dnscrypt-proxy seems to kick off when I connect to IVPN servers

[smiledahling]

Still learning my way around networking so if I'm missing something basic I humbly ask for your patience.

Issue: It seems like dnscrypt-proxy kicks off when I connect to IVPN.

I think this because I'm using the dnscrypt menu via BitBar and when I connect to IVPN it shows I've toggled from using dnscrypt to using "other dns."

Within the IVPN mac program there is an option to "disable DNS leak protection." I left that unchecked because I'd like to have as much DNS leak protection as possible. Is this causing interference with dnscrypt-proxy?

The reason I'm confused is because I was using the dnscrypt menu bar for OSX (no longer supported) and was able to connect to dnscrypt just fine while also connected to IVPN.

Any ideas?

[jedisct1]

Hi,

I'm not familiar with iVPN, but when the "leak protection" switch is on, it probably overrides the DNS settings with the iVPN servers.

Which is fine, as it will encrypt and authenticate DNS queries just like dnscrypt-proxy would.

If you need to use other features of dnscrypt-proxy, disabling the "leak protection" is probably the way to do it. If only dnscrypt-proxy is used, there won't be any leaks no matter what.

[smiledahling]

Thanks for the response. I'd say you're probably right but I just tested connecting to IVPN after disabling the DNS leak protection but the BitBar plug-in shows that DNSCrypt kicks off again.

Moreover, I performed a DNS leak test via https://www.dnsleaktest.com/ while IVPN was disconnected and DNSCrypt (according to the BitBar plugin) was active and my real DNS showed up.

Via the terminal, I ran

sudo tcpdump -i en4 -vvv 'port 443'

and I do see silver.deepdns.cryptostorm.net which is one of the resolvers on the opennic resolver list so I'm assuming that DNSCrypt is working but how can I tell for sure, especially when my real DNS appears during a leak test?

I apologize if these are all noob question and I do really appreciate the help.

[jedisct1]

What resolvers do you see in the /etc/resolv.conf file?

If the only one you see is 127.0.0.1, there shouldn't be any leaks.

Unfortunately, I can't help with iVPN as I've never used it. Maybe their support can help?

[ibksturm]

i can tell you whats about vpn tunnels, build with openvpn. So i'm running one on my own raspi (also with a ipv6 tunnel and dnscrypt + blacklist)

on openvpn (the software https://openvpn.net/index.php/open-source/downloads.html) you could configure a) ALL traffic runs thru VPN tunnel (push "redirect-gateway def1 bypass-dhcp") b) ALL DNS Request's run thru VPN Tunnel (push "dhcp-option DNS 192.168.0.190") => my dns server ip

so in my specific configure the setup it's like

client (somewhere ) === openVPN Tunnel === | homeserver | === dnsmasq (port 53) -> dnscrypt-proxy (port 853)

on your problem, maybe it's a configurationthing with iVPN (i dont know them). perhabs they setuptheir system, that all traffic, inlcuding dns, running thru tunnel... Maybe as Frank told you, ask their support

[JayBrown]

Don't know anything about IVPN, but I use OpenVPN a lot (with Viscosity as the managing app), and since VPN tunnels are (usually) encrypted, I've specified my own list of DNS resolvers in the VPN configurations, which overrides anything that was previously in /etc/resolv.conf, whether local DNS, manually added resolvers, or DNSCrypt. That's actually the way it's supposed to be: either use the default DNS provided by the VPN provider, or specify your own servers in the VPN config. I can remember a discussion pertaining to the old version 1 DNSCrypt proxy app for macOS, and they were clear about not using DNSCrypt when on VPN.