With ever growing valuable personal data collection by even the biggest tech giants like Google, Facebook, Microsoft, etc., it is imperative to safeguard your internet privacy. ISPs also can record your internet usage details. Thankfully, VPN service costs have come down significantly and so subscribing to a decent service like NordVPN, ExpressVPN, CyberGhost, etc. has become reasonably affordable.
These top VPN companies are rock solid, trustworthy, and provide end-to-end encryption. Your privacy is secured if you choose an excellent VPN service. Unfortunately, there is a bigger hidden problem even when you are using a good service. It’s the DNS leak.
No matter which VPN service you are using, if you are using OpenVPN to connect to your VPN service, chances are that your PC is already revealing your actual IP address due to improper network configuration.
CAUTION: Please don’t rush through the article, and follow the article at your own risk. Read the article in its entirety, and follow the steps carefully. The tutorial worked 100% on our test computer and several users have responded positively. There are also users for whom the guide didn’t work due to varying network settings between the systems. Uninstalling resolvconf completely should solve the problem for them.
What is DNS Leak?
A DNS leak indicates a security flaw that allows DNS requests to be revealed to internet service provider’s DNS servers, notwithstanding the VPN service to attempt to conceal them. In simple terms, it’s as good as not using a VPN service. It is a huge problem and must be addressed immediately if at all one is serious about hiding the identity.
Checking DNS Leak
Some websites offer free DNS leak check. One of the best-sophisticated ones I recommend is linked below:
With the VPN service connected, go to their webpage. You may see that it says Hello IP address with location info. It is basic info which may give you an impression that everything is OK. To make an in-depth test, click on the “Extended Test.”
In a few seconds, you should see a report of the test which shows IP, Hostname, ISP, and Country. If you see your internet service provider name in the ISP section along with Hostname having your IP address, then it’s confirmed that your PC is leaking DNS! For example in my test PC (above screenshot) without the DNS fix, it was completely revealing my ISP and location though it is connected to the NordVPN service via OpenVPN.
Fixing DNS Leak in Ubuntu, Linux Mint, and elementary OS
This guide is tested to be working 100% in Ubuntu 18.04 LTS but should work without any issues in Ubuntu 17.04, and derivatives like Linux Mint, and elementary OS too. Start with disconnecting the VPN and continue with Part 1 and Part 2 instructions.
Part 1: Installing dnscrypt-proxy
DNS encrypt Proxy is a powerful networking tool that helps in DNS traffic encryption and authentication. It supports DNS-over-HTTPS (DoH) and DNSCrypt. It can force outgoing connections to use TCP. Additionally, it can block malware and other unwanted content. It is compatible with all DNS services.
Step 1) Launch ‘Terminal’. You can use Ctrl+Alt+T keyboard shortcut in Ubuntu.
Step 2) To make sure you don’t have an outdated version of dnscrypt-proxy, run this command:
sudo apt-get purge dnscrypt-proxy
Step 3) Copy and paste the following commands in the terminal and press enter.
sudo add-apt-repository ppa:shevchuk/dnscrypt-proxy && \ sudo apt update && \ sudo apt install dnscrypt-proxy
Step 4) Restart the services using the commands:
sudo systemctl restart NetworkManager
sudo systemctl restart dnscrypt-proxy
Part 2: Configuring resolv.conf
Step 1) Install resolv.conf by entering the command as follows:
sudo apt install resolvconf
sudo resolvconf -i
Step 2) Next step is to make the Network Manager use the default settings for managing the resolv.conf file by editing the conf file. Proceed to copy and paste the below commands into the Terminal to edit the conf file.
sudo nano /etc/NetworkManager/NetworkManager.conf
Step 3) You will see an editor in the Terminal. Carefully, use the arrow keys to navigate to the first line and then copy & paste the following line below the first line that says [main].
After editing the file, it should look something like this:
[main] dns=default plugins=ifupdown,keyfile [ifupdown] managed=false [device] wifi.scan-rand-mac-address=no
Step 4) While in the editor, press CTRL X to exit the editor. Enter ‘Y’ to save and then press Enter to overwrite the file.
Step 5) Finally restart the services:
sudo systemctl stop systemd-resolved sudo systemctl disable systemd-resolved sudo systemctl restart network-manager sudo systemctl restart dnscrypt-proxy
Step 6) Close all browsers, connect to your VPN service, and then go DNSleaktest page. If everything went well, you should not see your ISP Name leaked in the new test. For example, my test PC connected to NordVPN server shows QuadraNet ISP which is different from my actual provider (Spectrum).
Some users have experienced a loss of internet after the change in settings. Try the following to completely remove resolvconf.
OPTION 1: Enter the following command:
sudo apt autoremove resolvconf
It looks like the default DNS is getting misconfigured. Thanks to BananaSam (in the comment below) for providing the link.
Proceed as follows:
1. Launch Terminal.
2. Enter the following command and hit enter.
nano gedit /etc/systemd/resolved.conf
3. Replace #DNS with DNS=188.8.131.52
4. Press Ctrl X and then enter Y to save the file.
5. Restart the computer.
That’s it! How did the tutorial work for you? Do let us know your feedback in the comments below.