I ran across this the other day;
http://www.dnsleaktest.com/how-to-fix-a-dns-leak.php
Take a look at;
Solution B - Manually clearing the DNS
Number 5 & 7, seems like a load of nonsense to me...
You can't run ' static 0.0.0.0 both'...
What's wrong with just flushing the dns and then putting in the dns you want to use in your router, or adapters and being on your merry way? Personally that's all I do and I'm not leaking any dns, at least with all the tests I have done it's not...
SteveTX
May 10th, 2011, 07:24 PM
because if you don't knock out the dns resolver AND dhcp source AND convert your routes to static, the dhcp on the other end (your vpn or isp) can send dhcp updates directly to your tap adapter and put all that information back into your adapter/interface.
DasFox
May 10th, 2011, 08:24 PM
-{ Quote: "because if you don't knock out the dns resolver AND dhcp source AND convert your routes to static, the dhcp on the other end (your vpn or isp) can send dhcp updates directly to your tap adapter and put all that information back into your adapter/interface." }-
Well all I've ever done is add in the Pri & Sec DNS to the adapters, flush the dns and go about my business, so what's wrong with just doing that?
If that isn't enough then what do you recommend, what I have shown you in this link or another method?
Are you suppose to run this command as you actually see it below? Because I don't understand what 0.0.0.0 represents and you can't run it like that.
netsh interface IPv4 set dnsserver "Local Area Connection" static 0.0.0.0 both
THANKS
SteveTX
May 10th, 2011, 10:03 PM
Here is a tutorial on preventing DNS leaks (
https://xerobank.com/support/articles/h ... dns-leaks/) from TAP adapters / OpenVPN.
DasFox
May 10th, 2011, 11:38 PM
-{ Quote: "Here is a tutorial on preventing DNS leaks (
https://xerobank.com/support/articles/h ... dns-leaks/) from TAP adapters / OpenVPN." }-
Yes I do know this link of yours, I was thinking you were going to show it to me, hehe...
3. Find out which adapters are active.
'and see who gets dhcp updates', see who gets updates where?
5. If you run this command on the connection connected to you are going to get disconnected, this is ok?
netsh interface ip set address "Local Area Connection" static 192.168.1.4 255.255.255.0 192.168.1.1 1
7. Clear the DNS Resolver cache again.
This time the DNS information won't come back, won't come back where?
Everytime you are done using the VPN you have to run netsh exec c:\net.cfg and then when you connect to the VPN again, you have to run the steps over?
How does do this prevent your computer from talking through any adapter except your VPN TAP adapter?
How about this in OSX and Linux TUT too?
THANKS
SteveTX
May 11th, 2011, 01:16 AM
-{ Quote: "Yes I do know this link of yours, I was thinking you were going to show it to me, hehe...
3. Find out which adapters are active.
'and see who gets dhcp updates', see who gets updates where?" }-
To see which interfaces are being updated from dhcp.
-{ Quote: "
5. If you run this command on the connection connected to you are going to get disconnected, this is ok?
netsh interface ip set address "Local Area Connection" static 192.168.1.4 255.255.255.0 192.168.1.1 1" }-
Shouldn't get disconnected. Should stay up and keep routing, only statically. If the IP you are connecting to frequently changes, that could be an issue. Otherwise, it should work.
-{ Quote: "
7. Clear the DNS Resolver cache again.
This time the DNS information won't come back, won't come back where?
" }-
DNS resolver cache means the cached IP addresses of domains you look up via DNS, ex: ebay.com. So you don't have stale, cached, or poisoned DNS entries in your existing resolver cache, and if any crept in while you were changing the above settings, they get wiped out.
-{ Quote: "
Everytime you are done using the VPN you have to run netsh exec c:\net.cfg and then when you connect to the VPN again, you have to run the steps over?
" }-
Sigh, yes.
-{ Quote: "
How does do this prevent your computer from talking through any adapter except your VPN TAP adapter?" }-
Leaks occur when your computer knows of interfaces to get out of your computer. So what we do here is cripple the other interfaces while keeping the expected routes up, and stop listening to anyone sending network updates other than the TAP adapter.
-{ Quote: "
How about this in OSX and Linux TUT too?
" }-
wildersecurity.com
