With ever growing valuable personal data collection by even the biggest tech giants like Google, Facebook, Microsoft, etc., it is imperative to safeguard your internet privacy. ISPs also can record your internet usage details. Thankfully, VPN service costs have come down significantly and so subscribing to a decent service like NordVPN, ExpressVPN, CyberGhost, etc. has become reasonably affordable.
These top VPN companies are rock solid, trustworthy, and provide end-to-end encryption. Your privacy is really secured if you choose a good VPN service. Unfortunately, there is a bigger hidden problem even when you are using a good service. It’s the DNS leak.
No matter which VPN service you are using, if you are using OpenVPN to connect to your VPN service, chances are that your PC is already revealing your actual IP address due to improper network configuration.
What is DNS Leak?
A DNS leak indicates a security flaw that allows DNS requests to be revealed to internet service provider’s DNS servers, notwithstanding the VPN service to attempt to conceal them. In simple terms, it’s as good as not using a VPN service. This is a huge problem and must be addressed immediately if at all one is serious about hiding the identity.
Checking DNS Leak
There is a number of websites that offer free DNS leak check. One of the best-sophisticated ones I recommend is linked below:DNS Leaktest
With the VPN service connected, go to their webpage. You may see that it says Hello IP address with location info. This is basic info which may give you an impression that everything is OK. In order to make an in-depth test, click on “Extended Test”.
In a few seconds, you should see a report of the test which shows IP, Hostname, ISP, and Country. If you see your internet service provider name in the ISP section along with Hostname having your IP address, then it’s confirmed that your PC is leaking DNS! For example in my test PC (above screenshot) without the DNS fix, it was completely revealing my ISP and location though it was connected to the NodVPN service via OpenVPN.
Fixing DNS Leak in Ubuntu, Linux Mint, and elementary OS
This guide is tested to be working 100% in Ubuntu 18.04 LTS but should work without any issues in Ubuntu 17.04, and derivatives like Linux Mint, and elementary OS too. Start with disconnecting the VPN and continue with the Part 1 and Part 2 instructions.
Part 1: Installing dnscrypt-proxy
DNS encrypt Proxy is a powerful networking tool that helps in DNS traffic encryption and authentication. It supports DNS-over-HTTPS (DoH) and DNSCrypt. It can force outgoing connections to use TCP. Additionally, it can block malware and other unwanted content. It is compatible with all DNS services.
Step 1) Launch ‘Terminal’. You can use Ctrl+Alt+T keyboard shortcut in Ubuntu.
Step 2) To make sure you don’t have an outdated version of dnscrypt-proxy, run this command:
sudo apt-get purge dnscrypt-proxy
Step 3) Copy and paste the following commands in the terminal and press enter.
sudo add-apt-repository ppa:shevchuk/dnscrypt-proxy && \ sudo apt update && \ sudo apt install dnscrypt-proxy
Step 4) Restart the services using the commands:
sudo systemctl restart NetworkManager
sudo systemctl restart dnscrypt-proxy
Part 2: Configuring resolv.conf
Step 1) Install resolv.conf by entering the command as follows:
sudo apt install resolvconf
sudo resolvconf -i
Step 2) Next step is to make the Network Manager use the default settings for managing the resolv.conf file by editing the conf file. Proceed to copy and paste the below commands into the Terminal to edit the conf file.
sudo nano /etc/NetworkManager/NetworkManager.conf
Step 3) You will see an editor in the Terminal. Carefully, use the arrow keys to navigate to the first line and then copy & paste the following line below the first line that says [main].
After editing the file it should look something like this:
[main] dns=default plugins=ifupdown,keyfile [ifupdown] managed=false [device] wifi.scan-rand-mac-address=no
Step 4) While in the editor, press CTRL X to exit the editor. Enter ‘Y’ to save and then press enter to overwrite the file.
Step 5) Finally restart the services:
sudo systemctl stop systemd-resolved sudo systemctl disable systemd-resolved sudo systemctl restart network-manager sudo systemctl restart dnscrypt-proxy
Step 6) Close all browsers, connect to your VPN service, and then go DNSleaktest page. If everything went well, you should not see your ISP Name leaked in the new test. For example, my test PC connected to NordVPN server shows QuadraNet ISP which is different from my actual provider (Spectrum).
UPDATE: Some users have experienced loss of internet after the change in settings. Looks like the default DNS is getting configured incorrectly. Thanks to BananaSam (in the comment below) for providing the link.
Proceed as follows:
1. Launch Terminal.
2. Enter the following command and hit enter.
nano gedit /etc/systemd/resolved.conf
3. Replace #DNS with DNS=188.8.131.52
4. Press Ctrl X and then enter Y to save the file.
5. Restart the computer.
That’s it! How did the tutorial work for you? Do let us know your feedback in the comments below.