block outside dns, fix dns leak ubuntu 18.04











up vote
6
down vote

favorite
2












Using dns leak test while under my VPN I discovered that it was leaking. I've setup my VPN via NetworkManager and it works properly except for the leak.



First, i've tried to add block-outside-vpn to the configuration file except that under /etc/NetworkManager/system-connections it does not follow the same format. I couldn't find the doc on how to properly write one for dns leaks.



Also, using Ubuntu 18.04 resolv.conf does not work like before, all the other answers are based on that.



Briefly, how to block outside dns (leak) using Network Manager configuration files or the GUI?










share|improve this question
























  • block-outside-vpn typically is only a Windows OpenVPN connection option. Fixing the DNS "leakage" would be to use a specific DNS server that exists only on the other side of the VPN. What were the DNS Leak Test results you saw? (they're relevant)
    – Thomas Ward
    Nov 15 at 21:22















up vote
6
down vote

favorite
2












Using dns leak test while under my VPN I discovered that it was leaking. I've setup my VPN via NetworkManager and it works properly except for the leak.



First, i've tried to add block-outside-vpn to the configuration file except that under /etc/NetworkManager/system-connections it does not follow the same format. I couldn't find the doc on how to properly write one for dns leaks.



Also, using Ubuntu 18.04 resolv.conf does not work like before, all the other answers are based on that.



Briefly, how to block outside dns (leak) using Network Manager configuration files or the GUI?










share|improve this question
























  • block-outside-vpn typically is only a Windows OpenVPN connection option. Fixing the DNS "leakage" would be to use a specific DNS server that exists only on the other side of the VPN. What were the DNS Leak Test results you saw? (they're relevant)
    – Thomas Ward
    Nov 15 at 21:22













up vote
6
down vote

favorite
2









up vote
6
down vote

favorite
2






2





Using dns leak test while under my VPN I discovered that it was leaking. I've setup my VPN via NetworkManager and it works properly except for the leak.



First, i've tried to add block-outside-vpn to the configuration file except that under /etc/NetworkManager/system-connections it does not follow the same format. I couldn't find the doc on how to properly write one for dns leaks.



Also, using Ubuntu 18.04 resolv.conf does not work like before, all the other answers are based on that.



Briefly, how to block outside dns (leak) using Network Manager configuration files or the GUI?










share|improve this question















Using dns leak test while under my VPN I discovered that it was leaking. I've setup my VPN via NetworkManager and it works properly except for the leak.



First, i've tried to add block-outside-vpn to the configuration file except that under /etc/NetworkManager/system-connections it does not follow the same format. I couldn't find the doc on how to properly write one for dns leaks.



Also, using Ubuntu 18.04 resolv.conf does not work like before, all the other answers are based on that.



Briefly, how to block outside dns (leak) using Network Manager configuration files or the GUI?







networking 18.04 network-manager dns vpn






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Aug 15 at 12:56

























asked Aug 15 at 12:47









Pobe

968




968












  • block-outside-vpn typically is only a Windows OpenVPN connection option. Fixing the DNS "leakage" would be to use a specific DNS server that exists only on the other side of the VPN. What were the DNS Leak Test results you saw? (they're relevant)
    – Thomas Ward
    Nov 15 at 21:22


















  • block-outside-vpn typically is only a Windows OpenVPN connection option. Fixing the DNS "leakage" would be to use a specific DNS server that exists only on the other side of the VPN. What were the DNS Leak Test results you saw? (they're relevant)
    – Thomas Ward
    Nov 15 at 21:22
















block-outside-vpn typically is only a Windows OpenVPN connection option. Fixing the DNS "leakage" would be to use a specific DNS server that exists only on the other side of the VPN. What were the DNS Leak Test results you saw? (they're relevant)
– Thomas Ward
Nov 15 at 21:22




block-outside-vpn typically is only a Windows OpenVPN connection option. Fixing the DNS "leakage" would be to use a specific DNS server that exists only on the other side of the VPN. What were the DNS Leak Test results you saw? (they're relevant)
– Thomas Ward
Nov 15 at 21:22










5 Answers
5






active

oldest

votes

















up vote
2
down vote













I suggest using dnscrypt.



First install it:



sudo apt install dnscrypt-proxy


By default it will listens to 127.0.2.1 port 53.



Edit your VPN or any other connection you like and set 127.0.2.1 as its DNS server, using CLI you can run:



nmcli connection modify [CONNECTION-NAME] ipv4.dns 127.0.2.1


And just in case block the out going DNS requests:



sudo ufw deny out 53


And make sure firewall is enabled:



sudo ufw enable





share|improve this answer





















  • My DNS is still leaking as per DNS leak test. It's also important to mention that disabling VPN while ufw is enabled would render internet unavailable (blocked port 53).
    – Pobe
    Aug 22 at 14:07










  • Run this command: nmcli connection modify [CONNECTION-NAME] ipv4.ignore-auto-dns yes see if it helps.
    – Ravexina
    Aug 22 at 15:20


















up vote
2
down vote













If you have a DNS leak as indicated by checking on
browserleaks.com or dnsleaktest.com,




  1. Shut off your VPN connection


  2. Attempt to undo any .conf file edits you've wasted time already making. If you've been trying a lot of various suggestions, your best good chance might be to do a fresh install and ensure you've also installed networkmanager-openvpn-gnome as Ubuntu does not have VPN config importing provided by default.



  3. Install dnsmasq



    sudo apt update
    sudo apt install dnsmasq



  4. Disable resolved



    sudo systemctl disable systemd-resolved.service
    sudo systemctl stop systemd-resolved.service



  5. Remove /etc/resolv.conf and create a new one:



    sudo rm /etc/resolv.conf
    sudo nano /etc/resolv.conf



  6. Enter into your empty .conf file:



    nameserver 127.0.0.1`         that's all!


  7. Press Ctrl+x to exit the editor. Enter y to save and then press Enter to overwrite your new resolv.conf file.



  8. Edit your NetworkManager.conf file



    sudo nano /etc/NetworkManager/NetworkManager.conf 


    and add the following:



    dns=dnsmasq 


    beneath the lines (navigate using arrow keys), [main] and plugins=ifupdown, keyfile exactly like this with the new line added.



    [main]
    plugins=ifupdown, keyfile
    dns=dnsmasq


    Press Ctrl+x to exit the editor. Enter y to save and then press Enter to overwrite the file.



  9. Back out of the terminal, and reboot the system and check your dnsleak test site for results.



With thanks to Anonymous VPN whose solutions for Leaks on Ubuntu/Network Manager seem well researched and successful. THEY WORK and when no other solutions worked for me, these did. The above shown solution works for Ubuntu 17.x and 18.04 LTS. See his other solution for 16.04 LTS.






share|improve this answer























  • I've tested this solution on a VM and all worked. Then I've tried on a main machine and saw dns from VPN and dns leak. On a VM nameserver changed from 127.0.2.1 to 192.168.122.1 and when I connect to VPN in a resolv.conf I see two nameserver lines, one with 192.168.122.1 and the other with VPNs dns but on a main machine I always see two lines search lan nameserver 127.0.1.1.
    – GoodGuyNick
    Sep 23 at 12:56


















up vote
1
down vote













To fix DNS leaks on Ubuntu 18.04, you can edit a file called /etc/dhcp/dhclient.conf. According to the manual page, this file "provides a means for configuring one or more network interfaces using the Dynamic Host Configuration Protocol, BOOTP protocol, or if these protocols fail, by statically assigning an address."



As for fixing your DNS leaks, we will be editing this file. Opening it with the proper permissions, you will see a commented line that looks something like this:



#prepend domain-name-servers 127.0.0.53;


Uncomment this line, and change the domain-name-server to a different one, such as OpenDNS: 208.67.222.222. Using this OpenDNS address, this line would now look like this:



prepend domain-name-servers 208.67.222.222;


After saving the file and rebooting your system, this should fix the DNS leaks on Ubuntu 18.04.






share|improve this answer





















  • Or you could just edit your connection in a GUI and get the same result: open edit window for your connection=>IPv4/IPv6 Settings, change "Method" to "Automatic, addresses only" and add yours "DNS servers".
    – GoodGuyNick
    Sep 23 at 13:35


















up vote
0
down vote













Try using the update-systemd-resolved script that does not make changes to the resolv.conf, and instead uses the systemd-resolved service using it's DBus API



Get it from git and install it by:



git clone https://github.com/aghorler/update-systemd-resolved.git
cd update-systemd-resolved
make


Now edit nsswitch.conf by:



sudo nano /etc/nsswitch.conf


and then change the line starting with hosts: to say



hosts: files resolve dns myhostname


Enable the service and make sure it's running automatically:



sudo systemctl enable systemd-resolved.service
sudo systemctl start systemd-resolved.service





NOTE: If you don't want to follow the above steps and you're okay with using the terminal, the DNS leak only occurs when using
NetworkManager, it so far in my experience does not happen when you
run openvpn from the terminal with sudo openvpn --config config.ovpn







share|improve this answer





















  • What would be the line in config.ovpn that would block the leak? Do you have an example of that? (The solution above did not work for me).
    – Pobe
    Aug 22 at 14:36


















up vote
0
down vote













I have tried just about every solution I could find online to fix the dns leak problem. Openvpn started just fine but showed that it was leaking when I went to the test sites. After I got no joy trying all the remedies, I went into my wifi and ethernet setting and used openvpn's dns servers instead of my ISP's and everything was fine from then on. I'm sure you've seen the ip addresses all over the place but here they are if you haven't: 208.67.222.222 and 208.67.220.220.






share|improve this answer





















    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "89"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














     

    draft saved


    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1065568%2fblock-outside-dns-fix-dns-leak-ubuntu-18-04%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    5 Answers
    5






    active

    oldest

    votes








    5 Answers
    5






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    2
    down vote













    I suggest using dnscrypt.



    First install it:



    sudo apt install dnscrypt-proxy


    By default it will listens to 127.0.2.1 port 53.



    Edit your VPN or any other connection you like and set 127.0.2.1 as its DNS server, using CLI you can run:



    nmcli connection modify [CONNECTION-NAME] ipv4.dns 127.0.2.1


    And just in case block the out going DNS requests:



    sudo ufw deny out 53


    And make sure firewall is enabled:



    sudo ufw enable





    share|improve this answer





















    • My DNS is still leaking as per DNS leak test. It's also important to mention that disabling VPN while ufw is enabled would render internet unavailable (blocked port 53).
      – Pobe
      Aug 22 at 14:07










    • Run this command: nmcli connection modify [CONNECTION-NAME] ipv4.ignore-auto-dns yes see if it helps.
      – Ravexina
      Aug 22 at 15:20















    up vote
    2
    down vote













    I suggest using dnscrypt.



    First install it:



    sudo apt install dnscrypt-proxy


    By default it will listens to 127.0.2.1 port 53.



    Edit your VPN or any other connection you like and set 127.0.2.1 as its DNS server, using CLI you can run:



    nmcli connection modify [CONNECTION-NAME] ipv4.dns 127.0.2.1


    And just in case block the out going DNS requests:



    sudo ufw deny out 53


    And make sure firewall is enabled:



    sudo ufw enable





    share|improve this answer





















    • My DNS is still leaking as per DNS leak test. It's also important to mention that disabling VPN while ufw is enabled would render internet unavailable (blocked port 53).
      – Pobe
      Aug 22 at 14:07










    • Run this command: nmcli connection modify [CONNECTION-NAME] ipv4.ignore-auto-dns yes see if it helps.
      – Ravexina
      Aug 22 at 15:20













    up vote
    2
    down vote










    up vote
    2
    down vote









    I suggest using dnscrypt.



    First install it:



    sudo apt install dnscrypt-proxy


    By default it will listens to 127.0.2.1 port 53.



    Edit your VPN or any other connection you like and set 127.0.2.1 as its DNS server, using CLI you can run:



    nmcli connection modify [CONNECTION-NAME] ipv4.dns 127.0.2.1


    And just in case block the out going DNS requests:



    sudo ufw deny out 53


    And make sure firewall is enabled:



    sudo ufw enable





    share|improve this answer












    I suggest using dnscrypt.



    First install it:



    sudo apt install dnscrypt-proxy


    By default it will listens to 127.0.2.1 port 53.



    Edit your VPN or any other connection you like and set 127.0.2.1 as its DNS server, using CLI you can run:



    nmcli connection modify [CONNECTION-NAME] ipv4.dns 127.0.2.1


    And just in case block the out going DNS requests:



    sudo ufw deny out 53


    And make sure firewall is enabled:



    sudo ufw enable






    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Aug 17 at 17:52









    Ravexina

    30.6k1478106




    30.6k1478106












    • My DNS is still leaking as per DNS leak test. It's also important to mention that disabling VPN while ufw is enabled would render internet unavailable (blocked port 53).
      – Pobe
      Aug 22 at 14:07










    • Run this command: nmcli connection modify [CONNECTION-NAME] ipv4.ignore-auto-dns yes see if it helps.
      – Ravexina
      Aug 22 at 15:20


















    • My DNS is still leaking as per DNS leak test. It's also important to mention that disabling VPN while ufw is enabled would render internet unavailable (blocked port 53).
      – Pobe
      Aug 22 at 14:07










    • Run this command: nmcli connection modify [CONNECTION-NAME] ipv4.ignore-auto-dns yes see if it helps.
      – Ravexina
      Aug 22 at 15:20
















    My DNS is still leaking as per DNS leak test. It's also important to mention that disabling VPN while ufw is enabled would render internet unavailable (blocked port 53).
    – Pobe
    Aug 22 at 14:07




    My DNS is still leaking as per DNS leak test. It's also important to mention that disabling VPN while ufw is enabled would render internet unavailable (blocked port 53).
    – Pobe
    Aug 22 at 14:07












    Run this command: nmcli connection modify [CONNECTION-NAME] ipv4.ignore-auto-dns yes see if it helps.
    – Ravexina
    Aug 22 at 15:20




    Run this command: nmcli connection modify [CONNECTION-NAME] ipv4.ignore-auto-dns yes see if it helps.
    – Ravexina
    Aug 22 at 15:20












    up vote
    2
    down vote













    If you have a DNS leak as indicated by checking on
    browserleaks.com or dnsleaktest.com,




    1. Shut off your VPN connection


    2. Attempt to undo any .conf file edits you've wasted time already making. If you've been trying a lot of various suggestions, your best good chance might be to do a fresh install and ensure you've also installed networkmanager-openvpn-gnome as Ubuntu does not have VPN config importing provided by default.



    3. Install dnsmasq



      sudo apt update
      sudo apt install dnsmasq



    4. Disable resolved



      sudo systemctl disable systemd-resolved.service
      sudo systemctl stop systemd-resolved.service



    5. Remove /etc/resolv.conf and create a new one:



      sudo rm /etc/resolv.conf
      sudo nano /etc/resolv.conf



    6. Enter into your empty .conf file:



      nameserver 127.0.0.1`         that's all!


    7. Press Ctrl+x to exit the editor. Enter y to save and then press Enter to overwrite your new resolv.conf file.



    8. Edit your NetworkManager.conf file



      sudo nano /etc/NetworkManager/NetworkManager.conf 


      and add the following:



      dns=dnsmasq 


      beneath the lines (navigate using arrow keys), [main] and plugins=ifupdown, keyfile exactly like this with the new line added.



      [main]
      plugins=ifupdown, keyfile
      dns=dnsmasq


      Press Ctrl+x to exit the editor. Enter y to save and then press Enter to overwrite the file.



    9. Back out of the terminal, and reboot the system and check your dnsleak test site for results.



    With thanks to Anonymous VPN whose solutions for Leaks on Ubuntu/Network Manager seem well researched and successful. THEY WORK and when no other solutions worked for me, these did. The above shown solution works for Ubuntu 17.x and 18.04 LTS. See his other solution for 16.04 LTS.






    share|improve this answer























    • I've tested this solution on a VM and all worked. Then I've tried on a main machine and saw dns from VPN and dns leak. On a VM nameserver changed from 127.0.2.1 to 192.168.122.1 and when I connect to VPN in a resolv.conf I see two nameserver lines, one with 192.168.122.1 and the other with VPNs dns but on a main machine I always see two lines search lan nameserver 127.0.1.1.
      – GoodGuyNick
      Sep 23 at 12:56















    up vote
    2
    down vote













    If you have a DNS leak as indicated by checking on
    browserleaks.com or dnsleaktest.com,




    1. Shut off your VPN connection


    2. Attempt to undo any .conf file edits you've wasted time already making. If you've been trying a lot of various suggestions, your best good chance might be to do a fresh install and ensure you've also installed networkmanager-openvpn-gnome as Ubuntu does not have VPN config importing provided by default.



    3. Install dnsmasq



      sudo apt update
      sudo apt install dnsmasq



    4. Disable resolved



      sudo systemctl disable systemd-resolved.service
      sudo systemctl stop systemd-resolved.service



    5. Remove /etc/resolv.conf and create a new one:



      sudo rm /etc/resolv.conf
      sudo nano /etc/resolv.conf



    6. Enter into your empty .conf file:



      nameserver 127.0.0.1`         that's all!


    7. Press Ctrl+x to exit the editor. Enter y to save and then press Enter to overwrite your new resolv.conf file.



    8. Edit your NetworkManager.conf file



      sudo nano /etc/NetworkManager/NetworkManager.conf 


      and add the following:



      dns=dnsmasq 


      beneath the lines (navigate using arrow keys), [main] and plugins=ifupdown, keyfile exactly like this with the new line added.



      [main]
      plugins=ifupdown, keyfile
      dns=dnsmasq


      Press Ctrl+x to exit the editor. Enter y to save and then press Enter to overwrite the file.



    9. Back out of the terminal, and reboot the system and check your dnsleak test site for results.



    With thanks to Anonymous VPN whose solutions for Leaks on Ubuntu/Network Manager seem well researched and successful. THEY WORK and when no other solutions worked for me, these did. The above shown solution works for Ubuntu 17.x and 18.04 LTS. See his other solution for 16.04 LTS.






    share|improve this answer























    • I've tested this solution on a VM and all worked. Then I've tried on a main machine and saw dns from VPN and dns leak. On a VM nameserver changed from 127.0.2.1 to 192.168.122.1 and when I connect to VPN in a resolv.conf I see two nameserver lines, one with 192.168.122.1 and the other with VPNs dns but on a main machine I always see two lines search lan nameserver 127.0.1.1.
      – GoodGuyNick
      Sep 23 at 12:56













    up vote
    2
    down vote










    up vote
    2
    down vote









    If you have a DNS leak as indicated by checking on
    browserleaks.com or dnsleaktest.com,




    1. Shut off your VPN connection


    2. Attempt to undo any .conf file edits you've wasted time already making. If you've been trying a lot of various suggestions, your best good chance might be to do a fresh install and ensure you've also installed networkmanager-openvpn-gnome as Ubuntu does not have VPN config importing provided by default.



    3. Install dnsmasq



      sudo apt update
      sudo apt install dnsmasq



    4. Disable resolved



      sudo systemctl disable systemd-resolved.service
      sudo systemctl stop systemd-resolved.service



    5. Remove /etc/resolv.conf and create a new one:



      sudo rm /etc/resolv.conf
      sudo nano /etc/resolv.conf



    6. Enter into your empty .conf file:



      nameserver 127.0.0.1`         that's all!


    7. Press Ctrl+x to exit the editor. Enter y to save and then press Enter to overwrite your new resolv.conf file.



    8. Edit your NetworkManager.conf file



      sudo nano /etc/NetworkManager/NetworkManager.conf 


      and add the following:



      dns=dnsmasq 


      beneath the lines (navigate using arrow keys), [main] and plugins=ifupdown, keyfile exactly like this with the new line added.



      [main]
      plugins=ifupdown, keyfile
      dns=dnsmasq


      Press Ctrl+x to exit the editor. Enter y to save and then press Enter to overwrite the file.



    9. Back out of the terminal, and reboot the system and check your dnsleak test site for results.



    With thanks to Anonymous VPN whose solutions for Leaks on Ubuntu/Network Manager seem well researched and successful. THEY WORK and when no other solutions worked for me, these did. The above shown solution works for Ubuntu 17.x and 18.04 LTS. See his other solution for 16.04 LTS.






    share|improve this answer














    If you have a DNS leak as indicated by checking on
    browserleaks.com or dnsleaktest.com,




    1. Shut off your VPN connection


    2. Attempt to undo any .conf file edits you've wasted time already making. If you've been trying a lot of various suggestions, your best good chance might be to do a fresh install and ensure you've also installed networkmanager-openvpn-gnome as Ubuntu does not have VPN config importing provided by default.



    3. Install dnsmasq



      sudo apt update
      sudo apt install dnsmasq



    4. Disable resolved



      sudo systemctl disable systemd-resolved.service
      sudo systemctl stop systemd-resolved.service



    5. Remove /etc/resolv.conf and create a new one:



      sudo rm /etc/resolv.conf
      sudo nano /etc/resolv.conf



    6. Enter into your empty .conf file:



      nameserver 127.0.0.1`         that's all!


    7. Press Ctrl+x to exit the editor. Enter y to save and then press Enter to overwrite your new resolv.conf file.



    8. Edit your NetworkManager.conf file



      sudo nano /etc/NetworkManager/NetworkManager.conf 


      and add the following:



      dns=dnsmasq 


      beneath the lines (navigate using arrow keys), [main] and plugins=ifupdown, keyfile exactly like this with the new line added.



      [main]
      plugins=ifupdown, keyfile
      dns=dnsmasq


      Press Ctrl+x to exit the editor. Enter y to save and then press Enter to overwrite the file.



    9. Back out of the terminal, and reboot the system and check your dnsleak test site for results.



    With thanks to Anonymous VPN whose solutions for Leaks on Ubuntu/Network Manager seem well researched and successful. THEY WORK and when no other solutions worked for me, these did. The above shown solution works for Ubuntu 17.x and 18.04 LTS. See his other solution for 16.04 LTS.







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited Nov 18 at 16:24

























    answered Aug 25 at 20:08









    Dosenfleisch

    315




    315












    • I've tested this solution on a VM and all worked. Then I've tried on a main machine and saw dns from VPN and dns leak. On a VM nameserver changed from 127.0.2.1 to 192.168.122.1 and when I connect to VPN in a resolv.conf I see two nameserver lines, one with 192.168.122.1 and the other with VPNs dns but on a main machine I always see two lines search lan nameserver 127.0.1.1.
      – GoodGuyNick
      Sep 23 at 12:56


















    • I've tested this solution on a VM and all worked. Then I've tried on a main machine and saw dns from VPN and dns leak. On a VM nameserver changed from 127.0.2.1 to 192.168.122.1 and when I connect to VPN in a resolv.conf I see two nameserver lines, one with 192.168.122.1 and the other with VPNs dns but on a main machine I always see two lines search lan nameserver 127.0.1.1.
      – GoodGuyNick
      Sep 23 at 12:56
















    I've tested this solution on a VM and all worked. Then I've tried on a main machine and saw dns from VPN and dns leak. On a VM nameserver changed from 127.0.2.1 to 192.168.122.1 and when I connect to VPN in a resolv.conf I see two nameserver lines, one with 192.168.122.1 and the other with VPNs dns but on a main machine I always see two lines search lan nameserver 127.0.1.1.
    – GoodGuyNick
    Sep 23 at 12:56




    I've tested this solution on a VM and all worked. Then I've tried on a main machine and saw dns from VPN and dns leak. On a VM nameserver changed from 127.0.2.1 to 192.168.122.1 and when I connect to VPN in a resolv.conf I see two nameserver lines, one with 192.168.122.1 and the other with VPNs dns but on a main machine I always see two lines search lan nameserver 127.0.1.1.
    – GoodGuyNick
    Sep 23 at 12:56










    up vote
    1
    down vote













    To fix DNS leaks on Ubuntu 18.04, you can edit a file called /etc/dhcp/dhclient.conf. According to the manual page, this file "provides a means for configuring one or more network interfaces using the Dynamic Host Configuration Protocol, BOOTP protocol, or if these protocols fail, by statically assigning an address."



    As for fixing your DNS leaks, we will be editing this file. Opening it with the proper permissions, you will see a commented line that looks something like this:



    #prepend domain-name-servers 127.0.0.53;


    Uncomment this line, and change the domain-name-server to a different one, such as OpenDNS: 208.67.222.222. Using this OpenDNS address, this line would now look like this:



    prepend domain-name-servers 208.67.222.222;


    After saving the file and rebooting your system, this should fix the DNS leaks on Ubuntu 18.04.






    share|improve this answer





















    • Or you could just edit your connection in a GUI and get the same result: open edit window for your connection=>IPv4/IPv6 Settings, change "Method" to "Automatic, addresses only" and add yours "DNS servers".
      – GoodGuyNick
      Sep 23 at 13:35















    up vote
    1
    down vote













    To fix DNS leaks on Ubuntu 18.04, you can edit a file called /etc/dhcp/dhclient.conf. According to the manual page, this file "provides a means for configuring one or more network interfaces using the Dynamic Host Configuration Protocol, BOOTP protocol, or if these protocols fail, by statically assigning an address."



    As for fixing your DNS leaks, we will be editing this file. Opening it with the proper permissions, you will see a commented line that looks something like this:



    #prepend domain-name-servers 127.0.0.53;


    Uncomment this line, and change the domain-name-server to a different one, such as OpenDNS: 208.67.222.222. Using this OpenDNS address, this line would now look like this:



    prepend domain-name-servers 208.67.222.222;


    After saving the file and rebooting your system, this should fix the DNS leaks on Ubuntu 18.04.






    share|improve this answer





















    • Or you could just edit your connection in a GUI and get the same result: open edit window for your connection=>IPv4/IPv6 Settings, change "Method" to "Automatic, addresses only" and add yours "DNS servers".
      – GoodGuyNick
      Sep 23 at 13:35













    up vote
    1
    down vote










    up vote
    1
    down vote









    To fix DNS leaks on Ubuntu 18.04, you can edit a file called /etc/dhcp/dhclient.conf. According to the manual page, this file "provides a means for configuring one or more network interfaces using the Dynamic Host Configuration Protocol, BOOTP protocol, or if these protocols fail, by statically assigning an address."



    As for fixing your DNS leaks, we will be editing this file. Opening it with the proper permissions, you will see a commented line that looks something like this:



    #prepend domain-name-servers 127.0.0.53;


    Uncomment this line, and change the domain-name-server to a different one, such as OpenDNS: 208.67.222.222. Using this OpenDNS address, this line would now look like this:



    prepend domain-name-servers 208.67.222.222;


    After saving the file and rebooting your system, this should fix the DNS leaks on Ubuntu 18.04.






    share|improve this answer












    To fix DNS leaks on Ubuntu 18.04, you can edit a file called /etc/dhcp/dhclient.conf. According to the manual page, this file "provides a means for configuring one or more network interfaces using the Dynamic Host Configuration Protocol, BOOTP protocol, or if these protocols fail, by statically assigning an address."



    As for fixing your DNS leaks, we will be editing this file. Opening it with the proper permissions, you will see a commented line that looks something like this:



    #prepend domain-name-servers 127.0.0.53;


    Uncomment this line, and change the domain-name-server to a different one, such as OpenDNS: 208.67.222.222. Using this OpenDNS address, this line would now look like this:



    prepend domain-name-servers 208.67.222.222;


    After saving the file and rebooting your system, this should fix the DNS leaks on Ubuntu 18.04.







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Sep 22 at 13:06









    Stone

    111




    111












    • Or you could just edit your connection in a GUI and get the same result: open edit window for your connection=>IPv4/IPv6 Settings, change "Method" to "Automatic, addresses only" and add yours "DNS servers".
      – GoodGuyNick
      Sep 23 at 13:35


















    • Or you could just edit your connection in a GUI and get the same result: open edit window for your connection=>IPv4/IPv6 Settings, change "Method" to "Automatic, addresses only" and add yours "DNS servers".
      – GoodGuyNick
      Sep 23 at 13:35
















    Or you could just edit your connection in a GUI and get the same result: open edit window for your connection=>IPv4/IPv6 Settings, change "Method" to "Automatic, addresses only" and add yours "DNS servers".
    – GoodGuyNick
    Sep 23 at 13:35




    Or you could just edit your connection in a GUI and get the same result: open edit window for your connection=>IPv4/IPv6 Settings, change "Method" to "Automatic, addresses only" and add yours "DNS servers".
    – GoodGuyNick
    Sep 23 at 13:35










    up vote
    0
    down vote













    Try using the update-systemd-resolved script that does not make changes to the resolv.conf, and instead uses the systemd-resolved service using it's DBus API



    Get it from git and install it by:



    git clone https://github.com/aghorler/update-systemd-resolved.git
    cd update-systemd-resolved
    make


    Now edit nsswitch.conf by:



    sudo nano /etc/nsswitch.conf


    and then change the line starting with hosts: to say



    hosts: files resolve dns myhostname


    Enable the service and make sure it's running automatically:



    sudo systemctl enable systemd-resolved.service
    sudo systemctl start systemd-resolved.service





    NOTE: If you don't want to follow the above steps and you're okay with using the terminal, the DNS leak only occurs when using
    NetworkManager, it so far in my experience does not happen when you
    run openvpn from the terminal with sudo openvpn --config config.ovpn







    share|improve this answer





















    • What would be the line in config.ovpn that would block the leak? Do you have an example of that? (The solution above did not work for me).
      – Pobe
      Aug 22 at 14:36















    up vote
    0
    down vote













    Try using the update-systemd-resolved script that does not make changes to the resolv.conf, and instead uses the systemd-resolved service using it's DBus API



    Get it from git and install it by:



    git clone https://github.com/aghorler/update-systemd-resolved.git
    cd update-systemd-resolved
    make


    Now edit nsswitch.conf by:



    sudo nano /etc/nsswitch.conf


    and then change the line starting with hosts: to say



    hosts: files resolve dns myhostname


    Enable the service and make sure it's running automatically:



    sudo systemctl enable systemd-resolved.service
    sudo systemctl start systemd-resolved.service





    NOTE: If you don't want to follow the above steps and you're okay with using the terminal, the DNS leak only occurs when using
    NetworkManager, it so far in my experience does not happen when you
    run openvpn from the terminal with sudo openvpn --config config.ovpn







    share|improve this answer





















    • What would be the line in config.ovpn that would block the leak? Do you have an example of that? (The solution above did not work for me).
      – Pobe
      Aug 22 at 14:36













    up vote
    0
    down vote










    up vote
    0
    down vote









    Try using the update-systemd-resolved script that does not make changes to the resolv.conf, and instead uses the systemd-resolved service using it's DBus API



    Get it from git and install it by:



    git clone https://github.com/aghorler/update-systemd-resolved.git
    cd update-systemd-resolved
    make


    Now edit nsswitch.conf by:



    sudo nano /etc/nsswitch.conf


    and then change the line starting with hosts: to say



    hosts: files resolve dns myhostname


    Enable the service and make sure it's running automatically:



    sudo systemctl enable systemd-resolved.service
    sudo systemctl start systemd-resolved.service





    NOTE: If you don't want to follow the above steps and you're okay with using the terminal, the DNS leak only occurs when using
    NetworkManager, it so far in my experience does not happen when you
    run openvpn from the terminal with sudo openvpn --config config.ovpn







    share|improve this answer












    Try using the update-systemd-resolved script that does not make changes to the resolv.conf, and instead uses the systemd-resolved service using it's DBus API



    Get it from git and install it by:



    git clone https://github.com/aghorler/update-systemd-resolved.git
    cd update-systemd-resolved
    make


    Now edit nsswitch.conf by:



    sudo nano /etc/nsswitch.conf


    and then change the line starting with hosts: to say



    hosts: files resolve dns myhostname


    Enable the service and make sure it's running automatically:



    sudo systemctl enable systemd-resolved.service
    sudo systemctl start systemd-resolved.service





    NOTE: If you don't want to follow the above steps and you're okay with using the terminal, the DNS leak only occurs when using
    NetworkManager, it so far in my experience does not happen when you
    run openvpn from the terminal with sudo openvpn --config config.ovpn








    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Aug 17 at 18:03









    Amith KK

    10.2k1153111




    10.2k1153111












    • What would be the line in config.ovpn that would block the leak? Do you have an example of that? (The solution above did not work for me).
      – Pobe
      Aug 22 at 14:36


















    • What would be the line in config.ovpn that would block the leak? Do you have an example of that? (The solution above did not work for me).
      – Pobe
      Aug 22 at 14:36
















    What would be the line in config.ovpn that would block the leak? Do you have an example of that? (The solution above did not work for me).
    – Pobe
    Aug 22 at 14:36




    What would be the line in config.ovpn that would block the leak? Do you have an example of that? (The solution above did not work for me).
    – Pobe
    Aug 22 at 14:36










    up vote
    0
    down vote













    I have tried just about every solution I could find online to fix the dns leak problem. Openvpn started just fine but showed that it was leaking when I went to the test sites. After I got no joy trying all the remedies, I went into my wifi and ethernet setting and used openvpn's dns servers instead of my ISP's and everything was fine from then on. I'm sure you've seen the ip addresses all over the place but here they are if you haven't: 208.67.222.222 and 208.67.220.220.






    share|improve this answer

























      up vote
      0
      down vote













      I have tried just about every solution I could find online to fix the dns leak problem. Openvpn started just fine but showed that it was leaking when I went to the test sites. After I got no joy trying all the remedies, I went into my wifi and ethernet setting and used openvpn's dns servers instead of my ISP's and everything was fine from then on. I'm sure you've seen the ip addresses all over the place but here they are if you haven't: 208.67.222.222 and 208.67.220.220.






      share|improve this answer























        up vote
        0
        down vote










        up vote
        0
        down vote









        I have tried just about every solution I could find online to fix the dns leak problem. Openvpn started just fine but showed that it was leaking when I went to the test sites. After I got no joy trying all the remedies, I went into my wifi and ethernet setting and used openvpn's dns servers instead of my ISP's and everything was fine from then on. I'm sure you've seen the ip addresses all over the place but here they are if you haven't: 208.67.222.222 and 208.67.220.220.






        share|improve this answer












        I have tried just about every solution I could find online to fix the dns leak problem. Openvpn started just fine but showed that it was leaking when I went to the test sites. After I got no joy trying all the remedies, I went into my wifi and ethernet setting and used openvpn's dns servers instead of my ISP's and everything was fine from then on. I'm sure you've seen the ip addresses all over the place but here they are if you haven't: 208.67.222.222 and 208.67.220.220.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 15 at 20:50









        John LaFramboise

        1




        1






























             

            draft saved


            draft discarded



















































             


            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1065568%2fblock-outside-dns-fix-dns-leak-ubuntu-18-04%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            How to change which sound is reproduced for terminal bell?

            Can I use Tabulator js library in my java Spring + Thymeleaf project?

            Title Spacing in Bjornstrup Chapter, Removing Chapter Number From Contents