Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

DNS Leak / Transparent DNS Proxy Detection
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

DNS Leak / Transparent DNS Proxy Detection

geodirkgeodirk Member
in Help

Does anyone know how to write the code to do the DNS Leak tests similar to those that are found on these sites?:

https://dnsleaktest.com/
http://dnsleak.com/
http://ipleak.net/

When I run my OpenVPN on my laptop, I'm still leaking DNS calls to my ISP provider. I've followed the advice on the first link about specifying a static IP/DNS with all my adapters and that appears to have plug the leaks. But I'm interested in what these sites are doing to determine the DNS leaks to begin with. What kinds of testing are they doing on the server end that detect the DNS leakage? Any one have a clue as to what they are checking and if there is some example code of how to do it around?

Thanks, Geodirk

Comments

  • MelitaMelita Member, Host Rep
    edited December 2014

    Transparent DNS usually works when your ISP router's firewall marks any traffic that has destination port to TCP/UDP 53, then redirect all of it to their own DNS server.

    So if you have any router that can do iptables BEFORE the traffic reach your ISP router, try to place this rules in your router:
    iptables -t nat -I PREROUTING 1 -p udp --dport 53 -j DNAT --to IP:443
    iptables -t nat -I PREROUTING 2 -p tcp --dport 53 -j DNAT --to IP:443

    Most famous router nowadays can have DD-WRT / OpenWRT / Tomato, so you can place this in their firewall startup script (make sure to restrict it on the right interface with -i flag).

    IP explanation: Set up any VPS in any remote location, install DNS server and made it as forward mode to any dns out there (OpenDNS, Google etc), but configure it to listen to any port other than 53, and only allow your ip range for security. In this case I choose 443 since most ISPs won't bother to sniff out any https traffic.

    Basically, what you did is forwarding any DNS lookup traffic to another unwatched port before it reach their router.

    Anyway, this might not working to all ISP. They might be more clever than this, like layer7 header analyze.

    About the sites, I'm not sure as well, teehee :p

    Thanked by 1netomx
  • J1021J1021 Member

    The test sites are having your browser access random links such as 7jdk764.dnsleaktest.com and monitoring what IP connects to their DNS servers to query that address.

  • geodirkgeodirk Member
    edited December 2014

    @kcaj said:
    The test sites are having your browser access random links such as 7jdk764.dnsleaktest.com and monitoring what IP connects to their DNS servers to query that address.

    Interesting...

    EDIT - I reread what you wrote. I get it now...

Sign In or Register to comment.