I’m struggling to find out why one particular ‘DNS Leak Test’ site and no others can consistently show an IP from my local ISP.
I use openvpn on Linux, and connect to a provider via CLI. I have the following in my .ovpn config:
When I look at /etc/resolv.conf , I only see my VPN provider’s DNS server addresses, and 127.0.1.1
For those unfamiliar with Linux, the resolv.conf file is where the OS stores its DNS server information, and the lines above are to make sure that after an OpenVPN session is established, that the resolv.conf file is updated with the DNS info provided by the OpenVPN server.
I have disabled WebRTC in my browser.
The one site that consistently shows an IP address from my local ISP is dnsleak.com. I’ve visited four or five other sites to test for DNS leaks, and they all show my VPN provider’s DNS servers.
My router advertises itself as the DNS server to the LAN clients, but it gets its own DNS addresses from the local ISP. If I override that behavior and tell it to advertise specific DNS addresses to the LAN clients, it will do that, and dnsleak.com will then show the owner of those IP addresses.
So how is it, that my Linux host has an active VPN connection, and the “right” DNS addresses in /etc/resolv.conf, that it is still (apparently) somehow using DNS addresses that are advertised by the router?
And how is it that dnsleak.com is the only site that shows a leak of my ISP’s DNS server addresses?
I would like to solve the problem, but I do need the router to keep advertising DNS to all the LAN clients, including my Linux host when it is not using a tunnel. The router is an Asus AC87U running Merlin's AsusWRT firmware.
Thanks for any insight.
I use openvpn on Linux, and connect to a provider via CLI. I have the following in my .ovpn config:
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
When I look at /etc/resolv.conf , I only see my VPN provider’s DNS server addresses, and 127.0.1.1
For those unfamiliar with Linux, the resolv.conf file is where the OS stores its DNS server information, and the lines above are to make sure that after an OpenVPN session is established, that the resolv.conf file is updated with the DNS info provided by the OpenVPN server.
I have disabled WebRTC in my browser.
The one site that consistently shows an IP address from my local ISP is dnsleak.com. I’ve visited four or five other sites to test for DNS leaks, and they all show my VPN provider’s DNS servers.
My router advertises itself as the DNS server to the LAN clients, but it gets its own DNS addresses from the local ISP. If I override that behavior and tell it to advertise specific DNS addresses to the LAN clients, it will do that, and dnsleak.com will then show the owner of those IP addresses.
So how is it, that my Linux host has an active VPN connection, and the “right” DNS addresses in /etc/resolv.conf, that it is still (apparently) somehow using DNS addresses that are advertised by the router?
And how is it that dnsleak.com is the only site that shows a leak of my ISP’s DNS server addresses?
I would like to solve the problem, but I do need the router to keep advertising DNS to all the LAN clients, including my Linux host when it is not using a tunnel. The router is an Asus AC87U running Merlin's AsusWRT firmware.
Thanks for any insight.
Last edited:
