Open-wrt DNS Leak Problem

[Xionic]

I recently got an Gl.inet mini router which is pre-installed with Open-wrt that is OpenVPN-Tor compatible

everything is running smoothly until i found out I have dns leak

 

My Q is:How to stop the leak and get the vpn own-dns servers to work

 

PS:I use BolehVPN btw

[Israeli_Eagle]

• NEVER use any DNS servers which are logging
• NEVER use the DNS of your providers (also not VPN providers)
• Better use different DNS servers of your router and VPN

https://www.lifewire.com/free-and-public-dns-servers-2626062

[nOkialpha]

add this line in your openvpn config file

block-outside-dns

 

[Israeli_Eagle]

3 hours ago, NokiAlpha said:

add this line in your openvpn config file

block-outside-dns

 

 

Ohhh yes! That's a MUST for Win10.

[Xionic]

7 hours ago, NokiAlpha said:

add this line in your openvpn config file

block-outside-dns

 

 

Yes,can u please explain?

[nOkialpha]

By default Windows 10 attempts to improve web performance by sending DNS requests in parallel to all available resources at once[through your ISP and local network interface], and using the fastest one.

Culprits :

Smart Multi-Homed Name Resolution [LLMNR]

HOw to Disable :

Spoiler

Open gpedit.msc.
Goto Local Computer Policy -> Computer Configuration -> Administrative Templates -> Network -> DNS Client.
Click on “Turn Off Multicast Name Resolution” and set it to “Enabled”

 

With Windows 10, you need to do one additional entry (Smart Multi-Homed Name Resolution was heavily rewritten for Windows 10).

Spoiler

Navigate to 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentCon-trolSet\Services\Dnscache\Parameters
Now create a DWORD called DisableParallelAandAAAA
Give it a value of ONE

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT
Create a new key named DNSClient (assuming it is not there)
and inside this new key create a new DWORD called EnableMulticast
The default value for this will be zero, so leave it that way.

 

 

Now About OpenVpn Config

DNS leak is a Windows 10 related problem and is fixed in OpenVPN 2.3.9 when using the block-outside-dns configuration option

 

An example .ovpn from VPN provider [edit .ovpn config file using notepad]

Spoiler

client
dev tun
proto udp
persist-key
persist-tun
remote xcvhgasjhajk.djdujduej.dkfjd 53
nobind
comp-lzo
tls-client
route-method exe
route-delay 2
tun-mtu 1500
ping-timer-rem
auth SHA512
<cert>
-----BEGIN CERTIFICATE-----

 

To avoid DNS leak in windows 10

Add this line your .opvn config [there is no specific place just write below line anywhere in your config]

block-outside-dns

After Adding above line in .ovpn config its looks like

Spoiler

client
dev tun
proto udp
persist-key
persist-tun
auth-nocache  <<------this line prevent caching passwords in memory by vpn
remote xcvhgasjhajk.djdujduej.dkfjd 53
block-outside-dns  <<----- prevent DNS leak in windows10
nobind
comp-lzo
tls-client
route-method exe
route-delay 2
fragment 1400 <-----use this line if you want fix disconection issue in windows(increase/decrease value to solve disconnection)
mssfix 1300  <-----use this line if you want fix disconection issue in windows(increase/decrease value to solve disconnection)
--script-security 2 <<-----this line allow ovpn config. to call user-defined scripts [this is different in case of OLD openvpn 3.xx.x]
tun-mtu 1500
verb 3  <<-----It is verbose mode.Use this line in config if you want to solve any error.
ping-timer-rem
auth SHA512
up flush-dns.bat <<-----user-defined script
<cert>
-----BEGIN CERTIFICATE-----

 

 

[SumitJain]

We can always use static IP address before connecting to VPN and switch back to original DNS after completing work. Also, we can check settings and prevent DNS leaks.

 

Source:Technofizi