Answered: Qubes and DNS Leaks

Liu

Junior Member
So I ventured into Qubes.
Does anyone here have experience with it?
I have configured the VPN according to..
...
https://groups.google.com/d/msg/qubes-users/UbY4-apKScE/lhB_ouTnAwAJ
...
I am still, however, getting DNS leaks, and I am not entirely sure how.
Running: Qubes (Fedora23 and Debian8)
While the perfect-privacy website and also dnsleaktest.com do not register any leaks...
dnsleak.com registers leaks.
Does anyone have any experience with QubesOS and have it set up with perfect-privacy in a secure way?
 
Solution
If the Perfect-Privacy DNS server is shown, you have no DNS leak. This is exactly what the Perfect Privacy DNS are for.

A DNS leak only occurs if you use a local nameserver or the nameserver of your ISP.
Ok, so I think I have got it set up right, but I am confused.
dnsleak.com, however, still says that I might be leaking.
Your IP: 82.221.105.75
DNS IP: 82.221.105.61
Hostname: 82.221.105.61

The above-mentioned dns is the dns from perfect-privacy..
If they can see the perf-priv dns, does that still = leak?
Or is it normal for dnsleak.com to be able to see the dns of the vpn?

I am on Fedora with openvpn.
 
If the Perfect-Privacy DNS server is shown, you have no DNS leak. This is exactly what the Perfect Privacy DNS are for.

A DNS leak only occurs if you use a local nameserver or the nameserver of your ISP.
 
Solution
So...
  • Your IP: 185.57.82.2x
  • DNS IP: 185.57.82.2x
  • Hostname: 185.57.82.2y
is perfect-privacy..
But then, I also get..

  • Your IP: 185.57.82.28
  • DNS IP: 5.135.143.84
  • Hostname: dedi-fr-483415.op-net.com
  • Country: France

I am connected to Bucharest (external IP), but my DNS is coming up both as the Romanian one and the Parisian one (both you). Is that a fuck-up on my config or yours?

openvpn fedora23, not using tor.

Also, if I use a third-party DNS (Wikileaks, CCC, etc, that is perfectly fine concerning security, right?
And would that change if I was using Tor?

Thanks so much.
 
Hello,

The second DNS IP (5.135.143.84) is our server in Paris. So this is perfectly fine. There's always two nameservers being set up in case a server goes down. By default these are chosen randomly.

Yes, a third party DNS should be fine, the main idea is that your ISP cannot see what websites you are visiting.

If you're using Tor to visit .onion websites, these are resolved internally by Tor, so no normal DNS is being used.
 
Back
Top