Jump to content

OpenVPN plugin to fix Windows DNS Leaks


Batu69

Recommended Posts

Windows 10 DNS resolver sends DNS requests in parallel to all available network interfaces and uses the fastest reply to come. If you use DNS from the local network, this problem allows your ISP or a hacker with Wi-Fi ap to hijack your DNS records and steal your data even if you use VPN .

This plugin should fix this issue for Windows 8.1 and Windows 10 users.

Beware of Windows 10 DNS resolver and DNS Leaks

WARNING! Windows 10 VPN Users at Big Risk of DNS Leaks

How it works

This plugin implements Windows Filtering Platform userspace filter to block all IPv4 and IPv6 DNS queries from DNS Client service to port 53 except on OpenVPN's TAP interface. It works like a temporary firewall which clears its rules upon termination or crash. This is important as you won't get broken internet connection if OpenVPN client suddenly crashes, unlike with other methods.

Download

Link to comment
Share on other sites


  • Replies 15
  • Views 3.3k
  • Created
  • Last Reply

So , it just on windows 10. I'm using it on windows 7.

Link to comment
Share on other sites


Airstream_Bill

Under Windows 7 all DNS requests were made in simple order of DNS server preference, but this changed in Windows 8 when Microsoft added “‘Smart Multi-Homed Name Resolution” by default. This sent out DNS requests to all available interfaces, but only used non-preferred servers if the main DNS server failed to respond.​

This makes Windows 8.x systems liable to DNS leaks, but at least makes it unlikely that DNS requests will be hijacked. Windows 10, on the other hand, simply chooses whichever DNS request responds quickest, which presents a major security risk.​

Copied this from Source Page for exodius

Link to comment
Share on other sites


So , it just on windows 10. I'm using it on windows 7.

Windows in general has liked to leak DNS, it's just supposedly worse in newer versions.

So how to avoid it? I usually use VPN to access internet

Link to comment
Share on other sites


A nice site to check DNS Leaking: https://www.dnsleaktest.com

...... And for IP Leak: https://ipleak.net/

I've always got a tab open for the latter, actually.

I've got WebRTC 100% killed too.

The Chrome option in uBlock prevents real IP leak (which I never had as my VPN dropped that traffic anyway), and then I firewall block the STUN ports (there's a guide somewhere in this forum) so that no IPs can leak and WebRTC is dead no matter the browser.

I'm using Hotspot Shield VPN and it's doing good in preventing the WebRTC IP Leak

Link to comment
Share on other sites


Im using different vpn since ages.

Here is how i avoid dns leaking.

Edit all your network card interface (ethernet,wifi,tap-adapter...) and add your favorite dns server ip.

I am using opendns ip.

KgdbbSb.png

nwGpAmq.png

A78ODSM.png

Link to comment
Share on other sites


So I tried setting up OpenVPN in my NETGEAR Router last night and everything seemed to be working great.. I think I am not for sure BUT.. I turned it off.. and the TAP Network interface showed it was not connected yet when I used a Proxy and gave it the address I received no errors ... I am not fluent in using VPN or basically what VPN does..exactly in the way of security.. but I have always used OpenDNS in everything...

Are there some recommended documents which makes this simple to understand... exactly what I am doing here... and if I need it.

Sounds stupid I have used the Internet since Windows 95 was around and I have used things like Tor and so on.. but I seem to get lost reading OpenVPN stuff as well as it is for several OSes.. so I am curious about digging in and knowing exactly what I am doing.. my eyes start to glaze over for some reason.. in some cases it seems easy to do.. but its like I am missing the data..

Link to comment
Share on other sites


  • 5 months later...

What I remember the GOLDEN rules are; whichever VPN(s) [trust or famous or both] you’re using, they’ve got all your data and surfing habit, that is all.

Absolutely NO offense; simple correct me if I'm wrong^_^

Link to comment
Share on other sites


I previously add the followings to my Windows 10 Pro. Try it at your own risk :lol:

 

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient]
"DisableSmartNameResolution"=dword:00000000

 

 

 

Link to comment
Share on other sites


This was fixed early in the year (as of OpenVPN 2.3.9 ) with the block-outside-dns option that you can add to your config file.
 

Link to comment
Share on other sites


On 29/04/2016 at 1:50 PM, DiamondK said:

What I remember the GOLDEN rules are; whichever VPN(s) [trust or famous or both] you’re using, they’ve got all your data and surfing habit, that is all.

Absolutely NO offense; simple correct me if I'm wrong^_^

 

Choose only VPN service providers with zero data logging policy and make payments anonymously via Bitcoins or cash by mail.

 

Given the amount of personal/contact infomation your ISP require upon sign-up internet/mobile services, would you continue submitting more for their records(legitimately) with or without your consent.

 

Not forget EU data retention law applicable to ISP, not VPN.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...