DNS Leak

NanoG6

If I recall correctly, when connected to winscribe or ivacy and test using dnsleak.com, I can see that dns server IP address is same as VPN IP address. How to achieve this using my own VPN server?

Nyr

Why would you want that? The fact that your DNS is different from your gateway IP doesn't mean that it's leaking.

For example, I took the test and it tries to scare me like this just because I'm using OpenDNS:

NanoG6

@Nyr I'm just curious how they achieve that. Currently I installed pi-hole on the VPN server, and dnsleaktest indeed show the upstream DNS (Google/Cloudflare)

Nyr

NanoG6 said: I'm just curious how they achieve that

By running a recursive DNS in the gateway

NanoG6 said: dnsleaktest indeed show the upstream DNS (Google/Cloudflare)

And that is completely fine

NanoG6

Nyr said: By running a recursive DNS in the gateway

Ah that's it. Seems like I mixed up between DNS server types
Too bad Pi-Hole/dnsmasq can't be recursive. I installed bind to test:

Thank you @Nyr!

omelas

@NanoG6 said:
@Nyr I'm just curious how they achieve that. Currently I installed pi-hole on the VPN server, and dnsleaktest indeed show the upstream DNS (Google/Cloudflare)

it would be create an ephmeral domain that nothing will have a cache and check who asked that domain on authoritive DNS server side.

NanoG6

Is that a good or bad thing?

TimboJones

@NanoG6 said:

Nyr said: By running a recursive DNS in the gateway

Ah that's it. Seems like I mixed up between DNS server types
Too bad Pi-Hole/dnsmasq can't be recursive. I installed bind to test:

Thank you @Nyr!

Isn't that what they do with unbound?

What is the goal, though, to get around geo-location detection?

Nyr

@NanoG6 said:
Is that a good or bad thing?

What are you referring to?

@TimboJones said:

@NanoG6 said:

Nyr said: By running a recursive DNS in the gateway

Ah that's it. Seems like I mixed up between DNS server types
Too bad Pi-Hole/dnsmasq can't be recursive. I installed bind to test:

Thank you @Nyr!

Isn't that what they do with unbound?

Yes.

NanoG6

TimboJones said: Isn't that what they do with unbound?

What is the goal, though, to get around geo-location detection?

Nice.. Didn't know about unbound. Learn new thing everyday on LET. I did the same thing with bind, though.

Nyr said: What are you referring to?

I'm referring to what @omelas said. Anyway the doc that @TimboJones referred earlier make everything clear

somik

Run openvpn and pi hole on same server.

Here is a tutorial I wrote for my own use with debian or ubuntu based servers:

https://somik.org/ubuntu-18-04-install-pi-hole-with-pivpn/

ErawanArifNugroho

We need to add this on the openvpn config for client in Windows:

...
block-outside-dns
...

Before adding that, my ip still leak with my ISP, such Telkom, and after adding that on client config, it's changed to the vps dns.

For Linux client, we had no problem/dns leak

Janevski

Maybe i want my dns leaking.

Neoon

@Janevski said:
Maybe i want my dns leaking.

NanoG6

@ErawanArifNugroho said:
We need to add this on the openvpn config for client in Windows:

...
block-outside-dns
...

Before adding that, my ip still leak with my ISP, such Telkom, and after adding that on client config, it's changed to the vps dns.

For Linux client, we had no problem/dns leak

I always using @Nyr script and never have any problem with that

ErawanArifNugroho

oh, good then

saibal

@ErawanArifNugroho said:
We need to add this on the openvpn config for client in Windows:

...
block-outside-dns
...

Before adding that, my ip still leak with my ISP, such Telkom, and after adding that on client config, it's changed to the vps dns.

For Linux client, we had no problem/dns leak

The funny thing is sometimes it leaks and other times it doesn't. This is because Windows does not have a systemwide resolv.conf. Each network interface can have its own DNS. svchost.exe can and will send out DNS queries without respecting the routing table and the default gateway of the VPN tunnel, causing the leak.