Ubuntu 16.04 VPN : DNS information leaking through dnsmasq
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dnsmasq (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Hi,
After connecting the VPN
# killall -USR1 dnsmasq
# tail syslog.log
...
Jul 13 02:18:56 tp dnsmasq[1476]: time 1499905136
Jul 13 02:18:56 tp dnsmasq[1476]: cache size 0, 0/0 cache insertions re-used unexpired cache entries.
Jul 13 02:18:56 tp dnsmasq[1476]: queries forwarded 154, queries answered locally 1
Jul 13 02:18:56 tp dnsmasq[1476]: queries for authoritative zones 0
Jul 13 02:18:56 tp dnsmasq[1476]: server 198.18.0.1#53: queries sent 0, retried or failed 0
Jul 13 02:18:56 tp dnsmasq[1476]: server 198.18.0.2#53: queries sent 0, retried or failed 0
Jul 13 02:18:56 tp dnsmasq[1476]: server 192.168.0.254#53: queries sent 12, retried or failed 0
The first two name server are provided by the vpn connection.
The last 192.168.0.254 name server is running on my local router and forward request to my ISP (this is the default name server when VPN is not activated).
When I query the DNS, queries are sent to each name server which makes a DNS information leaking to my ISP
I validated that by the mean of tcpdump on eth and tun interfaces and also by using that site: https:/
I tried to force the VPN DNS server IPs in the VPN configuration (edit Vpn connection -> ipv4 - > Automatic Adresses only ..) but the result is the same.
dnsmasq must not have the local DNS present while VPN connection is established.
tags: | added: xenial |
affects: | ubuntu → dnsmasq (Ubuntu) |
Changed in dnsmasq (Ubuntu): | |
status: | Incomplete → New |
Thank you for taking the time to report this bug and helping to make Ubuntu better. It seems that your bug report is not filed about a specific source package though, rather it is just filed against Ubuntu in general. It is important that bug reports be filed about source packages so that people interested in the package can find the bugs about it. You can find some hints about determining what package your bug might be about at https:/ /wiki.ubuntu. com/Bugs/ FindRightPackag e. You might also ask for help in the #ubuntu-bugs irc channel on Freenode.
To change the source package that this bug is filed about visit https:/ /bugs.launchpad .net/ubuntu/ +bug/1704288/ +editstatus and add the package name in the text box next to the word Package.
[This is an automated message. I apologize if it reached you inappropriately; please just reply to this message indicating so.]