Batu69 Posted October 31, 2015 Share Posted October 31, 2015 Windows 10 DNS resolver sends DNS requests in parallel to all available network interfaces and uses the fastest reply to come. If you use DNS from the local network, this problem allows your ISP or a hacker with Wi-Fi ap to hijack your DNS records and steal your data even if you use VPN .This plugin should fix this issue for Windows 8.1 and Windows 10 users.Beware of Windows 10 DNS resolver and DNS LeaksWARNING! Windows 10 VPN Users at Big Risk of DNS LeaksHow it worksThis plugin implements Windows Filtering Platform userspace filter to block all IPv4 and IPv6 DNS queries from DNS Client service to port 53 except on OpenVPN's TAP interface. It works like a temporary firewall which clears its rules upon termination or crash. This is important as you won't get broken internet connection if OpenVPN client suddenly crashes, unlike with other methods.Download Link to comment Share on other sites More sharing options...
exodius Posted October 31, 2015 Share Posted October 31, 2015 So , it just on windows 10. I'm using it on windows 7. Link to comment Share on other sites More sharing options...
Airstream_Bill Posted October 31, 2015 Share Posted October 31, 2015 Under Windows 7 all DNS requests were made in simple order of DNS server preference, but this changed in Windows 8 when Microsoft added “‘Smart Multi-Homed Name Resolution” by default. This sent out DNS requests to all available interfaces, but only used non-preferred servers if the main DNS server failed to respond.This makes Windows 8.x systems liable to DNS leaks, but at least makes it unlikely that DNS requests will be hijacked. Windows 10, on the other hand, simply chooses whichever DNS request responds quickest, which presents a major security risk.Copied this from Source Page for exodius Link to comment Share on other sites More sharing options...
CODYQX4 Posted October 31, 2015 Share Posted October 31, 2015 . Link to comment Share on other sites More sharing options...
exodius Posted November 1, 2015 Share Posted November 1, 2015 So , it just on windows 10. I'm using it on windows 7.Windows in general has liked to leak DNS, it's just supposedly worse in newer versions.So how to avoid it? I usually use VPN to access internet Link to comment Share on other sites More sharing options...
CODYQX4 Posted November 1, 2015 Share Posted November 1, 2015 . Link to comment Share on other sites More sharing options...
mazigh Posted November 1, 2015 Share Posted November 1, 2015 A nice site to check DNS Leaking: https://www.dnsleaktest.com...... And for IP Leak: https://ipleak.net/ Link to comment Share on other sites More sharing options...
CODYQX4 Posted November 1, 2015 Share Posted November 1, 2015 . Link to comment Share on other sites More sharing options...
mazigh Posted November 1, 2015 Share Posted November 1, 2015 A nice site to check DNS Leaking: https://www.dnsleaktest.com...... And for IP Leak: https://ipleak.net/I've always got a tab open for the latter, actually.I've got WebRTC 100% killed too.The Chrome option in uBlock prevents real IP leak (which I never had as my VPN dropped that traffic anyway), and then I firewall block the STUN ports (there's a guide somewhere in this forum) so that no IPs can leak and WebRTC is dead no matter the browser.I'm using Hotspot Shield VPN and it's doing good in preventing the WebRTC IP Leak Link to comment Share on other sites More sharing options...
HNB Posted November 1, 2015 Share Posted November 1, 2015 Im using different vpn since ages.Here is how i avoid dns leaking.Edit all your network card interface (ethernet,wifi,tap-adapter...) and add your favorite dns server ip.I am using opendns ip. Link to comment Share on other sites More sharing options...
HX1 Posted November 1, 2015 Share Posted November 1, 2015 So I tried setting up OpenVPN in my NETGEAR Router last night and everything seemed to be working great.. I think I am not for sure BUT.. I turned it off.. and the TAP Network interface showed it was not connected yet when I used a Proxy and gave it the address I received no errors ... I am not fluent in using VPN or basically what VPN does..exactly in the way of security.. but I have always used OpenDNS in everything... Are there some recommended documents which makes this simple to understand... exactly what I am doing here... and if I need it. Sounds stupid I have used the Internet since Windows 95 was around and I have used things like Tor and so on.. but I seem to get lost reading OpenVPN stuff as well as it is for several OSes.. so I am curious about digging in and knowing exactly what I am doing.. my eyes start to glaze over for some reason.. in some cases it seems easy to do.. but its like I am missing the data.. Link to comment Share on other sites More sharing options...
DiamondK Posted April 29, 2016 Share Posted April 29, 2016 What I remember the GOLDEN rules are; whichever VPN(s) [trust or famous or both] you’re using, they’ve got all your data and surfing habit, that is all. Absolutely NO offense; simple correct me if I'm wrong Link to comment Share on other sites More sharing options...
jamesDDI Posted April 29, 2016 Share Posted April 29, 2016 The M$ that I have loved no longer exists. With w10 the lowest point is reached about reliability and stability. LOL http://betanews.com/2016/04/27/windows-10-interrupts-live-tv-broadcast/ Link to comment Share on other sites More sharing options...
DiamondK Posted April 30, 2016 Share Posted April 30, 2016 I previously add the followings to my Windows 10 Pro. Try it at your own risk Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient] "DisableSmartNameResolution"=dword:00000000 Link to comment Share on other sites More sharing options...
rseiler Posted April 30, 2016 Share Posted April 30, 2016 This was fixed early in the year (as of OpenVPN 2.3.9 ) with the block-outside-dns option that you can add to your config file. Link to comment Share on other sites More sharing options...
zavana Posted May 2, 2016 Share Posted May 2, 2016 On 29/04/2016 at 1:50 PM, DiamondK said: What I remember the GOLDEN rules are; whichever VPN(s) [trust or famous or both] you’re using, they’ve got all your data and surfing habit, that is all. Absolutely NO offense; simple correct me if I'm wrong Choose only VPN service providers with zero data logging policy and make payments anonymously via Bitcoins or cash by mail. Given the amount of personal/contact infomation your ISP require upon sign-up internet/mobile services, would you continue submitting more for their records(legitimately) with or without your consent. Not forget EU data retention law applicable to ISP, not VPN. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.