PIA client on ubuntu 17.04: DNS leak

Hey,

I noticed that I have a DNS leak when I use the PIA client on the new ubuntu 17.04 release. Ubuntu switched to systemd-resolvd as DNS daemon, so perhaps the problem is related to that. I noticed that some of my DNS queries (not all of them strangely enough) went to my local router instead of going through the VPN tunnel (and that router of course passes it to my ISP).

Is this a known bug? I could switch to pure OpenVPN, but I liked the hassle free client.

With kind regards,
Marcarrelus

Comments

  • edited April 27 Posts: 2
    DNS Leak in 17.04 was reported here:
    https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1685391
    but then it will likely get marked as duplicate of:
    https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1624317

    This is because 17.04 moved to systemd-resolved

    I tried to switch back to dnsmasq, by:
    sudo apt install dnsmasq
    sudo systemctl stop systemd-resolved
    sudo systemctl disable systemd-resolved.service
    then remove the /etc/resolv.conf symlink
    and adding dns=dnsmasq in NetworkManager.conf and restarting network-manager (and note resolv.conf symlink get recreated but this time pointing to networkmanager instead of /run/resolvconf/resolv.conf )
    however dns resolution seems to stop working altogether when I activate the VPN connection via the PIA client.

    So right now I'm in the situation where systemd-resolved leaks DNS, and dnsmasq doesn't work with VPN.
    I guess we'll have to wait for the aforementioned bug to be resolved?
    Post edited by jasmin7 on
  • edited April 27 Posts: 2
    OK Finally a workaround.

    sudo nano /etc/NetworkManager/NetworkManager.conf

    add this line in main section:
    dns=none

    disable and stop systemd-resolved as described in my previous post

    sudo service network-manager restart

    sudo nano /etc/resolv.conf

    #add your normal dns server(s)
    nameserver 8.8.8.8
    nameserver 8.8.4.4

    now you should have manual control over dns plus no more dns leak :-)
    Post edited by jasmin7 on
  • Posts: 9
    Hey Jasm7, you are awesome! :)   The series of steps worked for me.   I went to dns leak test sites and all was okay compared to my tests previously....   I will assume that there is no more leak(s) and I can say with 100% confidence, it sounds like you know what you're talking about. ;)   I'm glad something worked for me, finally.

    Will PIA and/or Ubuntu work at a default workaround so this issue (the leak problem) is avoided 'OOTB' (out of the box) meaning in future Ubuntu and PIA editions, it might not leak and we won't need to edit our config files for Network Manager and DNS configuration?

    VPNs are commonplace now and used frequently by many people so Ubuntu/VPNs should accommodate or (how to describe this?) try to anticipate DNS leaking and how connections to (the servers) occur over time, over new versions of programs/software etc.?   I hope I make sense.  

  • Posts: 9
    Don't do this 'workaround' unless you want no internet connection whenever you reboot.  
  • edited August 8 Posts: 1
    ' Don't do this 'workaround' unless you want no internet connection whenever you reboot. '

    Actually, this is a very solid workaround. The reason you have no connection when you reboot is because DHCP is overwriting your resolve.conf file at startup. If you edit /etc/rc.d/rc.inet1.conf file to have DHCP not overwrite your custom server setting you'll have no problem whatsoever.

    #DHCP_KEEPRESOLV[4]="yes"

    It's as simple as uncommenting this line
    Post edited by Viper7 on
  • Posts: 4
    would this work for 17.10 ubuntu gnome as well

  • Posts: 269
    "17.10", "ubuntu", and "gnome" both individually and collectively have little to do with "DHCP" and especially little to do with "DNS". 

    You go get the giraffe and I'll fill the bathtub with brightly colored screwdrivers.

    observe the content of resolv.conf after system reboot and network interface is up.
    observe the content of resolv.conf again after VPN is up.

    try it.

  • Posts: 266
    @no0ne @martouf The DNS issue is fixed in v73.
  • edited November 15 Posts: 1
    Max-P said:
    @no0ne @martouf The DNS issue is fixed in v73.
    @Max-P ; It's still present for me on 17.10 and v74 of the PIA app
    Post edited by drewski3420 on
  • Posts: 269
    observe the content of resolv.conf after system reboot and network interface is up. save a copy - contents are golden. observe the content of resolv.conf again after VPN is up.
Sign In or Register to comment.