**********
noctua@corinth:~$ systemd-resolve --status
Global
DNSSEC NTA: 10.in-addr.arpa 16.172.in-addr.arpa 168.192.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa corp d.f.ip6.arpa home internal intranet lan local private test
Link 5 (tun0)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 209.222.18.222 209.222.18.218
Link 2 (wlo1)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 192.168.1.1
DNS Domain: home
Query round Progress... Servers found
1 ...... 2
2 ...... 1
3 ...... 2
4 ...... 1
5 ...... 1
6 ...... 2
IP Hostname ISP Country
173.239.219.2 ip-2-219-239-173.east.us.northamericancoax.com LogicWeb Inc United States
71.242.0.136 none Verizon Internet Services United States
71.242.0.214 none Verizon Internet Services United States
**********
As you can see, the 'routing-only domain' line "DNS Domain: ~." is missing and DNS leaks are clearly happening while connected to the VPN as queries are being routed to the ISP (Verizon in this case).
**********
16.172. in-addr. arpa
168.192. in-addr. arpa
17.172. in-addr. arpa
18.172. in-addr. arpa
19.172. in-addr. arpa
20.172. in-addr. arpa
21.172. in-addr. arpa
22.172. in-addr. arpa
23.172. in-addr. arpa
24.172. in-addr. arpa
25.172. in-addr. arpa
26.172. in-addr. arpa
27.172. in-addr. arpa
28.172. in-addr. arpa
29.172. in-addr. arpa
30.172. in-addr. arpa
31.172. in-addr. arpa
corp
d.f.ip6. arpa
home
internal
intranet
lan
local
private
test
noctua@corinth:~$ systemd-resolve --status
Global
DNSSEC NTA: 10.in-addr.arpa
Link 5 (tun0)
209.222. 18.218
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 209.222.18.222
Link 2 (wlo1)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 192.168.1.1
DNS Domain: home
********** 3ca9-4e88- b6e1-574b4e17ca 54 stable- id: -- interface- name: tun0 autoconnect: no autoconnect- priority: 0 timestamp: 1497284475 read-only: no permissions: slave-type: -- autoconnect- slaves: -1 (default) secondaries: gateway- ping-timeout: 0 auto-routes: no auto-dns: no client- id: -- send-hostname: yes auto-routes: no auto-dns: no send-hostname: yes 3ca9-4e88- b6e1-574b4e17ca 54 p/NetworkManage r/ActiveConnect ion/4 p/NetworkManage r/Settings/ 4 SPEC-OBJECT: / MASTER- PATH: -- 6f85:5cb7: 142/64
noctua@corinth:~$ nmcli connection show tun0
connection.id: tun0
connection.uuid: a61ca484-
connection.
connection.
connection.type: tun
connection.
connection.
connection.
connection.
connection.
connection.zone: --
connection.master: --
connection.
connection.
connection.
connection.
connection.metered: unknown
connection.lldp: -1 (default)
ipv4.method: manual
ipv4.dns:
ipv4.dns-search:
ipv4.dns-options: (default)
ipv4.dns-priority: 100
ipv4.addresses: 10.38.1.6/32
ipv4.gateway: 10.38.1.5
ipv4.routes: { ip = 10.38.1.1/32, nh = 10.38.1.5, mt = 50 }
ipv4.route-metric: 50
ipv4.ignore-
ipv4.ignore-
ipv4.dhcp-
ipv4.dhcp-timeout: 0
ipv4.dhcp-
ipv4.dhcp-hostname: --
ipv4.dhcp-fqdn: --
ipv4.never-default: no
ipv4.may-fail: yes
ipv4.dad-timeout: -1 (default)
ipv6.method: link-local
ipv6.dns:
ipv6.dns-search:
ipv6.dns-options: (default)
ipv6.dns-priority: 100
ipv6.addresses:
ipv6.gateway: --
ipv6.routes:
ipv6.route-metric: -1
ipv6.ignore-
ipv6.ignore-
ipv6.never-default: no
ipv6.may-fail: yes
ipv6.ip6-privacy: -1 (unknown)
ipv6.addr-gen-mode: stable-privacy
ipv6.dhcp-
ipv6.dhcp-hostname: --
ipv6.token: --
tun.mode: 1 (tun)
tun.owner: --
tun.group: --
tun.pi: no
tun.vnet-hdr: no
tun.multi-queue: no
GENERAL.NAME: tun0
GENERAL.UUID: a61ca484-
GENERAL.DEVICES: tun0
GENERAL.STATE: activated
GENERAL.DEFAULT: yes
GENERAL.DEFAULT6: no
GENERAL.VPN: no
GENERAL.ZONE: --
GENERAL.DBUS-PATH: /org/freedeskto
GENERAL.CON-PATH: /org/freedeskto
GENERAL.
GENERAL.
IP4.ADDRESS[1]: 10.38.1.6/32
IP4.GATEWAY: 10.38.1.5
IP4.ROUTE[1]: dst = 10.38.1.1/32, nh = 10.38.1.5, mt = 50
IP6.ADDRESS[1]: fe80::376b:
IP6.GATEWAY:
********** /dnsleaktest. com
extended test from https:/
Test complete
Query round Progress... Servers found 239-173. east.us. northamericanco ax.com LogicWeb Inc United States
1 ...... 2
2 ...... 1
3 ...... 2
4 ...... 1
5 ...... 1
6 ...... 2
IP Hostname ISP Country
173.239.219.2 ip-2-219-
71.242.0.136 none Verizon Internet Services United States
71.242.0.214 none Verizon Internet Services United States
**********
As you can see, the 'routing-only domain' line "DNS Domain: ~." is missing and DNS leaks are clearly happening while connected to the VPN as queries are being routed to the ISP (Verizon in this case).