2
1
I have a relatively standard home network environment, with my Windows 8.1 computer connected to the ISP's router/modem. Internet works with regular DHCP for my IP and DNS servers (that is, nothing is static, all is automatic).
In addition I connect to a VPN via OpenVPN. My intention is not to split tunnel, I want all my traffic, including DNS requests sent through the VPN. This almost works but there's a DNS leak. I don't know why because the client connects with the directive redirect-gateway def1 so should be routing everything through the server (it's a big VPN and it's setup correctly).
So now there's an (ISP) ethernet network connection and a local (virtual) network. I tried to patch the leak by changing the ethernet connection's DNS settings to any of a number of static Google or OpenDNS etc. But that just causes complete loss of connectivity. And when I change the local network's DNS entries to static ones the DNS leak tests still report my ISP's DNS servers, so that doesn't work.
It's not an ISP thing, because when I disconnect the VPN and leave the DNS servers static (and not the automatic ones belonging to the ISP) everything works fine. How else am I supposed to patch the DNS leak, and maintain internet connectivity? What is going wrong?
I've been Googling for hours to no avail...
bjorne
Posted 2015-09-26T21:53:55.840
Reputation: 121
https://www.dnsleaktest.com/how-to-fix-a-dns-leak.html – Moab – 2015-09-26T23:16:22.430
@Moab, I tried to imply that I've tried all of those solutions, manually, automatically, and they aren't working. I'm aware the problem is "simple" in that my machine is sending DNS requests not through the VPN, but flushing, rebooting, etc. doesn't seem to reset that. – bjorne – 2015-09-26T23:19:38.717
maybe its the router leaking it. – Moab – 2015-09-26T23:26:54.120
I don't think that's possible, if my machine makes a DNS request at a specific address the router won't change that address. And like I said, when I'm not connected to the VPN the static DNS works. – bjorne – 2015-09-26T23:29:54.967
The real problem is that Microsoft have decided to make your local DNS servers a higher priority than a VPN assigned DNS server .. essentially Microsoft are forcing you to have a DNS leak. At OpenVPN we are working on a solution. The only real solution, at this time, is to enforce firewall rules to block access to local DNS servers.
– dotvotdot – 2015-09-29T21:44:58.360OpenVPN has a new plugin to control W10 DNS, please see This thread
– dotvotdot – 2015-10-06T11:52:32.187