On 20/10/12 05:20, Tim wrote:
On Sat, 2012-10-20 at 04:08 -0400, Bob Goodwin - Zuni, Virginia, USA
wrote:
> Ok, this is what I see. What is it telling me?
>
> We detected the 2 DNS servers listed below.
>
> WARNING: If you are connected to an anonymity/privacy service and
> ANY of the servers listed below are from your ISP then your DNS is
> leaking. (You should be able to recognize them based on the hostname
> and location).
>
> IP: 184.63.128.68
> Hostname: 184.63.128.68
> ISP: Wildblue Communications
> Country: United States
>
> IP: 184.63.128.69
> Hostname: 184.63.128.69
> ISP: Wildblue Communications
> Country: United States
>
> DNS should be set for opendns 208.67.220.220 and 222. The dns address
> they provided me six years ago is 12.189.32.61. I don't see either
> here, just a Wildblue address,different from the one my router thinks
> it is connected to [WAN IP: 184.20.151.17].
Going from what I read of their site, that means that they've figured
out the DNS servers you're getting answers from are the ones listed
above, not the ones that you're hoping to use. Therefore, your ISP is
acting as a transparent proxy, intercepting all your DNS requests and
answering them, themselves, no matter what you do.
In my case, it comes back with my public IP address. Which, kind of,
makes sense. I run my own DNS servers, on my LAN, which is behind a
router doing NAT.
I'd like to know how they're doing their discovery.
I can understand why ISPs might do proxying, though I don't think it's a
brilliant idea (likewise with HTTP proxying). There's customers that
badly configure their computers, so intercepting is a simplistic way to
work around that. Some ISPs might try protecting their users from
malicious content on the internet, though they could do that with their
own servers without proxying, allowing you to make your own mind up to
use their censored servers or your own choice of servers. And some ISPs
are obligated to censor children's access, again they could do that
other ways.
I was afraid that's what it meant and that explains some of the odd
results I've been seeing when changing my dns settings. It also means
that I am not getting the services I paid Opendns for which raises a
question of ethics. Should Opendns have known that a particular ISP
operates this way? Wildblue/Viasat is a major ISP!
Wildblue shut down their mail servers several years ago and routed
e-mail through Google, we are actually on gmail.com servers for e-mail
and I wonder if the dns service did not become what it is at that time?
I will inquire of Opendns about this. Perhaps they can offer a solution
... I am pretty well tied to my ISP since it is the only reasonably fast
service available here in this rural area, we don't even have cable TV.
There is dial-up but no DSL.
At dnsleaktest.com they describe a packaged solution for Windows VPN:
3 basic steps to fix the problem;
1. Before connecting to the VPN, set static IP address properties
if you are using DHCP
2. After connecting, remove DNS settings for the primary interface
3. After disconnecting, switch back to DHCP if neccessary or
reapply original static DNS servers
Which leaves wondering if there's a Linux solution available for my
non-VPN system?
Thanks,
Bob
--
http://www.qrz.com/db/W2BOD box9
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
