
>> real IP and not the VPN's IP, that is what shows the DNS
>> leak. It means that you are using your ISP's DNS and not
>> your VPN's.
>
> I think we're confusing each other.
> The DNS leak tests I am using are the following (best to worst):
> 1. http://ipleak.net
> 2. http://dnsleaktest.com
> 3. http://dnsleak.com
>
> There are *TWO* IP addresses (fundamentally) reported by those sites:
> A. My current public IP address
> B. My current DNS Server

And if they show your VPN's and not yours you have no leak.
If they show your VPN's IP they show your VPN's DNS.
On VPN above it shows 2 different DNS servers. You are using
two?
I take it the VPN IP of 66.131.132.91 is your VPNs and not
your real one?

If you have a DNS leak that means that your DNS queries are
not going through your VPN so your real IP is "seen". Which
you don't want.
If your Real IP is not "seen" then your DNS queries are
going through your VPN thus no DNS leak. Which is what you want.

--
Caver1

Art Santorini

unread,
Jan 1, 2016, 11:26:37 PM1/1/16
to
I don't know who to reply to but I ran a quick google which shows that
openvpn has a huge hole in it seemingly when run from the command line that
causes it to leak dns.

https://forum.vpn.ac/discussion/13/running-openvpn-in-linux-terminal-with-no-dns-leaks

JJ

unread,
Jan 2, 2016, 2:05:07 AM1/2/16
to
Caver1 <cav...@inthemud.org> wrote in message n67htg$vg6$1...@dont-email.me

> The dig command shows the DNS servers on your router which
> doesn't prove a DNS leak.

Just to be clear, I agree with you.
Also, to be clear, I never said that dig proved a DNS leak.
I did say (a few times) I need better Linux commands for debugging.

I got the "dig" command from Marek.
It tells us where the Ubuntu computer "thinks" it's getting the DNS from.

And what dig tells us is that Ubuntu thinks it's getting DNS from the router.
Which is exactly where we're getting the DNS from.

The dig also tells me that, so far, I have been unable to set
the Ubuntu network to get the network from the localhost for
test purposes.

>> There must be some secret to getting WICD to actually do what
>> the GUI is set to do (and rebooting isn't that, because I have
>> rebooted a few times now to no effect).
>
> Remove the DNS servers on your router then it has to default
> to WICD.

I wish I could do that. I really do.

The moment I tried, I realized there is something in the router
settings that just won't let me set the router to get the DNS
settings from the ISP.

I can hit that checkbox until the cows come home, but it
just won't set.
https://i.imgur.com/PDbksRH.gif

I tried multiple browsers and Windows & Linux and even
backported to older firmware, which you can see in this
screenshot. I tried with all plugins turned off.

I still can't turn off the DNS in the router.

I even tried putting bogus DNS settings there but, of course,
that ruined any chance of being on the Internet.
I tried using EMPTY settings, but the router software
wouldn't let me do that either.

So, there seems to be no way I can NOT set the DNS in
the router!

This is frustrating as all hell, I'm sure for you, as
it is for me!

> If the DNS online leak tests don't show your real IP then
> you don't have a leak.

I think we're defining the "dns leak" differently.
You're talking about an "ip leak" interchangeably with a "dns leak".
They are two totally different things.

One would leak your real ip address (that's really really bad).
The other would leak your dns server (that's just bad).

JJ

unread,
Jan 2, 2016, 2:08:16 AM1/2/16
to
Caver1 <cav...@inthemud.org> wrote in message n67h6j$u34$1...@dont-email.me

> All you should have to do is leave the DNS servers on your
> router blank and then it should default to WICD.

I thought that was a *great* idea, but, unfortunately, when I tried it,
I found out that it's *impossible* to NOT set the DNS server in the router!

1. I tried hitting the checkbox to get the DNS server from the ISP
2. I tried leaving the DNS server fields blank
3. I tried putting a bogus address in the DNS Server fields

All failed.
What *should* have worked, IMHO, is the first attempt above!
Here's what it looks like:
https://i.imgur.com/PDbksRH.gif

I even tried backporting to an earlier version of firmware (which is what
you see there).

I tried multiple machines (Linux & Windows) and multiple browsers.
I turned off all plugins.

Still, I could not unset the DNS server boxes!
It's very frustrating!

> What DNS leak tests?

http://ipleak.net
http://dnsleaktest.com
http://dnsleak.com

stepore

unread,
Jan 2, 2016, 2:19:59 AM1/2/16
to
On 12/31/2015 11:54 AM, Marek Novotny wrote:
> sorry guys i had to be rushed to the hospital. im tapped in via my cell
> phone to my ssh server running my slrn app
>
> its all i have with me
>
> blood clot in my lung


All the very best, Marek.
You're one of bright spots in this NG.
Get well.

JJ

unread,
Jan 2, 2016, 3:35:11 AM1/2/16
to
Caver1 <cav...@inthemud.org> wrote in message n67iv8$2d5$1...@dont-email.me

> And if they show your VPN's and not yours you have no leak.
> If they show your VPN's IP they show your VPN's DNS.

What do you make of these results given that the router is set to:
primary DNS Server = 208.67.220.220 = OpenDNS public dns server
secondary DNS Server = 208.67.222.222 = OpenDNS public dns server

01 Screenshot, not on VPN, of my router settings:
https://i.imgur.com/TWtUaMs.gif
02 Screenshot, not on VPN, of my public IP address:
https://i.imgur.com/pY0jEf6.gif
03 Screenshot, not on VPN, of the 1st DNS leak test:
https://i.imgur.com/Ng5JscS.gif
04 Screenshot, not on VPN, of the 2nd DNS leak test:
https://i.imgur.com/84zb8CF.gif
05 Screenshot, not on VPN, of the 3rd DNS leak test:
https://i.imgur.com/BxxaqHE.gif

06 Screenshot, on VPN, of my router settings:
https://i.imgur.com/N7YNh6f.gif
07 Screenshot, on VPN, of my public IP address:
https://i.imgur.com/7GiQ3aS.gif
08 Screenshot, on VPN, of the 1st DNS leak test:
https://i.imgur.com/e12BwVJ.gif
09 Screenshot, on VPN, of the 2nd DNS leak test:
https://i.imgur.com/JL7F0NV.gif
10 Screenshot, on VPN, of the 3rd DNS leak test:
https://i.imgur.com/C8sIIvi.gif

What do you make of those results?


JJ

unread,
Jan 2, 2016, 3:36:12 AM1/2/16
to
Caver1 <cav...@inthemud.org> wrote in message n67hfk$um5$1...@dont-email.me

> If your DNS servers are designated on your router then the
> routers settings is what will be used. You should be able to
> change them on the router.
> On one hand you say that the DNS leak test is showing your
> DNS servers, then you say that the DNS leak tests show your
> VPN's IP when connected to the VPN, which means you don't
> have a DNS leak.
> So I ask again what leak test are you using that shows what
> DNS server you are using?

Shadow

unread,
Jan 2, 2016, 4:59:34 AM1/2/16
to
On Wed, 30 Dec 2015 19:57:24 +0000 (UTC), JJ <jj4p...@vfemail.net>
wrote:

>How do I stop DNS LEAKS in Ubuntu 14.04 with wicd as the network manager?
>
>I definitely have a DNS leak because I changed my DNS servers in
>my home wireless broadband router, and I ran three tests from
>both https://www.dnsleaktest.com & from https://ipleak.net
>
>SETUP: Router primary DNS = 195.46.39.39 secondary = 195.46.39.40
>TEST1: No VPN My DNS Server showed up as 195.46.39.29
>TEST2: On VPN My DNS Server showed up as 195.46.39.29
>SWITCH: Router primary DNS = 209.244.0.3 secondary = 209.244.0.4
>TEST3: No VPN My DNS Server showed up as 209.244.0.13
>TEST4: On VPN My DNS Server showed up as 209.244.0.13
>
>Where in Linux do I even start to fix this DNS leak?

What happens if you manually change the DNS servers in
/etc/resolv.conf ?
Does Ubuntu even look at that file (years since I've messed
around with this stuff).
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012

Caver1

unread,
Jan 2, 2016, 8:06:38 AM1/2/16
to
The leak tests by showing your real IP show that you have a
DNS leak.
By Showing the IP from your VPN server shows that you don't
have a DNS leak.
A DNS leak reveals your real IP.

--
Caver1

Caver1

unread,
Jan 2, 2016, 8:11:32 AM1/2/16
to
And you stated that they show your VPN's IP when you are
connected to it. That shows no DNS leak.
What router do you have?

--
Caver1

Caver1

unread,
Jan 2, 2016, 8:13:25 AM1/2/16
to
+1

--
Caver1

Caver1

unread,
Jan 2, 2016, 8:25:10 AM1/2/16
to
Shows no DNS leak.
Notice that the DNS addresses are different than the ones
you use.
also your real IP is not shown.
What VPN service do you use? What DNS servers do they use?


--
Caver1

Caver1

unread,
Jan 2, 2016, 8:36:48 AM1/2/16
to
On 01/02/2016 03:35 AM, JJ wrote:
Do you always use the same server that your VPN provides?
Example I can connect from New York, various places in
Canada, Various places in Europe, New Zealand, etc.
If I connect from different places then these leak tests
show different DNS servers when I am connected.
Try a server from a different country and see what is shown
for the DNS IP.

--
Caver1

Caver1

unread,
Jan 2, 2016, 8:53:00 AM1/2/16
to
I should have looked at more than the results that you posted.
You use Private internet access as your VPN provider if I am
correct.
PIA has their own DNS leak protection that is used when you
use them.

--
Caver1

JJ

unread,
Jan 2, 2016, 9:58:26 AM1/2/16
to
Caver1 <cav...@inthemud.org> wrote in message n68i55$llp$1...@dont-email.me

> And you stated that they show your VPN's IP when you are
> connected to it. That shows no DNS leak.
> What router do you have?

Everything I'm saying shows up in these screenshots!

The router is a Netgear WNDR3400v2:

JJ

unread,
Jan 2, 2016, 10:03:34 AM1/2/16
to
Caver1 <cav...@inthemud.org> wrote in message n68ium$oim$1...@dont-email.me

> Shows no DNS leak.
> Notice that the DNS addresses are different than the ones
> you use.
> also your real IP is not shown.
> What VPN service do you use? What DNS servers do they use?

I don't think you understand any of this.
I'm sorry to say that.
But you're wasting everyone's time.

I do appreciate the help, but you can't even *see* what's in front
of your face. What you said above is patently wrong.

The DNS server isn't always *exactly* the same as the server you
set in the router! They have hundreds (maybe thousands!) of servers.

But if you do a WHOIS on the server, you'll see that every single
time, no matter what DNS server company I put in the router settings,
the server that shows up is of *that* company.

That is, if I put a google DNS server in the router DNS settings,
then a Google server shows up in the DNS leak test. What you don't
seem to understand, despite dozens of times telling you this, is
that you won't necessarily see *exactly* the same server.

But it will always be the same DNS service company!

I wish someone else would look at these numbers to help me,
because you, while you are trying to help, are just wasting
everyone's time asking questions a dozen times that have been
answered a dozen times already.

What is shown is a classic DNS Leak.

You don't agree. That's OK.

But that's why we need SOMEONE ELSE who knows what he's talking about
to interpret those 10 screenshots for us.

Thanks! I *do* appreciate the help, but we're almost at the point
of trolling because it's obvious as night and day that this is a
classic DNS Leak.

JJ

unread,
Jan 2, 2016, 10:03:52 AM1/2/16
to
Caver1 <cav...@inthemud.org> wrote in message n68ium$oim$1...@dont-email.me

> also your real IP is not shown.

Are you just trolling me?

Caver1

unread,
Jan 2, 2016, 10:16:32 AM1/2/16
to
On 01/02/2016 10:03 AM, JJ wrote:
> Caver1 <cav...@inthemud.org> wrote in message n68ium$oim$1...@dont-email.me
>
>> Shows no DNS leak.
>> Notice that the DNS addresses are different than the ones
>> you use.
>> also your real IP is not shown.
>> What VPN service do you use? What DNS servers do they use?
>
> I don't think you understand any of this.
> I'm sorry to say that.
> But you're wasting everyone's time.
>
> I do appreciate the help, but you can't even *see* what's in front
> of your face. What you said above is patently wrong.
>
> The DNS server isn't always *exactly* the same as the server you
> set in the router! They have hundreds (maybe thousands!) of servers.
>

Never said it was. I don't think you know how a DNS leak
manifests itself.
Do a search and all the answers will show you that what I
said about how a DNS leak manifests itself is correct.

> But if you do a WHOIS on the server, you'll see that every single
> time, no matter what DNS server company I put in the router settings,
> the server that shows up is of *that* company.
>
> That is, if I put a google DNS server in the router DNS settings,
> then a Google server shows up in the DNS leak test. What you don't
> seem to understand, despite dozens of times telling you this, is
> that you won't necessarily see *exactly* the same server.
>

What I saw was different IPs than what you said is yours. If
you have a DNS leak then your real IP is leaked for everyone
to see.

> But it will always be the same DNS service company!
>
> I wish someone else would look at these numbers to help me,
> because you, while you are trying to help, are just wasting
> everyone's time asking questions a dozen times that have been
> answered a dozen times already.
>

You refuse the truth of the matter.

> What is shown is a classic DNS Leak.
>
> You don't agree. That's OK.
>
> But that's why we need SOMEONE ELSE who knows what he's talking about
> to interpret those 10 screenshots for us.
>
> Thanks! I *do* appreciate the help, but we're almost at the point
> of trolling because it's obvious as night and day that this is a
> classic DNS Leak.
>

No trolling just discussion.

--
Caver1

JJ

unread,
Jan 2, 2016, 10:18:37 AM1/2/16
to
Caver1 <cav...@inthemud.org> wrote in message n68kis$tp8$1...@dont-email.me

> I should have looked at more than the results that you posted.
> You use Private internet access as your VPN provider if I am
> correct.
> PIA has their own DNS leak protection that is used when you
> use them.

I'm sorry for getting frustrated just now with your repeated
questions. I will try to answer them more civilly, but I wish
someone else could help who can see the DNS leak in my
screenshots.

I know you're trying to help, and I appreciate that because
I definitely have a DNS leak; I just have to figure out why!

To answer your question, the VPN provider I use is so simple.
It's any vpn provider I want to use.
It's just a file anyway.

$ sudo openvpn --config it's-just-a-file.ovpn

I download any ovpn file from http://vpngate.net or from
http://mofolinux.com/vpngate.html or from
http://www.vpnbook.com/freevpn or from
https://www.vpnme.me/freevpn.html or from
http://freevpn.me/accounts/ or from anywhere else I want.

It doesn't matter *which* free VPN service I use.
I just start the VPN service once I download the file.
$ sudo openvpn --config it's-just-a-file.ovpn

That's proof enough that I have a configuration problem.

It's not the VPN service that is the problem.

The problem I have is how to *debug* the issue to find out
what is wrong with my configuration!

JJ

unread,
Jan 2, 2016, 10:20:30 AM1/2/16
to
Shadow <S...@dow.br> wrote in message
il7f8bp1aluk2u3ga...@4ax.com

> What happens if you manually change the DNS servers in
> /etc/resolv.conf ?
> Does Ubuntu even look at that file (years since I've messed
> around with this stuff).

That's a good question.

I'm confused what I should change the server to in /etc/resolv.conf?

Should I change it to 127.0.0.1, or to a known public DNS Server
such as 8.8.8.8?

Here's is my file at the moment (by default):

$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.1.1

Ooops. It says not to edit it by hand.

JJ

unread,
Jan 2, 2016, 10:27:11 AM1/2/16
to
Caver1 <cav...@inthemud.org> wrote in message n68pfg$g1h$1...@dont-email.me

> Never said it was. I don't think you know how a DNS leak
> manifests itself.
> Do a search and all the answers will show you that what I
> said about how a DNS leak manifests itself is correct.

I do appreciate your help, and I'm sorry I got frustrated.
I took about an hour and a half to compose those ten pictures,
but I will compose *another* set of 10 for you to see what
I'm saying is true.

1. I will change the VPN server (I can choose any VPN
server out of many at, for example, http://vpngate.net).

2. I will also change the DNS Server in my router.

3. What you will see is that the same thing that I showed
in the previous 10 screenshots will show up again
(and again and again).

screenshot 01 (off VPN) will show: My router with a new set of DNS servers
screenshot 02 (off VPN) will show: My IP address is what my ISP gives me
screenshot 03,04,05 (off VPN) will show: DNS servers of the company set in the router
--------------
screenshot 06 (on VPN) will show: My router with that same set of new DNS servers
screenshot 07 (on VPN) will show: My IP address is that which the VPN provider gives me
screenshot 08,09,10 (on VPN) will show: A DNS leak of the DNS servers!

I will post them shortly as I have to set up the test on a clean reboot.

JJ

unread,
Jan 2, 2016, 10:30:08 AM1/2/16
to
Caver1 <cav...@inthemud.org> wrote in message n68pfg$g1h$1...@dont-email.me

> What I saw was different IPs than what you said is yours. If
> you have a DNS leak then your real IP is leaked for everyone
> to see.

I do appreciate your help but I think we disagree on the difference
between what I am calling a DNS leak and what you are calling a
DNS leak.

Simply stated, a DNS leak leaks the DNS address!

It doesn't leak my VPN or ISP IP address!
If it did, that would be really really really bad.

What leaks is *only* the DNS address.

Um, what frustrates me is that is so obvious that I shouldn't have
to say that a dozen times.

Why do you think it's called a "D-N-S" leak?
It leaks the DNS address!

Not the public IP address that my ISP or VPN provider assigns me.

Why do we need to repeat this so many times?
A DNS LEAK LEAKS ONLY THE DNS IP ADDRESS.

The screenshots extremely clearly show that.

I will snap another 10 screenshots using a different DNS server
and a different VPN service, but the results will be the same!

Caver1

unread,
Jan 2, 2016, 10:40:04 AM1/2/16
to
On 01/02/2016 10:18 AM, JJ wrote:
It's nice to know that you use openvpn with free VPN servers.
Free VPN servers are not always the most reliable.
Notice I said not always.
Did you notice the one post that had an answer about openvpn
and how to configure it. Did you try it?
You still need to realize and accept that a DNS leak
manifests itself by providing your real IP.

--
Caver1

Caver1

unread,
Jan 2, 2016, 10:43:38 AM1/2/16
to
You can't change anything in resolv.conf. It just shows what
you are using at any given time.
Disconnect from your VPN. Take a look at reslov.conf.
Now connect to your VPN and look at it again.
It should be different.

--
Caver1

Wildman

unread,
Jan 2, 2016, 10:46:08 AM1/2/16
to
On Sat, 02 Jan 2016 08:06:40 -0500, Caver1 wrote:

> The leak tests by showing your real IP show that you have a
> DNS leak.
> By Showing the IP from your VPN server shows that you don't
> have a DNS leak.
> A DNS leak reveals your real IP.

I believe you are dealing with a yesbutter.

--
<Wildman> GNU/Linux user #557453
"We are all born ignorant, but one
must work hard to remain stupid."
-Benjamin Franklin

Caver1

unread,
Jan 2, 2016, 10:48:52 AM1/2/16
to
A DNS leak manifests itself by showing your real IP as your
DNS queries bypass the VPN tunnel. So your real IP is known.
None of the shots you posted on your VPN showed the IP that
was shown as your real IP when not connected to your VPN.
I won't state that again as you seem to refuse this truth.

--
Caver1

Caver1

unread,
Jan 2, 2016, 10:58:27 AM1/2/16
to
On 01/02/2016 10:30 AM, JJ wrote:
> Caver1 <cav...@inthemud.org> wrote in message n68pfg$g1h$1...@dont-email.me
>
>> What I saw was different IPs than what you said is yours. If
>> you have a DNS leak then your real IP is leaked for everyone
>> to see.
>
> I do appreciate your help but I think we disagree on the difference
> between what I am calling a DNS leak and what you are calling a
> DNS leak.
>
> Simply stated, a DNS leak leaks the DNS address!

No. It shows your real IP as the DNS query bypasses your VPN
tunnel.

>
> It doesn't leak my VPN or ISP IP address!
> If it did, that would be really really really bad.
>
> What leaks is *only* the DNS address.

You did notice that you have on your router as your DNS IP
208.67.220.220 if I remember correctly. While on your VPN it
showed as 208.67.216.11. They are not the same.

>
> Um, what frustrates me is that is so obvious that I shouldn't have
> to say that a dozen times.
>
> Why do you think it's called a "D-N-S" leak?
> It leaks the DNS address!

It leaks your IP because it is not using your VPN's DNS
server it is either using your ISP's DNS or the one you
manually entered.
When not using your VPN you either use your ISP's DNS or the
one you manaully entered and your IP is shown.
A DNS leak shows your real IP. Look it up.

>
> Not the public IP address that my ISP or VPN provider assigns me.
>

You are wrong.

> Why do we need to repeat this so many times?
> A DNS LEAK LEAKS ONLY THE DNS IP ADDRESS.
>

You are wrong. Why do you not accept this?
Look it up.

> The screenshots extremely clearly show that.
>
> I will snap another 10 screenshots using a different DNS server
> and a different VPN service, but the results will be the same!
>

No need.

--
Caver1

Caver1

unread,
Jan 2, 2016, 10:59:27 AM1/2/16
to
On 01/02/2016 10:46 AM, Wildman wrote:
> On Sat, 02 Jan 2016 08:06:40 -0500, Caver1 wrote:
>
>> The leak tests by showing your real IP show that you have a
>> DNS leak.
>> By Showing the IP from your VPN server shows that you don't
>> have a DNS leak.
>> A DNS leak reveals your real IP.
>
> I believe you are dealing with a yesbutter.
>

I agree and am done.
He wonders why nobody steps in and agrees with him.

--
Caver1

Shadow

unread,
Jan 2, 2016, 11:12:51 AM1/2/16
to
On Sat, 2 Jan 2016 15:20:29 +0000 (UTC), JJ <jj4p...@vfemail.net>
wrote:
So that's why it's using your router's DNS service. Voila, you
found the leak.
>
>Ooops. It says not to edit it by hand.

Go on, be naughty.
The worse that can happen it that it will download Windows 10
and install it.
PS It will reset to the default if you use wicd or whatever.

JJ

unread,
Jan 2, 2016, 12:11:45 PM1/2/16
to
Caver1 <cav...@inthemud.org> wrote in message n68qrk$kqr$1...@dont-email.me

> It's nice to know that you use openvpn with free VPN servers.
> Free VPN servers are not always the most reliable.
> Notice I said not always.

I never said that free VPN servers are the most reliable.
In fact, I will agree with you that they sometimes don't work.

But their reliability has absolutely nothing whatsoever to do with
this problem. Absolutely nothing. So I won't go down that track
unless you say the problem is in the vpn service (which it isn't,
and which you can prove to yourself in less time than it takes me
to write this up).

I did run a complete test with a completely different free
vpn service and with both the same and with a completely
different public DNS server - and - just like I said it would
be - the results are consistently that I have a DNS leak.

Here are 10 new screenshots, but, I will write up a step by step of
exactly what I did (which you, or anyone, can repeat in seconds
because I will make it a cut and paste operation for you).

This shows my router with DNS set to OpenDNS servers:
https://i.imgur.com/Nz04MTU.gif

This shows a Romanian IP address on the "FreeVPNme" VPN service:
https://i.imgur.com/kFzq1fR.gif

This shows that the OpenDNS DNS server IP is leaking!
https://i.imgur.com/qdXsL2o.gif

This also shows that the OpenDNS DNS server IP is leaking!
https://i.imgur.com/OVSRkSu.gif

This is the third DNS leak site showing an IP in Romania:
https://i.imgur.com/VQT5w3j.gif

That third DNS leak site standard test shows the DNS server leak!
https://i.imgur.com/QGBJFgv.gif

That third DNS leak site extended test shows the DNS server leak!
https://i.imgur.com/ocrqPeR.gif

Now I *changed* the DNS server on the router & I killed the
VPN session and killed Firefox, and started over...

This shows my router with DNS now set to Level3 DNS servers:
https://i.imgur.com/LeiID6t.gif

This still shows a Romanian IP address on the "FreeVPNme" VPN service:
https://i.imgur.com/NoCTAvg.gif

Notice now that the DNS leak is showing the Level3 DNS servers!
https://i.imgur.com/qzuHxYw.gif

This proves it's a DNS leak no matter what DNS server I put in
the router.

It also proves that it doesn't matter which VPN Service I use
(since this VPN service is totally different than the last one
that I used).

My problem isn't proving that there is a DNS leak (except to you).
My problem is debugging, in Linux, what is going on!

I need Linux help!

JJ

unread,
Jan 2, 2016, 12:19:09 PM1/2/16
to
Caver1 <cav...@inthemud.org> wrote in message n68qrk$kqr$1...@dont-email.me

> Did you notice the one post that had an answer about openvpn
> and how to configure it. Did you try it?

It's impossible to understand, but if openvpn had a bug that caused
a dns leak, ALL OF YOU would have the same problem.

It would be nice if one of you *tried* the test below, please!
Pretty please?

I made it completely cut and paste for you!

1. I created a directory to put the ovpn files into:
$ mkdir ./freevpn/
2. I went to http://freevpn.me/accounts/ which told me the login/password:
OpenVPN Username: freevpnme
OpenVPN Password: cNliJi2D
3. I pressed the button titled "Download OpenVPN Certificate Bundle".
That created ./freevpn/OpenVPN-Certificate-Bundle-Server1.zip
4. I unzipped that bundle:
$ cd ./freevpn
$ unzip OpenVPN-Certificate-Bundle-Server1.zip
Archive: OpenVPN-Certificate-Bundle-Server1.zip
creating: OpenVPN-Certificate-Bundle-Server1/
inflating: OpenVPN-Certificate-Bundle-Server1/FreeVPN.me-TCP443.ovpn
inflating: OpenVPN-Certificate-Bundle-Server1/FreeVPN.me-TCP80.ovpn
inflating: OpenVPN-Certificate-Bundle-Server1/FreeVPN.me-UDP-40000.ovpn
inflating: OpenVPN-Certificate-Bundle-Server1/FreeVPN.me-UDP-53.ovpn
5. I ran openvpn using one of those free configuration files:
$ cd OpenVPN-Certificate-Bundle-Server1
$ grep ^remote FreeVPN.me-UDP-53.ovpn
remote 176.126.237.207 53
$ sudo openvpn --config FreeVPN.me-UDP-53.ovpn
Enter Auth Username: freevpnme
Enter Auth Password: cNliJi2D
... bunch of messages ... culminating in success ...
Initialization Sequence Completed
6. I checked my IP address which was now that of the VPN service:
$ curl http://myip.dnsomatic.com; echo
176.126.237.207
7. I tested the connection with a ping:
$ ping 74.125.239.36
PING 74.125.239.36 (74.125.239.36) 56(84) bytes of data.
64 bytes from 74.125.239.36: icmp_seq=1 ttl=48 time=492 ms
$ ping www.google.com
PING www.google.com (74.125.239.144) 56(84) bytes of data.
64 bytes from nuq05s02-in-f16.1e100.net (74.125.239.144): icmp_seq=1 ttl=48 time=483 ms
8. Now I can run the three DNS leak tests!
$ firefox https://ipleak.net
$ firefox http://dnsleak.com
$ firefox https://www.dnsleaktest.com
9. Here are the screenshots of those tests:
a. This shows my router with DNS set to OpenDNS servers:
https://i.imgur.com/Nz04MTU.gif
b. This shows a Romanian IP address on the "FreeVPNme" VPN service:
https://i.imgur.com/kFzq1fR.gif
c. This shows that the OpenDNS DNS server IP is leaking!
https://i.imgur.com/qdXsL2o.gif
d. This also shows that the OpenDNS DNS server IP is leaking!
https://i.imgur.com/OVSRkSu.gif
e. This is a third DNS leak test site showing that IP in Romania:
https://i.imgur.com/VQT5w3j.gif
f. That third DNS leak site standard test shows the DNS server leak!
https://i.imgur.com/QGBJFgv.gif
g. That third DNS leak site extended test shows the DNS server leak!
https://i.imgur.com/ocrqPeR.gif
10. Now all I do is *change* the DNS server in my router:
FROM:
primary DNS server = 208.67.220.220 = OpenDNS Home4 public dns server
secondary DNS server = 208.67.222.222 = OpenDNS Home4 public dns server
TO:
primary DNS server = 209.244.0.3 = Level3 public dns server
secondary DNS server = 209.244.0.4 = Level3 public dns server
11. I kill the browser and kill the VPN session and then I restart the
VPN session and then I run the three DNS leak tests again:
$ firefox http://192.168.1.1
$ firefox http://whatismyipaddress.com
$ firefox https://ipleak.net
12. See the following screenshots for all those results:
a. This shows my router with DNS now set to Level3 DNS servers:
https://i.imgur.com/LeiID6t.gif
b. This still shows a Romanian IP address on the "FreeVPNme" VPN service:
https://i.imgur.com/NoCTAvg.gif
c. Notice now that the DNS leak is showing the Level3 DNS servers!
https://i.imgur.com/qzuHxYw.gif

So, I can prove (over and over and over and over again) that I'm seeing
a DNS leak no matter what VPN provider I use and no matter what DNS
Server I set up in my router.

What I *need help* with is how to debug this in Linux!

JJ

unread,
Jan 2, 2016, 12:26:29 PM1/2/16
to
Caver1 <cav...@inthemud.org> wrote in message n68qrk$kqr$1...@dont-email.me

> You still need to realize and accept that a DNS leak
> manifests itself by providing your real IP.

I do not believe that is correct.
There is NOTHING on the Internet that says that.
A DNS leak provides your DNS Server.

But I have told you that more than a dozen times.
I really wish someone *else* would tell you that.

You have to think logically.
If the real IP leaked, that would mean that the VPN is not working.
(I have seen web sites which implied that the real IP address is
shown to the public but that's wrong.)

In all my tests, the VPN is working fine.
It's my DNS server configuration which is not working properly!

Let me ask you:
Why do you think they call it a "*DNS* Leak"?

Anyway, I'm extremely tired of arguing that point.

You do not have the correct understanding of what a DNS leak is.
But I can't be the one to tell you that.

I just wish someone else would understand what a DNS leak is so that
*they* could tell you!

I'm sorry if this doesn't sound nice - but - I can't say it more than
a dozen times any differently.

Read this:
http://dns-leak.com
If your DNS requests are sent over an unencrypted network instead,
this is called a DNS leak: Even though your actual traffic (the data
you send to and receive from a server) is still encrypted, your ISP
[or the DNS server company] is able to see to which servers you are
connecting to."

Caver1

unread,
Jan 2, 2016, 12:30:00 PM1/2/16
to
Non of these show a DNS leak. Goodbye.

--
Caver1

JJ

unread,
Jan 2, 2016, 12:32:44 PM1/2/16
to
Caver1 <cav...@inthemud.org> wrote in message n68qrk$kqr$1...@dont-email.me

> You still need to realize and accept that a DNS leak
> manifests itself by providing your real IP.

I realize some (very few) web sites say that but they are wrong.
You have to realize *why* they called it a "DNS leak" and not something
indicating your IP address leaking.

It's not your IP address that is leaking.
It's the DNS server IP address that is leaking.

Some web sites, I agree, get it wrong.
But, it's clear from most of the web sites.

Look here:
https://security.stackexchange.com/questions/26372/what-is-a-dns-leak
"If you connect through a VPN, but your queries are still being sent
over the normal network, anyone that can sniff the network, will
be able to see your DNS requests. When you are using a VPN you
are trying to avoid this at all cost as you want to prevent people
from eavesdropping on what you are doing (from a privacy point of view)."

Yet, I can find web sites which say what you say, which is wrong:
https://www.cactusvpn.com/beginners-guide-to-vpn/what-is-dns-leak/
"DNS Leak is a known security vulnerability associated with but
not limited to Microsoft Windows Operating System that simply
kills the very purpose of using the VPN in the first place;
which is establishing the anonymity on the internet. In simple
words, DNS Leak means your real IP address is out in the open
even when you are using a VPN service and behind powerful
encryption standards."

The first guys have it right.
The second guys are mincing words; what they mean is the
"real IP address of your real DNS server!".

That first web site isn't trying to sell you their "trusted solution".
That second web site is (hence why they say it incorrectly).



JJ

unread,
Jan 2, 2016, 12:44:56 PM1/2/16
to
Caver1 <cav...@inthemud.org> wrote in message n68rc5$mq8$1...@dont-email.me

> A DNS leak manifests itself by showing your real IP as your
> DNS queries bypass the VPN tunnel. So your real IP is known.
> None of the shots you posted on your VPN showed the IP that
> was shown as your real IP when not connected to your VPN.
> I won't state that again as you seem to refuse this truth.

I understand that we disagree as to what a DNS leak is
(despite the obvious name).

a. You say a DNS leak is something that exposes your real IP
address to the web site you are visiting, and I can find
sites trying to sell me "protection" which say the exact
same thing you are saying. For example:
https://www.cactusvpn.com/beginners-guide-to-vpn/what-is-dns-leak/

But *all* those sites are sham sites.
They are trying to scare you by saying what it is incorrectly.

For example, this site gets it all wrong like you did, and
they also get a *lot* of other things wrong too:
http://www.vpntopten.com/articles/what-is-a-dns-leak-and-how-it-affects-vpn-security

b. I say a DNS leak exposes all your queries to the DNS server
(who is visible, for example, to your ISP). So, let's say you
didn't want your ISP to see where you were going when you are
on VPN.

If you didn't have a DNS leak, all your DNS queries would go
to the DNS server of the VPN provider over the VPN tunnel, so
your ISP can *not* see your DNS queries.

Howeve,r if you have a DNS leak (as I do), all your DNS queries
go (IN THE CLEAR!), not through the VPN tunnel, but in the clear
so that your ISP can (easily) see where you are going.

The web sites you visit can *not* see your real IP address.
This web site gets it correct!
https://support.hidemyass.com/hc/en-us/articles/202720466-Stop-DNS-leaks
"When connected to our VPN service, you're automatically using the
OpenDNS servers instead of your internet providers DNS servers.
This ensures that your ISP does not know what domains you are
accessing (=what websites you are visiting).
Now it can happen that your system for some reason reverts
back to your ISPs DNS servers, resulting in your ISP being
able to see what websites you are visiting."

This site also gets it right:
http://www.makeuseof.com/tag/dns-leaks-can-destroy-anonymity-using-vpn-stop/
This site also gets it right:
http://dns-leak.com/
This site gets it right also:
https://torguard.net/vpn-dns-leak-test.php

It is loading more messages.
0 new messages