cancel
Showing results for 
Search instead for 
Did you mean: 

Plusnet now using a transparent DNS proxy?

rotiferuk
Hooked
Posts: 5
Thanks: 2
Registered: ‎09-04-2016

Plusnet now using a transparent DNS proxy?

It would appear Plusnet have deployed a transparent DNS  proxy. I use a VPN which uses its own DNS and has a built in "leak" prevention. This has worked fine, however, today I ran the test here - https://dnsleaktest.com and it returned Plusnet rather than the DNS my VPN was set to. In the past it has returned the VPN's DNS.

9 REPLIES 9
pwatson
Rising Star
Posts: 2,470
Thanks: 8
Fixes: 1
Registered: ‎26-11-2012

Re: Plusnet now using a transparent DNS proxy?

Transparent DNS proxies are used by some ISPs (not PN as far as I'm aware) to intercept 'normal' DNS requests and provide locally cached results or direct a user to an ISP specific 'not found page'.  All traffic over a VPN tunnel is encrypted and the ISP cannot decode the traffic carried, be they HTTP, DNS, SSH sessions etc.

Many VPN clients have a setting to determine whether DNS requests should be made via the VPN tunnel or via whatever DNS setting are specified in the client machine's network config.  In your case, it sounds like this setting isn't enabled so requests are hitting the PN DNS servers instead.  You can prove this by setting your PC DNS servers manually to Google (for example) - 8.8.8.8.and 8.8.4.4 and re-running your test.  

rotiferuk
Hooked
Posts: 5
Thanks: 2
Registered: ‎09-04-2016

Re: Plusnet now using a transparent DNS proxy?

Thank you for your reply.

1) Transparent DNS proxies can also be used to "force" users through an ISP's DNS. Which means even if a user is browsing through a VPN their browsing requests can still be seen. A VPN is only secure if browsing requests are routed through a DNS which does not belong to the ISP.

 

2) Yes, my VPN has a DNS leak protection setting. Yes it is turned on. My PC DNS settings are the ones specified by my VPN provider. They are set automatically when the option is turned on in the VPN.

3) I tried turning the option off in the VPN and setting my PC DNS to Google as you suggested. It makes no difference. The leak test still returns Plusnet.   

pwatson
Rising Star
Posts: 2,470
Thanks: 8
Fixes: 1
Registered: ‎26-11-2012

Re: Plusnet now using a transparent DNS proxy?

a) Plusnet do not have a transparent DNS proxy

b) Plusnet allow you to use any DNS provider or your choice

c) If a VPN is configured to carry all traffic, an ISP doesn't see any DNS requests so couldn't proxy them anyway

 

There's something wrong with your VPN/networking config if you're getting responses from the PN DNS servers or the 'leak' test you're performing is flawed.

Can you post the result from an nslookup of www.bbc.co.uk when running the VPN client and when not?

Can you also explain how your VPN access is setup?  Is this a PC client or is it set up in your router?

rotiferuk
Hooked
Posts: 5
Thanks: 2
Registered: ‎09-04-2016

Re: Plusnet now using a transparent DNS proxy?

1) If DNS requests go through the VPN's DNS then it is secure. If DNS requests are routed through the ISP DNS then the ISP can still see the web pages being requested.

2) I have used the following leak tests 

https://dnsleaktest.com

https://www.perfect-privacy.com/dns-leaktest/

https://ipleak.net

They all show Plusnet rather than my PC DNS which is set up as specified by my VPN.

3) With VPN

Microsoft Windows [Version 10.0.10240]
(c) 2015 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>nslookup www.bbc.co.uk
Server: dsldevice.lan
Address: fe80::3291:8fff:fe10:e4e6

Non-authoritative answer:
Name: www.bbc.net.uk
Addresses: 212.58.244.71
212.58.246.95
Aliases: www.bbc.co.u

Without VPN


C:\WINDOWS\system32>nslookup www.bbc.co.uk
Server: dsldevice.lan
Address: fe80::3291:8fff:fe10:e4e6

Non-authoritative answer:
Name: www.bbc.net.uk
Addresses: 212.58.244.70
212.58.246.94
Aliases: www.bbc.co.uk


C:\WINDOWS\system32>

4) My VPN is set up vis a PC client. The last time I ran a leak test prior to today was about 3 weeks ago. At that time it showed my VPN's DNS. 

bobpullen
Community Gaffer
Community Gaffer
Posts: 16,932
Thanks: 5,024
Fixes: 317
Registered: ‎04-04-2007

Re: Plusnet now using a transparent DNS proxy?

Looks to me like the machine you ran those commands from is proxying DNS queries through the router (which will be using our DNS servers unless you've configured it to do otherwise).

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

pwatson
Rising Star
Posts: 2,470
Thanks: 8
Fixes: 1
Registered: ‎26-11-2012

Re: Plusnet now using a transparent DNS proxy?


@rotiferuk wrote:

1) If DNS requests go through the VPN's DNS then it is secure. If DNS requests are routed through the ISP DNS then the ISP can still see the web pages being requested.


Absolutely correct, and it is down to your networking config whether all the traffic is routed over the VPN or not - Noting to do with Plusnet.

In this case though it's a red herring - Turn off IPv6 in the PC network adapter settings and try again... Wink

rotiferuk
Hooked
Posts: 5
Thanks: 2
Registered: ‎09-04-2016

Re: Plusnet now using a transparent DNS proxy?

Turning off  IPv6 has resolved the issue. Many thanks Smiley

rotiferuk
Hooked
Posts: 5
Thanks: 2
Registered: ‎09-04-2016

Re: Plusnet now using a transparent DNS proxy?

I ran nslookup again after turning off IPv6. This time it shows my VPN's DNS, which is set in my Network configuration. 

pwatson
Rising Star
Posts: 2,470
Thanks: 8
Fixes: 1
Registered: ‎26-11-2012

Re: Plusnet now using a transparent DNS proxy?

By way of explanation:

The VPN client is setup to pass all IPv4 traffic over the tunnel.  This is why the DNS lookups are now going to where you expected.  

Your router is configured as an IPv6 DHCP server however and is dishing out link local addresses to any IPv6 clients.  It is also acting as a proxy DNS server and, as you haven't got IPv6 WAN conectivity, is passing those lookups to its configured IPv4 DNS servers ie Plusnet.  Because your PC had IPv6 enabled it tried to use IPv6 in preference to IPv4 so was passing the DNS requests to the IPv6 DNS server ie your router and hence PN.

Turning off IPv6 has restored normality...