*** This bug is a duplicate of bug 1754671 ***
https://bugs.launchpad.net/bugs/1754671
** This bug is no longer a duplicate of bug 1624317
systemd-resolved breaks VPN with split-horizon DNS
** This bug has been marked a duplicate of bug 1754671
Full-tunnel VPN DNS leakage regression
--
*** This bug is a duplicate of bug 1624317 ***
https://bugs.launchpad.net/bugs/1624317
There are a lot of reports on other forums about DNS leaks specific to
17.04.
Once again I upgraded to Ubuntu and have found myself regretting it.
There is always some poorly thought out decision or bug
*** This bug is a duplicate of bug 1624317 ***
https://bugs.launchpad.net/bugs/1624317
For a Network Manager GUI fix, please see my patch towards the bottom of the
bug report https://bugs.launchpad.net/bugs/1624317
No more DNS leaks through the openvpn network-manager gui! Please let me know
*** This bug is a duplicate of bug 1624317 ***
https://bugs.launchpad.net/bugs/1624317
To force all dns lookups to go only to the link created via openvpn, and
not to all links simultaneously, I add to add the following to my config
file:
dhcp-option DOMAIN-ROUTE .
Also I am using this
*** This bug is a duplicate of bug 1624317 ***
https://bugs.launchpad.net/bugs/1624317
Hi,
yes the output confirms what we thought on DNS per link.
Combined with the concurrent query this creates the DNS Leak you are facing.
I - personally - agree that it is a high priority case.
The reasons
Thanks for the research on this guys. I had been a idle spectator to the
systemd controversies, but didn't realize that I might be bumping up
into those choices in a real way myself.
Attached is my systemd-resolve --status. I imagine it shows what you are
talking about.
And I also went ahead and
Thanks Simon and Gamma for the extra insights!
I don't want to get into politics behind all that but this case appears
to be point #8 on this list https://lists.dns-oarc.net/pipermail/dns-
operations/2016-June/014964.html
There is this for domain limited networks
Thanks for the pcap. Some extracts with comments:
# queries are apparently sent in parallel
12:31:29.821205 IP 127.0.0.1.58683 > 127.0.0.1.53: 7913+ A?
v6r6wsfsgj.dnsleaktest.com. (44)
12:31:29.821307 IP 127.0.0.1.40453 > 127.0.0.53.53: 37214+ A?
v6r6wsfsgj.dnsleaktest.com. (44)
12:31:29.821586
Sure thing, Simon. Here is the tcpdump. I then tried to access the
https://www.dnsleaktest.com/ site which showed that I was experiencing
the DNS leak. If you need anything else (or need that in ASCII), just me
know. Thanks for looking into this.
** Attachment added: "dns.pcap"
I'm not familiar with systemd-resolved but it seems that you are not
using it as otherwise you'd have 127.0.0.53 in /etc/resolv.conf?
If you could run a packet capture while you do DNS lookups when
connected to the VPN that would be useful. You could capture with:
sudo tcpdump -w /tmp/dns.pcap
Is this discussion relevant to what we're talking about?
https://superuser.com/questions/1153203/ubuntu-17-04-systemd-resolved-dns-lookups-randomly-fail
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Thanks for the comments. My /etc/resolv.conf is attached. There's a lot
in the /etc/resolvconf/ directory -- just let me know if you'd like
anything from there and I'll grab it as well.
** Attachment added: "resolv.conf"
Thanks Simon, the comment on the potential parallel search is great and
could be the source of your leak.
>From the trace you sent it seems when shrunken down to the path like
this:
# you first ask local dnsmask
;; Received 239 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms
# that then asks main dns
Seeing your /etc/resolv.conf (and the other info Christian asked about)
would be quite useful. I noticed that when NM is given multiple DNS
resolvers to use for the VPN, it sends the same query in parallel to all
of them. It's just a speculation but it could be possible for NM/dnsmasq
to also
As for dig +trace, I just did that on www.ubuntu.com, with the attached
output (this is on my VPN).
Note: I'm not sure why this is, but sometimes using the dig +trace
command will simply return much less info, like so:
dig +trace www.ubuntu.com
; <<>> DiG 9.10.3-P4-Ubuntu <<>> +trace
Your description of DNS leak is consistent with my own understanding.
Specifically, DNS testing sites show my own ISP being used instead of
being that of the VPN.
As for my setup, I simply follow the Private Internet Access Linux step-
by-step instructions here:
Hi GammaPoint,
thank you for your report bing split from the already complex old report.
Lets try to get into your issue.
I think I understand that you set up your vpn and resolv in a way that
you expect any DNS info to be handled "there" inside your VPN but you
now see DNS requests being made
** Tags added: zesty
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1685391
Title:
DNS leak in Xubuntu 17.04
To manage notifications about this bug go to:
18 matches
Mail list logo
