Cfrgtkky

Using dns leak test while under my VPN I discovered that it was leaking. I've setup my VPN via NetworkManager and it works properly except for the leak.

First, i've tried to add block-outside-vpn to the configuration file except that under /etc/NetworkManager/system-connections it does not follow the same format. I couldn't find the doc on how to properly write one for dns leaks.

Also, using Ubuntu 18.04 resolv.conf does not work like before, all the other answers are based on that.

Briefly, how to block outside dns (leak) using Network Manager configuration files or the GUI?

I suggest using dnscrypt.

First install it:

sudo apt install dnscrypt-proxy

By default it will listens to 127.0.2.1 port 53.

Edit your VPN or any other connection you like and set 127.0.2.1 as its DNS server, using CLI you can run:

nmcli connection modify [CONNECTION-NAME] ipv4.dns 127.0.2.1

And just in case block the out going DNS requests:

sudo ufw deny out 53

And make sure firewall is enabled:

sudo ufw enable

If you have a DNS leak as indicated by checking on
browserleaks.com or dnsleaktest.com,

1. Shut off your VPN connection




2. Attempt to undo any .conf file edits you've wasted time already making. If you've been trying a lot of various suggestions, your best good chance might be to do a fresh install and ensure you've also installed networkmanager-openvpn-gnome as Ubuntu does not have VPN config importing provided by default.



3. 
   

   Install dnsmasq

   
   
   

   sudo apt update
   
   sudo apt install dnsmasq  
   
   

   
   


4. 
   

   Disable resolved

   
   
   

   sudo systemctl disable systemd-resolved.service
   
   sudo systemctl stop systemd-resolved.service 
   
   

   
   


5. 
   

   Remove /etc/resolv.conf and create a new one:

   
   
   

   sudo rm /etc/resolv.conf
   
   sudo nano /etc/resolv.conf  
   
   

   
   


6. 
   

   Enter into your empty .conf file:

   
   
   

   nameserver 127.0.0.1`         that's all!
   
   

   
   



7. Press Ctrl+x to exit the editor. Enter y to save and then press Enter to overwrite your new resolv.conf file.



8. 
   

   Edit your NetworkManager.conf file

   
   
   

   sudo nano /etc/NetworkManager/NetworkManager.conf 
   
   

   
   
   

   and add the following:

   
   
   

   dns=dnsmasq 
   
   

   
   
   

   beneath the lines (navigate using arrow keys), [main] and plugins=ifupdown, keyfile exactly like this with the new line added.

   
   
   

   [main]
   
   plugins=ifupdown, keyfile
   
   dns=dnsmasq
   
   

   
   
   

   Press Ctrl+x to exit the editor. Enter y to save and then press Enter to overwrite the file.

   
   



9. Back out of the terminal, and reboot the system and check your dnsleak test site for results.

With thanks to Anonymous VPN whose solutions for Leaks on Ubuntu/Network Manager seem well researched and successful. THEY WORK and when no other solutions worked for me, these did. The above shown solution works for Ubuntu 17.x and 18.04 LTS. See his other solution for 16.04 LTS.

To fix DNS leaks on Ubuntu 18.04, you can edit a file called /etc/dhcp/dhclient.conf. According to the manual page, this file "provides a means for configuring one or more network interfaces using the Dynamic Host Configuration Protocol, BOOTP protocol, or if these protocols fail, by statically assigning an address."

As for fixing your DNS leaks, we will be editing this file. Opening it with the proper permissions, you will see a commented line that looks something like this:

#prepend domain-name-servers 127.0.0.53;

Uncomment this line, and change the domain-name-server to a different one, such as OpenDNS: 208.67.222.222. Using this OpenDNS address, this line would now look like this:

prepend domain-name-servers 208.67.222.222;

After saving the file and rebooting your system, this should fix the DNS leaks on Ubuntu 18.04.

Try using the update-systemd-resolved script that does not make changes to the resolv.conf, and instead uses the systemd-resolved service using it's DBus API

Get it from git and install it by:

git clone https://github.com/aghorler/update-systemd-resolved.git

cd update-systemd-resolved

make

Now edit nsswitch.conf by:

sudo nano /etc/nsswitch.conf

and then change the line starting with hosts: to say

hosts: files resolve dns myhostname

Enable the service and make sure it's running automatically:

sudo systemctl enable systemd-resolved.service

sudo systemctl start systemd-resolved.service

NOTE: If you don't want to follow the above steps and you're okay with using the terminal, the DNS leak only occurs when using
NetworkManager, it so far in my experience does not happen when you
run openvpn from the terminal with sudo openvpn --config config.ovpn

I have tried just about every solution I could find online to fix the dns leak problem. Openvpn started just fine but showed that it was leaking when I went to the test sites. After I got no joy trying all the remedies, I went into my wifi and ethernet setting and used openvpn's dns servers instead of my ISP's and everything was fine from then on. I'm sure you've seen the ip addresses all over the place but here they are if you haven't: 208.67.222.222 and 208.67.220.220.