Jump to content
TorGuard

Search the Community

Showing results for tags 'dns'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • The Lounge
    • TorGuard News
    • Introductions
    • General Stuff
    • Member Tutorials
    • TorGuard Reviews
  • TorGuard Software Releases
    • Network Status
    • TorGuard Client Releases
    • Android Client Releases
    • iOS App Releases
    • Chrome Extension Releases
    • Firefox Extension Releases
  • TorGuard VPN Support
    • VPN Questions and General Support
    • VPN Windows Support
    • VPN Mac Support
    • VPN Linux Support
    • VPN Router Support
    • iOS VPN Support
    • Android VPN Support
  • TorGuard Proxy Support
    • Proxy Questions and General Support
    • Firefox Extension Support
    • Chrome Extension Support

Found 17 results

  1. Hello All, I am the guy - directnupe - who wrote the guides - https://torguard.net/forums/index.php?/topic/1374-adding-dns-over-tls-support-to-openwrt-lede-with-unbound/ and https://forum.lede-project.org/t/adding-dns-over-tls-support-to-openwrt-lede-with-unbound/13765 . You also can leave out GETDNS and STUBBY see here: https://blog.grobox.de/2018/what-is-dns-privacy-and-how-to-set-it-up-for-openwrt/ # "read all guides to see how to install and run UNBOUND" Prerequisite You have a ca cert bundle installed on your router. You can do this by running the following opkg update / opkg install ca-certificates / opkg install luci-ssl For DNS-Over-TLS support to OpenWRT (LEDE) with Unbound without GETDNS and STUBBY - see this article - https://www.ctrl.blog/entry/unbound-tls-forwarding and https://www.monperrus.net/martin/randomization-encryption-dns-requests In OpenWrt / Lede the ca-certificates package is located in /etc/ssl/certs/ca-certificates.crt much like Debian/Ubuntu. So actually as the title of the article says in order to " Actually secure DNS over TLS in Unbound " you should configure it thusly ( using Coudflare and Quad9 for this example - IPV4 and IPV6 if you so choose ) : First go into SSH shell and enter : nano /etc/unbound/unbound_srv.conf enter the following in the new file: server: do-tcp: yes prefetch: yes qname-minimisation: yes rrset-roundrobin: yes use-caps-for-id: yes tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt" # For OpenWrt Then hit ( Ctrl + o ) - you will be asked to write file - hit enter to save file then ( Ctrl + x ) to close file and go back into shell Next go into SSH shell and enter : nano /etc/unbound/unbound_ext.conf enter the following in the new file: forward-zone: name: "." forward-addr: 2620:fe::[email protected]#dns.quad9.net forward-addr: [email protected]#dns.quad9.net forward-addr: 2620:fe::[email protected]#dns.quad9.net forward-addr: [email protected]#dns.quad9.net forward-addr: 2606:4700:4700::[email protected]#cloudflare-dns.com forward-addr: [email protected]#cloudflare-dns.com forward-addr: 2606:4700:4700::[email protected]#cloudflare-dns.com forward-addr: [email protected]#cloudflare-dns.com forward-ssl-upstream: yes Then hit ( Ctrl + o ) - you will be asked to write file - hit enter to save file then ( Ctrl + x ) to close file and go back into shell I use GetDns Stubby and Unbound - so this is not how I employ DNS-Over-TLS ( see first 2 links above if you wish to take a look at that option ) Look at bottom of page on reddit post for related entry Peace, directnupe
  2. Cloudflare lunched privacy first DNS 1.1.1.1 and 1.0.0.1 You can find out more https://1.1.1.1 and https://news.ycombinator.com/item?id=16727869 I would love to hear thoughts on how are they comparing to TorGuard DNS?
  3. Warning: DNS Leaks

    Attention: TorGuard foreign servers in Switzerland and Iceland are leaking DNS data traceable to a US-based IP address. These connections are NOT secure. Please remember to ALWAYS use https://www.dnsleaktest.com to verify a secure connection.
  4. for the fields under the Network tap->DNS, i'm curious what others use here when adding their choice of DNS servers, like from OpenNIC, dnscrypt, etc? best practice to ensure anon DNS lookups and such. tia
  5. Looks like a nice 🕳ï¸, what's going on ? Since today I see more than 1 DNS server on DNS leak, these are all torguards, which I actually really like to see 8.0.11.12 DNS-8-0-11-15.Chicago1.Level3.net Level 3 Communications United States 8.0.11.15 cns3.Chicago2.Level3.net Level 3 Communications United States 8.0.11.0 DNS-8-0-11-8.Chicago1.Level3.net Level 3 Communications United States 8.0.10.6 DNS-8-0-11-11.Chicago1.Level3.net Level 3 Communications United States 8.0.10.11 DNS-8-0-11-9.Chicago1.Level3.net Level 3 Communications United States 8.0.10.7 DNS-8-0-10-1.Chicago1.Level3.net Level 3 Communications United States 8.0.11.8 DNS-8-0-11-14.Chicago1.Level3.net Level 3 Communications United States 8.0.10.3 DNS-8-0-11-4.Chicago1.Level3.net Level 3 Communications United States 8.0.10.13 DNS-8-0-10-2.Chicago1.Level3.net Level 3 Communications United States 8.0.10.1 DNS-8-0-11-6.Chicago1.Level3.net Level 3 Communications United States 8.0.11.11 DNS-8-0-10-12.Chicago1.Level3.net Level 3 Communications United States 8.0.11.9 DNS-8-0-10-6.Chicago1.Level3.net Level 3 Communications United States 8.0.10.9 DNS-8-0-10-11.Chicago1.Level3.net Level 3 Communications United States 8.0.11.7 DNS-8-0-11-12.Chicago1.Level3.net Level 3 Communications United States 8.0.11.14 DNS-8-0-10-3.Chicago1.Level3.net Level 3 Communications United States 8.0.11.4 DNS-8-0-10-7.Chicago1.Level3.net Level 3 Communications United States 8.0.10.2 DNS-8-0-10-9.Chicago1.Level3.net Level 3 Communications United States 8.0.11.6 DNS-8-0-10-13.Chicago1.Level3.net Level 3 Communications United States 8.0.10.12 DNS-8-0-11-7.Chicago1.Level3.net Level 3 Communications United States 8.0.11.5 DNS-8-0-11-5.Chicago1.Level3.net Level 3 Communications United States So, is it just on me/my server or is this implemented already on most servers?
  6. Check DNS requests guide (webarchive) In previous guide, I described how to get rid of your ISP or any other service (even TorGuard itself) hijacking your DNS (webarchive) In this topic I will show how you simply can find out what exactly is going on with port 53 which is default DNS port. Requierments HowTo/Wiki/Links Please read about tcpdump usage and how to on github, I will show here one exampe where I do check DNS requests on tun0 which is my openvpn tunnel connected to TorGuard. You can filter the command from the codebox below, but for simplicity, here it is: # tcpdump -vvv -i YOURINTERFACE port PORTNUMBER # Please lookup here for explanation of other options # - https://github.com/the-tcpdump-group/tcpdump tcpdump -vvv -i tun0 port 53 Logfile of test dump (it is long, that is why I'll put it into spoiler, for better overview) This is example of port 53 (DNS requests) when starting a stream on netflix US : (it will run until you stop it, you can do it by pressing CTRL+C on your keyboard) Results Here we received 26 packets and now we have clear DNS requests overview. What did we find? Let's take one line out of this log, this as example: 05:40:20.548149 IP (tos 0x0, ttl 64, id 59800, offset 0, flags [none], proto UDP (17), length 529) b.resolvers.Level3.net.53 > 10.35.0.6.25006: [udp sum ok] 38042 q: A? ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. 1/8/10 ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. [1h] A 108.175.38.188 ns: ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.com., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.net., ix.nflxvideo.net. [3h48m5s] NS ns2.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS ns3.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.biz., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.org., ix.nflxvideo.net. [3h48m5s] NS ns4.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS ns1.p30.dynect.net. ar: pdns154.ultradns.com. [1d19h29m25s] A 156.154.64.154, pdns154.ultradns.com. [16h59m27s] AAAA 2001:502:f3ff::be, ns3.p30.dynect.net. [3h48m10s] A 208.78.71.30, pdns154.ultradns.org. [15h27m14s] AAAA 2001:502:4612::be, ns4.p30.dynect.net. [3h48m10s] A 204.13.251.30, ns2.p30.dynect.net. [3h48m10s] A 204.13.250.30, pdns154.ultradns.net. [1d3h48m5s] A 156.154.65.154, pdns154.ultradns.net. [2h55m55s] AAAA 2610:a1:1014::be, pdns154.ultradns.biz. [15h27m14s] AAAA 2610:a1:1015::be, ns1.p30.dynect.net. [3h48m10s] A 208.78.70.30 (501) Basicly, all lines do the same if you take closer look, when you press play button on your browser, netflix does contact these servers on port 53. Choosen line in more understandable format Please do not think that preventing netflix to make this check (dns request) will help you with their service, this is not enough. But if you need to redirect anything, then this is how to get required information or simply to log your network. If there are requests, I'll write you a gui for Luci in openwrt where you can make these tests or whatever could be the goal of the requested app. You are free to discuss about your (or my ) results, check your ISP's and if you are conform with anything, well, listening to people on internet is not good, trying it out and doing yourself is good. At the end, whatever you want to do, you can automate it, ie. redirecting all these requests to your StreamIP (lol , this would have worked until the last crackdown but not anymore). Other services still work with that and there are plenty of streaming services. However, its good to know what your network does, at least on important ports like D Hope my terrible english is good enough for writting guides, but sorry for typos or some strange expressions.
  7. I have posted already how to prevent hijacking of your DNS by your IP. There are some ISP's like Verizon, T-Mobile, ... which do send all traffic over port 53 (yes, they hijack your DNS), regardless of which DNS servers you use. Here is how to get rid of that and redirect it to some another address with help of iptables instead editing dnsmasq in WebIF (which is still my preferable solution for most tasks), in this example I'll redirect all dns requests to my custom dns server, to lan1 in this case, which is my local DNS Server Openwrt (I think ddwrt should work too, but I did not test it on ddwrt but basicly it should be the same, just check the names of devices) iptables -t nat -A PREROUTING -i br-lan -p udp --dport 53 -j DNAT --to 192.168.1.1 On openwrt and other releases, switch on masquerading, it is required. Now a question to TorGuard, do you/can you offer alternative ports for those who maybe can't use first method described, neither this second solution. To find out what is going on through your DNS port, read here.
  8. The TG Vpn update of November 19, 2016 has somehow changed my Adapter Settings for my ethernet, wfi, and it's very own TAP windows adapter settings affecting no response from the DNS Server. So basically, I could not connect to the internet (by ethernet or wifi) and I figured it out by myself on how to fix the issue. I had to make sure that I had to change IPv4 and IPv6 Settings on said adapters to obtain IPv4 and IPv6 addresses and DNS Server Addresses automatically and it would fix the issue... BUT then the settings would change so I have to figure out which adapter had the settings changed, whether be it TG (TAP) adapter or my own Ethernet or wifi adapters, I have to manually fix it. Is this some kind of glitch??? or error?
  9. Hello, I'm trying to keep my DNS servers pointed to the TG servers: 104.223.91.194 104.223.91.210 91.121.113.58 91.121.113.7 In order to do this, I wrote a script for OSX #!/bin/bash sleep 5 networksetup -setdnsservers Wi-Fi 104.223.91.194 104.223.91.210 91.121.113.58 91.121.113.7 the script file has permissions: -r-xr-xr-x 1 username staff In some reason it doesn't set DNS after connection automatically. It requires me to run in manually with sudo from command line. Any idea what how to achieve that?
  10. DNS Problem

    Hello everyone, I'm on Ubuntu 16 and I have having a problem with the DNS on ipleak.net. When I use it on windows it will show the server in either france or sweden (I usually use stockholm). When I use it on here it shows around 20 or so IP's from the US. They are different than what I get when I don't use torguard however. The method I use is network connections, edit, ipv4, then I add the additional servers. It might have to do with this tunn connection that I see. Anyone have any ideas?
  11. TorGuard V 0.3.47 Debian jessie ISP AT&T I can't stop AT&T from hijacking my DNS requests. When I first connect with TorGuard (stop DNS blocking enabled) DNSLeakTest shows various DNS servers depending on what TorGuard server I use. But after a few minutes, anywhere from immediately to 30 mins, AT&T starts hijacking my DNS requests. Any suggestions? Thanks AT&T for you douchebaggery, but there is no reason you need to know what I'm doing. I f'n hate being tracked!
  12. On one of my devices I've been getting the following error all day long when I connect to torguard: "Blocking DNS Failed!" The connection is then dropped. This device has connected without issue in the past, and other devices are connecting as normal on the same network. I didn't change anything in the settings. Any suggestions? Edit: This problem seems to have been fixed by updating torguard. The auto-updater didn't show a new version until today.
  13. Samsung Smart TV setup

    Hey, I have a Samsung Smart TV that is about a year old. I can't seem to get the US version of netflix going (in australia). Does anyone know how to set this up? thanks.
  14. Smart dns release date?

    When will smart dns be released?
  15. Please can anyone help me figure out why i am getting DNS leaks? I have set my network connections to use the torguard dns servers... still getting leaks.
  16. DNS leak

    Hi, I've installed the Torguard app ( https://play.google.com/store/apps/details?id=net.torguard.openvpn.client) on my Android 4.2.2 The VPN is working but my DNS is leaking. I did my tests with https://dnsleaktest.com/ Does the application even try to change the DNS? Did you publish a guide or do you have suggestion on how to solve this problem? p.s. your service to test dns doesn't work, I think because it's an https page that tries to load some http content https://torguard.net/vpn-dns-leak-test.php
  17. fixxing dns leak from ipleak

    Hello. While using both torguard lite and viscosity on the website ipleak.net I still get dns leaks. In a post a month or so ago the mention changing the dns to use a static one that is provided. I dont see a way to change it through both appliacations. Would I have to change it though windows and if I do, while I am not using a VPN will that affect anything. Also I am using firefrox and have changed the setting that allows for the RTC leak
×