Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

reported DNS leak: Windows widget 0.92 | win8.1

A core mission of cryptostorm is ensuring consistent, reliable network security with minimal fuss & drama. From DNS-based services like our DeepDNS in-browser native .onion/.i2p site access, through grounbreaking research on IP6 leakblocking, & to firewall-based structures to enable "fail-closed" security, this is where we discuss & develop cryptostorm-style leakblock tech.

Topic Author
polarissucks01
Posts: 13
Joined: Tue Jan 21, 2014 8:25 am

reported DNS leak: Windows widget 0.92 | win8.1

Postby polarissucks01 » Wed Jan 22, 2014 11:50 am

Hello,

This is my first post and I am not sure if it is in the right area or not and I apologize if it isnt. I was talking to PJ last night about how my DNS is leaking and how using cryptostorm shows my real location because of a DNS leak. I am using 64bit windows 8. The method I used to fix this was using open dns servers and entering them on ipv4 connection in my windows settings. Is this an acceptable fix? I downloaded the openvpn client and configured it as said on the forums and still got the leak.

Thanks,

User avatar

Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

Re: DNS Leak

Postby Pattern_Juggled » Wed Jan 22, 2014 12:29 pm

I'm taking the liberty of posting up some screenshots (with any private info excised) to help in pinning down this situation.

If memory serves, this is taking place on a Windows 8.1 Widget install. To clarify, definitionally a "DNS leak" doesn't disclose physical IP but rather results in DNS lookups being routed to non-secure services.

We're deeply appreciative of member support in tracking down corner-state scenarios like this - it's how unusual situations are leveraged into knowledge that can protect everyone from any future risks of a similar kind.

And, yes, before ~DesuStrike (appropriately) hammers me on this again: we need to get Leakblock out of beta, and into production!

These are the results I got with a Linux-based run on the "extended" DNS Leak Test site:
DNSleak-extended.png


These are the results reported by ps01:
dns.png
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f


Topic Author
polarissucks01
Posts: 13
Joined: Tue Jan 21, 2014 8:25 am

Re: DNS Leak

Postby polarissucks01 » Wed Jan 22, 2014 12:32 pm

I apologize for being dense but does mine qualify for a DNA leak and also is it ok to use open dns? Apple mail no longer lets me email you as it says you are illegal.

User avatar

marzametal
Posts: 504
Joined: Mon Aug 05, 2013 11:39 am

Re: reported DNS leak: Windows widget 0.92 | win8.1

Postby marzametal » Wed Jan 22, 2014 2:49 pm

WhatIsMyIp tells me I am in Iceland... DNSLeakTest tells me I am in Germany!
Windows Widget 0.92 | Windows 7 64bit (software firewall deactivated)
Attachments
dnsleaktest.jpg
whatismyip.jpg

User avatar

Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

Icelandic interconnect

Postby Pattern_Juggled » Wed Jan 22, 2014 4:58 pm

marzametal wrote:WhatIsMyIp tells me I am in Iceland... DNSLeakTest tells me I am in Germany!


This happens for the following reason: the IP in question is, indeed, within our Icelandic exitnode cluster (having been working on that cluster for several weeks nonstop, I know those IPs better than I know our home phone number at this point in time). However, the peering relationships for our Icelandic partners (Datacell) bring traffic out thru interconnects in continental Europe.

So, to some "geoIP" tools, it appears that the traffic is of European origin. I believe there's a bit more detail on the peering architecture on Datacell's website, if you're curious. Iceland, as anyone who has worked to create capacity there knows all too well, has very very limited network connectivity - for the entire country. There's less total capacity, for the entire nation, than there is for some mid-range datacentres in larger cities on the continent, just to put things in perspective... that's why nobody else has ever deployed real secure network capacity in Iceland before (a few did the marketing-hype trick of "leasing" a cheap little low-capacity VPS and calling it a "server" so they can get free press from gullible journalists too ignorant to know the difference).

Oh, also of you traceroute the subhosts, you'll be able to follow the packet routes and see those peering internconnects visually, if you're curious.


edited to add: d'oh! What I've written above remains true, however the screenshots you posted are of two different queries entirely. One is a geoIP location of the underlying exitnode/SNATted transit IP, in Iceland. The other is a DNS query analysis, which shows that your DNS requests are being pushed through the CCC DNS service, in Germany. This is as intended, and can be validated by comparing with the settings deployed in our server-side configuration parameters for DNS services... one of which is the CCC's service in .de.
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f

User avatar

Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

preferred DNS resolvers

Postby Pattern_Juggled » Wed Jan 22, 2014 5:11 pm

polarissucks01 wrote:I apologize for being dense but does mine qualify for a DNA leak and also is it ok to use open dns? Apple mail no longer lets me email you as it says you are illegal.


Sigh. Apple. If you can get me more information on the blacklisting they're doing of our mailserver, I'll see if I can get the House of Jobs to lower its walled-garden defenses just enough for you to, just perhaps, communicate with the rest of the non-Apple civilised world.

The data you posted do, in fact, show a DNS leak by the definitions I'd find most useful. I don't have a theory as to why, at this point in time, and we're still waiting for other members to replicate the behavior - but it's something you've seen, whatever else is the case. However, without pcaps at the NIC level of your local machine, I don't actually know if that "leak" is going out-of-channel across plaintext during a secure network session, or is merely your Apple-flavoured kernel ignoring the pushed DNS servers from cryptostorm and running queries via your local defaults - but doing so across the secure cryptostorm channel itself. I suspect the latter, but would not assume it to be the case without validating at the packet level.

(this is why the phrase "DNS leaks" can be less than useful - it covers too broad a swath of stuff, and is understood in too many different ways by different people)

Hard-coding OpenDNS into your OS-level ip4 settings is... fine. Mostly. They're pretty good people. Still, the chosen DNS resolvers we've put into our server-side configs reflect what we feel are the most censorship-resistant, open, non-surveilled tools out there; we'd be remiss not to point out that we chose them over OpenDNS for valid, well-supported reasons.

For ease of reference, here's the pushed resolvers from our current server conf's (rev. 1.3, as deployed):

Code: Select all

# these below are our selected DNS services for within-network canonical resolution

push "dhcp-option DNS 198.100.146.51"
push "dhcp-option DNS 76.74.205.228"
# OpenNICproject.org, Canuck-optimised :-)

push "dhcp-option DNS 91.191.136.152"
# Telecomix is.gd/jj4IER

push "dhcp-option DNS 213.73.91.35"
# CCC http://is.gd/eC4apk
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f


Jungfrau

Re: reported DNS leak: Windows widget 0.92 | win8.1

Postby Jungfrau » Sun Jun 22, 2014 12:10 pm

I am able to also confirm what the OP is experiencing.

I can unfortunately admit that my DNS always registers with Telekom. It is no coincidence that this is my ISP. This only started about 2 weeks ago and the same DNS IP's OP posted are what mine always resolve to EVEN after flushing my DNS from an elevated command prompt, and assigning non-transparent DNS servers statically. The node used has no effect, the DNS always remains the same.

I have done reinstalls and cleared registry settings pertinent. No dice.

It is somewhat frustrating, as I have lost explanation as to why this is happening and because Telekom are ginormous assholes in the ISP game. They are the ONLY ISP I can use in my mountainous area.

User avatar

marzametal
Posts: 504
Joined: Mon Aug 05, 2013 11:39 am

Re: reported DNS leak: Windows widget 0.92 | win8.1

Postby marzametal » Mon Jun 23, 2014 6:26 am

Does the same happen with the v1.0 widget?


Jungfrau

Re: reported DNS leak: Windows widget 0.92 | win8.1

Postby Jungfrau » Tue Jun 24, 2014 6:20 am

marzametal wrote:Does the same happen with the v1.0 widget?


Yes.

So here is something interesting, my second machine does not have this problem. No leaks and everything is gravy.

I have failed apparently to find the registry setting that keeps pulling telekom DNS. Even when I clear my DNS cache it always returns their DNS. I can literally clear it, check for leaks, it will return 3 Telekom DNS servers. Check again 5 minutes later, it will return 4 Telekom DNS servers.

Please know that I am not blaming Cryptostorm. There is some major fuckery afoot on Telekoms part. Albeit, I do need some advice from you folks as this is not my technical domain and I have tried everything I could find.

User avatar

marzametal
Posts: 504
Joined: Mon Aug 05, 2013 11:39 am

Re: reported DNS leak: Windows widget 0.92 | win8.1

Postby marzametal » Wed Jun 25, 2014 5:15 am

In Network & Sharing Center -> Adapter Settings -> Local Area Connection (not the TAP driver that VPN installed, but your usual one) / Properties -> TCP IP 4 / Properties...
...are IP and DNS set to obtain automatically, or have you entered addresses in each of the slots? It might be worthwhile entering some darknet DNS servers into the DNS section. Not sure if that will help your situation out...


Jungfrau

Re: reported DNS leak: Windows widget 0.92 | win8.1

Postby Jungfrau » Wed Jun 25, 2014 6:14 am

marzametal wrote:In Network & Sharing Center -> Adapter Settings -> Local Area Connection (not the TAP driver that VPN installed, but your usual one) / Properties -> TCP IP 4 / Properties...
...are IP and DNS set to obtain automatically, or have you entered addresses in each of the slots? It might be worthwhile entering some darknet DNS servers into the DNS section. Not sure if that will help your situation out...


I also tried by using the DNS Crypto uses, which was posted above and appears in the widget box:

198.100.146.51
76.74.205.228

Same deal.

For the record and perhaps helping others, here is my problem machines set-up:

-Windows 8.1 64-Bit
-Elevated FlushDNS. Elevated IP releases, renews, NETSH winsock resets.
-Deleted DNS Cache multiple times
-Tried with DHCP settings, tried with all static assignments.
-Cleared TAP drivers per CS instructions, re-installed widget
-Tried with instructions most 'DNS Leak' test sites recommend
-Perused DNS registry settings, don't see anything responsible that could be possible for continuing to retain these bunk settings
-Checked router. Flummoxed to find I could not set up an alternate DNS within. Albeit, other 2 machines in my home do not have these DNS problems. 64-bit Linux Matriux and 64-Bit Windows 7.

*Did all of these with appropriate restarts, etc. IT Professional here, if that means anything.

My opinion, there just HAS to be some bunk registry setting. It makes logical sense to me. I just don't see it. I've spent a good hour methodically combing it in the areas that DNS shit sits in and I see nothing which would be causing this. Albeit, I accept I am one person looking at this and I may be missing it. But goddamn, I just don't get it.


Guest

Re: reported DNS leak: Windows widget 0.92 | win8.1

Postby Guest » Wed Jul 02, 2014 1:19 pm

You guys might want to take a look at this: https://www.dnsleaktest.com/how-to-fix-a-dns-leak.html

I do not recommend installing the exe file for best practices reasons but I do recommend the do it yourself guide. :)


~grystch

Re: reported DNS leak: Windows widget 0.92 | win8.1

Postby ~grystch » Fri Jul 04, 2014 7:23 am

jungrau

I had isp before that had their own software to install on my computer. IT was to hlep fix if internet went down. for they tech support help i guess. Such software is only thing I can think of that would cause this problem. OR maybe a brwoser plugin someway? I never hear of that but maybe it possible. Seems itsa puzzle. :think: I wonder if you run in safe mode with ntworking if you still have th e problem?


Return to “DeepDNS.net - cryptostorm's no-compromise DNS resolver framework”

Who is online

Users browsing this forum: waughd and 7 guests

cron

Login