4

I'm reading about DNS leak and what threat it can pose to VPN users, for instance, this question. But generally, there's tons of similar topics on the internet. But what are people afraid of? I just made a simple test. I started two instances of wireshak. One of them was set to look at the physical eth0 interface, and the other at the virtual tun0 interface. It looks like this:

dns leak wireshark

On the left, you have the tun0 interface with dns filter. On the right it's the eth0 interface. The /etc/resolv.conf file points to 8.8.8.8, so this is the google DNS server. On the left side, you can see some DNS queries, you can see the domain and that the query was sent to google. On the right you see only the encrypted traffic.

So why are people so afraid of? The only thing that google (or anyone) sees is the VPN's IP address. If the VPN doesn't store logs, you can't simply connect a person which uses the VPN service. On the other hand, if the VPN service logs the users activity, then it doesn't matter whether you use their DNS.

Is that true or not?

Community
  • 1
Mikhail Morfikov
  • 563
  • 1
  • 4
  • 15

1 Answers1

3

That's not the problem. Some people use VPNs for privacy (which is arguably misguided, as a VPN is a remote network connectivity tool and not a privacy tool, but that's an argument for another day) and having DNS queries leak out of the non-VPN connection is a concern in that scenario.

Say, for example, I live in an oppressive regime with little regard for the sanctity of free speech, where rich people can pay to keep certain information secret through a legal injunction preventing public dissemination of information. Now say someone publishes (or "leaks") this information to a site somewhere, and I go visit it to see what's being hidden. Being vaguely savvy in the world of privacy (e.g. someone who read a Facebook post about VPNs) I decide to use a VPN in order to hide my supposedly-nefarious activities from the systematic surveillance machine. But, alas, my system and browser are not correctly configured, and instead of sending that DNS query through the VPN tunnel, it sends it directly out in the clear, so that my ISP and those pulling the strings can see it. The DNS request demonstrates my intent to visit the site, and it's off to the re-education camps for me.

TL;DR - People use VPNs for privacy because VPN providers market them as privacy tools, and DNS requests being leaked outside of this channel give the game away.

Polynomial
  • 132,208
  • 43
  • 298
  • 379
  • But as you could see, all the traffic go through the encrypted tunnel. So could you give me some example on how to configure the browser in the wrong way, so it could leak DNS requests? I will check it. But for now, all I can see is encrypted traffic, so that's why I asked this question. – Mikhail Morfikov Apr 24 '16 at 22:33
  • In your example, I can see you went to the website "dug.net.pl". Imagine if you went to "supersecretbadguydomain.com" and someone were logging. I guess that's the main concern. You can be tracked by the domains you resolve. – Daisetsu Apr 25 '16 at 00:14
  • Still, the VPN's ip will be logged by the DNS server, and not mine, as you can see in the photo. All connections to me go through VPN, if the VPN doesn't store logs, you can't target me. – Mikhail Morfikov Apr 25 '16 at 05:11
  • @MikhailMorfikov Imagine, for example, that the VPN client is installed on your computer. You've got a router in place and your DHCP lease tells your computer to use the router (e.g. 192.168.0.1) as your DNS server, so it can perform queries. You connect to a "privacy" VPN, but that VPN doesn't want you to be able to reach their own internal LAN, so they set up routes such that everything other than private IP space is routed, e.g. 10.0.0.0/8 and 192.168.0.0/16 aren't routed. Your computer does a DNS request to its DNS server, 192.168.0.1, but it isn't routed through the tunnel; DNS leakage. – Polynomial Apr 25 '16 at 08:48
  • And that is why there are dnscrypt services from several places... https://dnscrypt.eu – Rui F Ribeiro Apr 25 '16 at 10:39