DNS leak when VPN connection is established

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
chuchu
Posts: 3
Joined: 2024-10-30 17:01

DNS leak when VPN connection is established

#1 Post by chuchu »

Hello, i am on a fresh debian 12,
when i am connected to my vpn, ipleak.net list also the DNS server of my ISP.
Yesterday it was working when i shutdown my PC before rebooting...
Now it's not working at all. I haven't changed any settings yet.
Found a lot older posts about resolv.conf but this file is updated correctly...
So i don't really know where to continue.

Aki
Global Moderator
Global Moderator
Posts: 3949
Joined: 2014-07-20 18:12
Location: Europe
Has thanked: 109 times
Been thanked: 518 times

Re: DNS leak when VPN connection is established

#2 Post by Aki »

Hello,
chuchu wrote: 2024-10-30 17:15 Now it's not working at all.
What is not working ? Can you please elaborate ?
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄⠀

chuchu
Posts: 3
Joined: 2024-10-30 17:01

Re: DNS leak when VPN connection is established

#3 Post by chuchu »

Ah sorry, by that i mean that no shutdown is helping.
When i have a vpn connection established, the DNS of my ISP can be found by ipleak or dnsleaktest.

reinob
Posts: 1231
Joined: 2014-06-30 11:42
Has thanked: 117 times
Been thanked: 54 times

Re: DNS leak when VPN connection is established

#4 Post by reinob »

It could be any number of things, but since you didn't care to even mention how you connect (openvpn? wireguard?), how your networking is configured (systemd-networkd, ifup/ifdown, some GUI network manager?) or the contents of your /etc/resolv.conf, and whether you have any "helpers" changing the content of /etc/resolv.conf, etc. there's nothing anyone can do to help.

chuchu
Posts: 3
Joined: 2024-10-30 17:01

Re: DNS leak when VPN connection is established

#5 Post by chuchu »

i really dont know, my networking isn't configured. i thought this would work out of the box.
I am using Eddie a VpnClient from Airvpn, and it changes the resolv.conf file so that there is only the Vpn's dns in it. But my ISP DNS is still found by ipleak.net

I tried to use the wireguard application wg-quick. I had to use resolvconf to get it working, but it doesn't delete my ISPN DNS out of the resolv.conf file.

Aki
Global Moderator
Global Moderator
Posts: 3949
Joined: 2014-07-20 18:12
Location: Europe
Has thanked: 109 times
Been thanked: 518 times

Re: DNS leak when VPN connection is established

#6 Post by Aki »

Hello,

If I understand correctly, your vpn software is not part of the Debian project. So, you may ask for help to its community or support service.
chuchu wrote: 2024-10-30 18:11 When i have a vpn connection established, the DNS of my ISP can be found by ipleak or dnsleaktest.
This means that some DNS queries will not be passed through the VPN.

The configuration should be in charge of your VPN software:
  • how did you configured the network and the vpn ?
What is the output of the following commands when the VPN is active (the bind9-dnsutils package must be installed) ?

Code: Select all

$ cat /etc/resolv.conf
$ cat /etc/nsswitch.conf
$ dig www.google.com 
$ ip address
$ ip route 
Is there a local DNS service running when the VPN is active ? You can check with the following command (the net-tools package must be installed):

Code: Select all

$ netstat -tulpn | grep 53
Hope this helps.
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄⠀

reinob
Posts: 1231
Joined: 2014-06-30 11:42
Has thanked: 117 times
Been thanked: 54 times

Re: DNS leak when VPN connection is established

#7 Post by reinob »

Note that also the browser (OP didn't say which) may have its own settings of DNS resolving, so even if the system resolver (using /etc/resolv.conf *and* /etc/nsswitch.conf) is pointing to whatever VPN DNS server the OP is expecting, the browser may be doing whatever it likes.

But yes, the best would be to ask your provider ("AirVPN"). After all, you're (probably) paying them for this.

Aki
Global Moderator
Global Moderator
Posts: 3949
Joined: 2014-07-20 18:12
Location: Europe
Has thanked: 109 times
Been thanked: 518 times

Re: DNS leak when VPN connection is established

#8 Post by Aki »

Hello @reinob,
reinob wrote: 2024-11-04 15:15 Note that also the browser (OP didn't say which) may have its own settings of DNS resolving, so even if the system resolver (using /etc/resolv.conf *and* /etc/nsswitch.conf) is pointing to whatever VPN DNS server the OP is expecting, the browser may be doing whatever it likes.
Are you referring to DNS-over-HTTPS (DoH) or DNS-over-TLS (DoT) used by browsers ?
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄⠀

reinob
Posts: 1231
Joined: 2014-06-30 11:42
Has thanked: 117 times
Been thanked: 54 times

Re: DNS leak when VPN connection is established

#9 Post by reinob »

Aki wrote: 2024-11-06 18:06 Hello @reinob,
reinob wrote: 2024-11-04 15:15 Note that also the browser (OP didn't say which) may have its own settings of DNS resolving, so even if the system resolver (using /etc/resolv.conf *and* /etc/nsswitch.conf) is pointing to whatever VPN DNS server the OP is expecting, the browser may be doing whatever it likes.
Are you referring to DNS-over-HTTPS (DoH) or DNS-over-TLS (DoT) used by browsers ?
Yes, indeed.

It's (unfortunately?) becoming more and more common for software (beowsers, but it could be anything) to bring their own resolver, making it more difficult for the user to force a specific DNS (which is what the OP appears to want).

Post Reply