TunSafe Forum

Welcome to the TunSafe Community Forum. This is open for discussions related to TunSafe and the WireGuard protocol.

You are not logged in.

#1 2018-12-18 20:15:33

luna
Member
Registered: 2018-12-18
Posts: 1

Possible DNS leak in WIN client

Hi

Client is running on WIN 10 Ent connecting to private server with unbound as dns resolver (client DNS config points to private server internal IP with unbound listening for DNS requests). When connected and browsing www.dnsleak.com lists the private server as dns and also the ISP dns. This does not happen on MacOSX (wireguard-tools), Linux (wireguard source code) or Android (using the Wireguard client). dnsleak.com only lists the private server IP as dns on those clients so it can be assumed unbound is properly configured and client config is correct. Is there any way around this problem with the win client?

Regards
Luna

Offline

#2 2018-12-24 21:35:21

Hitchhiker
Member
From: The Netherlands
Registered: 2018-12-11
Posts: 31

Re: Possible DNS leak in WIN client

That's rather interesting actually. I get a similar result, but the data shown as DNS IP is entirely different from the one I have configured which is the same as shown on AzireVPN's site at: https://www.azirevpn.com/docs/servers

Here's a screenshot of the details for the DNS IP according to dnsleak.com: http://imgbox.com/CX0hqZXZ

I get the similar result on https://browserleaks.com/ip (better site with more details).

In my particular case though no details are being revealed about my ISP which is located in the Netherlands and the data revealed pertains purely to my VPN.

If you're using Firefox or one of its forks type: about:config in the URL bar and then copy/paste the following into the filter at the top: media.peerconnection.enabled Toggle that to show as false. If you see a warning, confirm that you'll be careful to gain entry to the filters. Disabling WebRTC prevents dns leaks caused by that setting.

I'll contact Azire support though to see what they have to say.

Offline

#3 2018-12-28 12:02:36

Hitchhiker
Member
From: The Netherlands
Registered: 2018-12-11
Posts: 31

Re: Possible DNS leak in WIN client

luna wrote:

Hi

Client is running on WIN 10 Ent connecting to private server with unbound as dns resolver (client DNS config points to private server internal IP with unbound listening for DNS requests). When connected and browsing www.dnsleak.com lists the private server as dns and also the ISP dns. This does not happen on MacOSX (wireguard-tools), Linux (wireguard source code) or Android (using the Wireguard client). dnsleak.com only lists the private server IP as dns on those clients so it can be assumed unbound is properly configured and client config is correct. Is there any way around this problem with the win client?

Regards
Luna

UPDATE:

Azire merely confirmed that my connection to their DNS servers is working correctly.

Do you by any chance have WebRTC enabled in your browser?

To check, type: about:config in the location bar (confirm if the silly message that you'll be careful if it appears) and then copy/paste: media.peerconnection.enabled in the filter at the top. If it turns out it's set to true, toggle it to false.

If all else fails, you might try posting the problem on the Tunsafe Github page: https://github.com/TunSafe/TunSafe/issues

Offline

#4 2018-12-28 20:21:28

Hitchhiker
Member
From: The Netherlands
Registered: 2018-12-11
Posts: 31

Re: Possible DNS leak in WIN client

@Luna,

Here's an alternative secure DNS host which I've just switched to myself: https://www.quad9.net/microsoft/

I've linked to the written form since the video doesn't provide IPv6 info.

Offline

Board footer

Powered by FluxBB