LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-01-2014, 03:52 PM   #1
H22
LQ Newbie
 
Registered: Feb 2014
Posts: 2

Rep: Reputation: Disabled
DNS requests leaking information.


I'm on Ubuntu 13.10 if relevant.

I want to set up a VPN for privacy. So far so good, I can do that. But my limited knowledge of networking made me wonder how DNS requests are handled. I've done some further digging and it seems that my DNS requests still go to the same place. I may be wrong but the things I've tried seem to indicate this is so. If this is my ISP's DNS servers, does this not mean that even though I am connecting via a VPN, they have a full log of everywhere I was visiting? Do the DNS requests come from the other end of my VPN tunnel or from my computer first and I THEN use the resulting information to visit that IP address via the VPN?

I need to know how I can check this.

Many thanks. I wasn't quite sure whether to place this in Networking or Security, but it seemed more of a security question to me.
 
Old 02-01-2014, 08:02 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603
Quote:
Originally Posted by H22 View Post
If this is my ISP's DNS servers, does this not mean that even though I am connecting via a VPN, they have a full log of everywhere I was visiting?
Unless you use modified network settings to use the VPN tunnels default gateway traffic indeed may end up at your ISPs.


Quote:
Originally Posted by H22 View Post
Do the DNS requests come from the other end of my VPN tunnel or from my computer first and I THEN use the resulting information to visit that IP address via the VPN? I need to know how I can check this.
That's why it's good to add "-j LOG" and "-j DROP" rules for your regular destinations while using a VPN. Easiest way to audit traffic doesn't reach certain targets.


Quote:
Originally Posted by H22 View Post
I wasn't quite sure whether to place this in Networking or Security, but it seemed more of a security question to me.
Taxonomy says it is a routing issue (Networking) but I do understand people class it as a security issue.
 
1 members found this post helpful.
Old 02-01-2014, 09:23 PM   #3
Z038
Member
 
Registered: Jan 2006
Location: Dallas
Distribution: Slackware
Posts: 912

Rep: Reputation: 174Reputation: 174
Quote:
Originally Posted by H22 View Post
I want to set up a VPN for privacy. So far so good, I can do that. But my limited knowledge of networking made me wonder how DNS requests are handled. I've done some further digging and it seems that my DNS requests still go to the same place.
Are you talking about subscribing to a VPN service provider, or are you setting up a VPN server of your own (e.g., OpenVPN) running on your home system? If the former, check with the VPN provider to see how DNS is handled. If the latter, you need to redirect the default network gateway through your VPN, and push your preferred DNS servers to the client.

In your OpenVPN server.conf, these statements redirect the network gateway for clients that connect to you, and push the openDNS servers IP addresses to the client. You could use any DNS servers you trust, including ones of your own.

Code:
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"

Last edited by Z038; 02-01-2014 at 09:30 PM.
 
Old 02-02-2014, 04:36 AM   #4
H22
LQ Newbie
 
Registered: Feb 2014
Posts: 2

Original Poster
Rep: Reputation: Disabled
Hi. Thanks for both replies. To clarify (@Z038), I am subscribing to a VPN service provider. Whilst this provides some anonymity from the places I visit, I had wrongly thought that it provided anonymity from my ISP also. I.e. all my traffic was going through it, but it now seems likely that DNS requests - i.e. a complete list of where I'm going - is available to my ISP.

I'm surprised this isn't more widely known. Perhaps it is with the people who frequent this forum, but I'm sure there are a lot of people out there who think turning on their VPN offers this sort of privacy.

So anyway, this now turns into two questions:
1) How do I ensure ONLY my VPN provider's DNS servers are used. (They do provide DNS for those that want it).
2) How do I ensure that any network traffic ONLY goes via the VPN.

To explain that second one, the VPN occasionally drops. At this point, as far as I can see, Ubuntu cheerfully goes back to using its non-VPN connection. Is there any way to tell it: "unless you are connected to this VPN don't send / receive"? I'm /guessing/ that I could add something to IP tables that dropped anything outgoing other than to the VPN servers address? Not sure how I'd do that.

Also, sorry - I think now that I did put this in the wrong forum. My apologies for that. If a mod does want to move it over to Networking...

Again, thanks for all replies. This is very helpful. The world grows ever more surveillance-y and I'm interested in how to safeguard privacy.
 
Old 02-02-2014, 11:59 AM   #5
Z038
Member
 
Registered: Jan 2006
Location: Dallas
Distribution: Slackware
Posts: 912

Rep: Reputation: 174Reputation: 174
It would probably be a good idea to ask a mod to move your thread to the Networking forum. You can use the Report button to ask them to do that.

My VPN knowledge is basic. I run an OpenVPN server on my home system so I can connect to it from my laptop when I'm away from home. I also run Bind (named) on my home system to provide my own DNS service. When I'm connected to my VPN from airport/hotel/coffee shop public WiFi, I'm only concerned with securing my traffic from other users of those public networks. I'm not concerned with hiding my IP address. All of my internet accesses appear to be from my home IP address, since that is my exit point.

I have tested my DNS for leaks using these sites, and they always show my own DNS server being used:

https://www.dnsleaktest.com/
http://dnsleak.com/
http://ipleak.net/

As for your first question, I should think you'd be able to ask your VPN provider how to make sure that only its own DNS servers are being used.

I'm interested in your second question too, since I'd also like to make sure that I won't fall back to a public open network if my VPN connection drops. I suspect it's possible to firewall your network traffic using iptables to ensure that everything leaving your own network can go out only through your VPN connection, but I don't know how to do it.

I did find this link that might be of some help. https://airvpn.org/topic/9139-preven...inux-iptables/
 
1 members found this post helpful.
Old 02-02-2014, 05:33 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603
Quote:
Originally Posted by H22 View Post
Also, sorry - I think now that I did put this in the wrong forum. My apologies for that. If a mod does want to move it over to Networking...
No problem and no apologies necessary.
We're here to help.
I'll just move your thread to the Networking forum.
Have fun!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to optimize dns requests kikookik Linux - Software 6 03-14-2013 07:43 AM
Help in stopping DNS requests (DNS Amplification) accessthecloud Linux - Server 2 02-18-2013 04:43 PM
can a local DNS Server be used to handle dns requests going out to the internet baronobeefdip Linux - Server 1 07-03-2012 04:19 AM
DNS, Bind, same ip for all requests NightSoul Linux - Networking 6 03-28-2008 12:39 PM
DNS requests go to loopback?? curiouspenguin Linux - Networking 5 09-20-2006 04:42 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:18 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration