API tools faq
paste
Advertisement
Guest User

VPN how to fix DNS leak

a guest
Jan 13th, 2013
1,991
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.28 KB | None | 0 0
raw download clone embed print report
  1. 888888888888 88 88 ,ad8888ba,
  2. ,88 88 88 d8"' `"8b
  3. ,88" 88 88 d8'
  4. ,88" 88aaaaaaaa88 88
  5. ,88" 88""""""""88 88
  6. ,88" 88 88 Y8,
  7. 88" 88 88 Y8a. .a8P
  8. 888888888888 88 88 `"Y8888Y"'
  9.  
  10. VPN & DNS Leakage
  11. PC’s, have two problems with the use of VPN’s:
  12.  
  13. If the VPN drops out and the normal internet connection will continue, after which information and activities can be found. It usually takes a while for u know that ur VPN is stopped and u are using your own ip that can recognize u (It will only happen during a PenTest lol).
  14. U also have the problem of “DNS Leakage” Domain name servers are like phone-books, the name (www address) that you type into your browser, is translated into a number that the server can be reached. Well actually VPN’s encrypt your connection but in some cases it happens that the DNS lookup STILL goes via ur regular internet connection is. This is called a “Dns leak” and means that your ISP can look at what sites you go, etc. Nowadays it is common that ur ISP neatly store’s that information by storage obligation this is not what u want. This problem is common when routers and computers are set to dhcp with automatic setting.
  15. The DNS testing leaks:
  16.  
  17. Connect to your VPN, go to this site: http://entropy.dns-oarc.net or https://www.grc.com/dns/dns.htm
  18. Click Test, and ignore messages as “good, great” and everything except dns resolver addresses.
  19. In the latter address click initiate bottom of the page, ignore ‘spoof ability’, everything except addresses listed as ‘nameserver’ and ‘server name’.
  20. Check each IP address mentioned in that list, use infosniper or use Robtex. Make sure none of those IP addresses is your IP or indicates that the IP is from ur ISP.
  21. If the latter is the case, you have a DNS leak, if none of the IP’s appears not from your ISP then you are safe.
  22.  
  23. To fix a DNS leak:
  24.  
  25. let the computer specified dhcp settings instead of using Auto-dhcp settings (for that you are going to use VPN, only required if you are running XP.)
  26. After you are connected to your vpn put your dns name server of your regular internet connection to ‘none’ this particular forcing dns lookups via vpn only.
  27. Put everything back after you disconnect your VPN.
  28. http://dnsleaktest.com has a batch file that’ll auto execute when running OpenVPN that’ll do the DNS work automatically.
  29.  
  30.  
  31. How can I fix a DNS leak?
  32.  
  33. The solution is to ensure that once connected to the anonymity network, you are using ONLY the DNS server/s provided by the anonymity service. As this problem affects predominantly windows clients, only solutions for Windows appear here.
  34.  
  35. 3 basic steps to fix the problem;
  36.  
  37. Before connecting to the VPN, set static IP address properties if you are using DHCP
  38. After connecting, remove DNS settings for the primary interface
  39. After disconnecting, switch back to DHCP if necessary or reapply original static DNS servers
  40. Solution A – Automatic
  41.  
  42. If you are using OpenVPN on Windows XP/Vista/7 then a fully automated solution is available.
  43.  
  44. Download http://www.dnsleaktest.com/dnsfixsetup.exe – (md5 checksum: f212a015a890bd2dae67bc8f8aa8bfd9)
  45.  
  46. After installation, when you connect to a VPN server, a batch file will be run executing the 3 steps above.
  47.  
  48. Three scripts are generated for each OpenVPN configuration file;
  49.  
  50. configfilename_pre.bat – executed before the connection is established – Calls pre.vbs – If any active DHCP adapters exist, switch to static
  51. configfilename_up.bat – executed when the connection is established – Calls up.vbs – Clear the DNS servers for all active adapter except the TAP32 adapter
  52. configfilename_down.bat – executed after the connection is disconnected – Calls down.vbs – Reconfigure adapters back to their original configuration
  53. If you have any problems or suggestions, please contact me
  54.  
  55. Solution B – Manually clearing the DNS
  56.  
  57. The solution below does not switch the adapter to static if you are using DHCP. If you do not switch to a static IP configuration and your computer renews its IP address whilst connected to the VPN, the DNS settings may be overwritten. It is highly recommended to switch to a static IP configuration.
  58.  
  59. Open the command prompt (cmd.exe) as an administrator.
  60. Before connecting identify the name of the connected network interface. In the case below it is “Local Area Connection”
  61. netsh interface show interface
  62.  
  63. http://www.dnsleaktest.com/img/winfix1.png
  64.  
  65. Connect to the VPN. Once connected proceed to the next step.
  66. Flush the DNS resolver cache
  67. ipconfig /flushdns
  68. Disable the DNS configuration for the Interface identified in step 1
  69. netsh interface IPv4 set dnsserver "Local Area Connection" static 0.0.0.0 both
  70. Test for DNS leaks.
  71. After disconnecting, reconfigure the adapter to renew the previous DNS settings
  72. netsh interface IPv4 set dnsserver "Local Area Connection" dhcp
  73. Once again, flush the DNS resolver cache.
  74. ipconfig /flushdns
  75. Done.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!