Skip to main content
Topic: Network DNS leak - Is openresolv the fix?? (Read 899 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Network DNS leak - Is openresolv the fix??

Hi all. So my issue is I discovered while using a VPN that I have a DNS leak. There is a resolve file at etc/resolv.conf to configure your DNS addresses. It supposed to use your regular DNS server and then is told by network manager or a resolver to switch to your VPN's DNS server when you connect with them. From my understanding this has to be set up manually?? Usually the software to do this is systemd-resloved, or openresolv. Openresolv is in the system repos, I've done some research but have found little on how to set it up. Anyone have any experience with this DNS leak situation??

Some basic info on my network set up:

My router DNS is set manually to quad9 servers. My wired connection in plasma network manager is set up manually and DNS also set to quad9.

If I run a leak test while using a VPN it will usually show the VPN's server and also sometimes my normal DNS server, so my goal is to get openresolv set up to switch the DNS configuration when using the VPN.

Any help or suggestions would be appreciated. Thanks

Re: Network DNS leak - Is openresolv the fix??

Reply #1
IMO you should just look at what DNS your VPN config file uses and manually set it in /etc/resolv.conf, it is far easier this way than relying on some program to do it for you.
 

Re: Network DNS leak - Is openresolv the fix??

Reply #2
I set a non-standard DNS server in my dhclient.conf with a single line saying "prepend domain-name-servers 1.2.3.4" or whatever address is desired. You don't edit resolv.conf directly except possibly for testing or temporary usage because dhclient or other equivalent utilities will rewrite it automatically. "prepend" will add the new server to the start of the list when the web connection is created. So long as that server is available it will be used, otherwise the next one on the list (if there is one) will be tried. If you are using Network Manager it has a dhcp client built although it can be configured to use an external one instead like dhclient or dhcpcd. So your method of configuration will probably be different. You can probably use resolvconf.conf from the "openresolv" package to achieve what you want too, which could be better as it would allow you to change to different connection methods without having to configure them individually. I think it should be helpful from what I've read but haven't tried it myself.

Re: Network DNS leak - Is openresolv the fix??

Reply #3
Quote from: Lancia – on
IMO you should just look at what DNS your VPN config file uses and manually set it in /etc/resolv.conf, it is far easier this way than relying on some program to do it for you.
That is an option, but the /etc/resolv.conf file is over written by network manager unless you configure it in /etc/NetworkManager/NetworkManager.conf with the addition of the line "rc-manager=unmanaged". The issue is that if specify that override, and I configure the DNS server for the VPN in /etc/resolv.conf then the internet connection will only work if I've selected the VPN connection, meaning I always have to connect through the VPN.. If I can't figure out how to get openresolv working then I may use that option anyway. Thanks

Re: Network DNS leak - Is openresolv the fix??

Reply #4
Quote from: ####### – on
I set a non-standard DNS server in my dhclient.conf with a single line saying "prepend domain-name-servers 1.2.3.4" or whatever address is desired. You don't edit resolv.conf directly except possibly for testing or temporary usage because dhclient or other equivalent utilities will rewrite it automatically. "prepend" will add the new server to the start of the list when the web connection is created. So long as that server is available it will be used, otherwise the next one on the list (if there is one) will be tried. If you are using Network Manager it has a dhcp client built although it can be configured to use an external one instead like dhclient or dhcpcd. So your method of configuration will probably be different. You can probably use resolvconf.conf from the "openresolv" package to achieve what you want too, which could be better as it would allow you to change to different connection methods without having to configure them individually. I think it should be helpful from what I've read but haven't tried it myself.
Thanks for the response. I don't have a dhclient.conf file but do have dhcpcd.conf, could I add the line there, and where would I add it?.. Yes I'd really like to get openresolv working but I've come across little info directing how to set it up. I'm going to continue searching. Thanks for the info

Re: Network DNS leak - Is openresolv the fix??

Reply #5
openresolv and resolvconf seem to be missing a service package, apparently there's a systemd resolvconf service but nothing else I found. For config I added name_servers="x.x.x.x" in /etc/resolvconf.conf and then it would change /etc/resolv.conf if I manually ran # resolvconf -U but that isn't very helpful. Network Manager uses it's own dhcp client and must be configured in some GUI checkbox if you want to use something else. Regarding dhclient, the package would need to be installed if you don't have it already and wanted to use that.

Re: Network DNS leak - Is openresolv the fix??

Reply #6
Thanks for the suggestions but I was unable to find enough good info on openresolv to get it working. However I was able to solve the problem with the plasma network manager GUI..

On my wired IPv4 connection I had to use Automatic (addresses only), and set the desired DNS servers.
On my VPN IPv4 connection I used Automatic and set my DNS servers to the VPN server.

Now network manager will resolve the to correct server when the VPN is selected.. No DNS leaks

Re: Network DNS leak - Is openresolv the fix??

Reply #7
Great stuff! Seems openresolv dates back a fair way so probably most people find some other way to set things up, which would explain the lack of service scripts. I just came across this:
https://unix.stackexchange.com/questions/37264/how-to-get-networkmanager-to-configure-domain-specific-name-servers-with-openres
 which suggests you can use something called dnsmasq along with Network Manager to configure dns servers too, there are service scripts for that as well. Not saying you should change your solution of course, but perhaps interesting to know about.

Re: Network DNS leak - Is openresolv the fix??

Reply #8
hey here is the solution:
resolve.conf file is auto managed by networkmanager and other networking tools like connman. and your dns server will be auto set to your isps server when you reboot. to avoid this...
Code: [Select]
sudo vi /etc/resolv.conf
and enter the dns servers you want to use. for connectivity issues to not be occured.. it is advised to setup atleast 2 dns servsers so if one is down the other one will work. my recommendation is 3 dns.. and when you change the dns file .. run this command.
Code: [Select]
sudo chattr +i /etc/resolv.conf
and the file will be saved forever .. even the root user will not be able to change it...
so if you need to change something then
Code: [Select]
sudo chattr -i /etc/resolv.conf
and then change...