2

I have configured OpenVPN server for using Clouflare DNS - 1.1.1.1. I use OpenVPN connection in the next way: sudo openvpn --config Config.ovpn on my local machine in WiFi network.

My ISP provider blocks some sites, for instance mail.ru with default these configuration configuration I'm not able to establish connection to the blocked site, while my IP address corresponds to the address of OpenVPN server. I found out that I have the next DNS configuration:

nmcli device show wlo1  | grep IP4.DNS:

IP4.DNS[1]:                             192.168.0.1
IP4.DNS[2]:                             1.1.1.1

After I got rid of the first record I was able to establish connection to the blocked site.

I suggest that 192.168.0.1 was DNS of my ISP and accordingly it was blocked and removing of it solved the issue.

I have two questions:

  1. Does this situation correspond to case of using OpenVPN with kind of poisoned DNS?
  2. Even if I used OpenVPN connection but with DNS of my ISP, could ISP track my network traffic?
Ghost Rider
  • 345
  • 2
  • 7

1 Answers1

1

This doesn't have anything to do with DNS poisoning, it's most likely just an error in the configuration of your embedded device (presumably an Internet-facing router).

However, it might just behave like DNS poisoning, heavily impacting the privacy of your activity on the Internet.

As a matter of fact, if you're using whatever VPN connection you may set up but with your stub resolver going into your provider's network (which you'll always still have there on your network interface), the provider would be able to record all your DNS requests at will and stream them to any third party they would like to.

Moreover, your provider would be able to provide you with false DNS responses. For HTTPS requests, that's usually not a real issue if you're aware of basic TLS/PKIX concepts (like, not blindly accepting self-signed certificates or certificates with issues), but it might be a problem for the rest of your actions, e.g. HTTP, e-mail, applications not following best practices, etc.

Actually, modern browsers have started to implement DoH which never leaks your in-browser DNS queries to whatever is configured as a recursive resolver on your network, and if you care about your privacy, you may want to choose one of those. But the rest of applications are still exposed to the risk outlined above.

ximaera
  • 3,445
  • 9
  • 23
  • thx for the great answer. Changing DNS to 1.1.1.1 in router's config solved that issue. As I have DNS 1.1.1.1 in Open VPN's config, I suggested that it would "override" local DNS of my provider 192.168.0.1. As consequence requests from my VPN's IP to DNS of my provider were visible. – Ghost Rider Nov 25 '18 at 22:18
  • I also wondering: if i used connection to something like proxy, tor, i2p with this misconfigured settings, would it be visible for ISP? – Ghost Rider Nov 25 '18 at 22:22