block outside dns, fix dns leak ubuntu 18.04
Using dns leak test while under my VPN I discovered that it was leaking. I've setup my VPN via NetworkManager and it works properly except for the leak.
First, i've tried to add block-outside-vpn
to the configuration file except that under /etc/NetworkManager/system-connections
it does not follow the same format. I couldn't find the doc on how to properly write one for dns leaks.
Also, using Ubuntu 18.04 resolv.conf does not work like before, all the other answers are based on that.
Briefly, how to block outside dns (leak) using Network Manager configuration files or the GUI?
To fix DNS leaks on Ubuntu 18.04, you can edit a file called /etc/dhcp/dhclient.conf
. According to the manual page, this file "provides a means for configuring one or more network interfaces using the Dynamic Host Configuration Protocol, BOOTP protocol, or if these protocols fail, by statically assigning an address."
As for fixing your DNS leaks, we will be editing this file. Opening it with the proper permissions, you will see a commented line that looks something like this:
#prepend domain-name-servers 127.0.0.53;
Uncomment this line, and change the domain-name-server to a different one, such as OpenDNS: 208.67.222.222. Using this OpenDNS address, this line would now look like this:
prepend domain-name-servers 208.67.222.222;
After saving the file and rebooting your system, this should fix the DNS leaks on Ubuntu 18.04.
I suggest using dnscrypt
.
First install it:
sudo apt install dnscrypt-proxy
By default it will listens to 127.0.2.1
port 53
.
Edit your VPN or any other connection you like and set 127.0.2.1
as its DNS server, using CLI you can run:
nmcli connection modify [CONNECTION-NAME] ipv4.dns 127.0.2.1
And just in case block the out going DNS requests:
sudo ufw deny out 53
And make sure firewall is enabled:
sudo ufw enable
If you have a DNS leak as indicated by checking on browserleaks.com or dnsleaktest.com,
Shut off your VPN connection
Attempt to undo any .conf file edits you've wasted time already making. If you've been trying a lot of various suggestions, your best good chance might be to do a fresh install and ensure you've also installed networkmanager-openvpn-gnome as Ubuntu does not have VPN config importing provided by default.
-
Install dnsmasq
sudo apt update sudo apt install dnsmasq
-
Disable resolved
sudo systemctl disable systemd-resolved.service sudo systemctl stop systemd-resolved.service
-
Remove /
etc/resolv.conf
and create a new one:sudo rm /etc/resolv.conf sudo nano /etc/resolv.conf
-
Enter into your empty
.conf
file:nameserver 127.0.0.1` that's all!
Press Ctrl+x to exit the editor. Enter y to save and then press Enter to overwrite your new
resolv.conf
file.-
Edit your NetworkManager.conf file
sudo nano /etc/NetworkManager/NetworkManager.conf
and add the following:
dns=dnsmasq
beneath the lines (navigate using arrow keys), [main] and plugins=ifupdown, keyfile exactly like this with the new line added.
[main] plugins=ifupdown, keyfile dns=dnsmasq
Press Ctrl+x to exit the editor. Enter y to save and then press Enter to overwrite the file.
Back out of the terminal, and reboot the system and check your dnsleak test site for results.
With thanks to Anonymous VPN whose solutions for Leaks on Ubuntu/Network Manager seem well researched and successful. THEY WORK and when no other solutions worked for me, these did. The above shown solution works for Ubuntu 17.x and 18.04 LTS. See his other solution for 16.04 LTS.