@rjschilt Yes, plenty connections.
@markadewet and any DNS traffic from clients bypassing IPF?
@rjschilt There is only ONE client on my network, me and my query is NOT about bypassing IPFire, it is about Imgur images and website not working correctly since they stopped allowing it in the U.K., so I think we are getting off-track here.
No probs @markadewet and good luck getting this one resolved.
1 Like
@rjschilt Thank you. I am still waiting on my ISP to provide feedback on how international traffic is routed, I suspect that somewhere along the line it is going through a U.K. server, in my case at least.
@markadewet analysing captured traffic using wireshark while running browserleaks.com test should reveal the source of DNS queries going to Tomx.
You seem convinced that there are no DNS leaks on your machine. I’m not so sure.
@rjschilt OK, I am confused. What exactly is a DNS leak?
@markadewet for a formal definition you can look that up yourself. In your situation browserleaks.com test is showing us DNS resolvers (Tomx) other than the ones you have defined in IPF DNS. This suggests to me that outbound DNS requests (port 53 and 853) are reaching Tomx direct from your machine. Assuming you have firewall rules in place to force all DNS traffic to go via IPF then this in my books is a leak.
I’m unsure about your Imgur issue and have not thought much about this but I’m surely curious why browserleaks.com is showing us resolvers not defined in IPF DNS.
Hopefully I’m not too far off centre here.
@rjschilt your link is malware! It redirects to other, nefarious sites. Typing it in manually does the same thing, so I don’t know what you are trying to reference with that link, however, it is NOT working.
Here is another DNS tool, from GRC.com. It is a DNS Spoofability Test, so not exactly what browserleaks.com does, but part of the Spoofability test is to rigorously test your system for what DNS servers it uses.
Link: https://www.grc.com/dns/dns.htm
Have you tried disabling all of your DNS servers, then enable one at a time and re-run the DNS Leak Test to see if it yields the source of xTom?
1 Like
Apologies @markadewet I mistyped the URL you used earlier in this topic. Was meant to be browserleaks.com (I missed an “s”).
None of my suggestions seem to be helping you so best i keep quiet. Let’s see if others here have better luck.
Sorry guys my bad - I corrected the URL (missed an “s”) in previous post.
2 Likes
Why I’m saying the DNS leak tool must be taken with a grain of salt. or allot of salt.
the force clients to use IPfire DNS is a MIT attack. It is a redirect NAT rule.
If a device on you net work asks for DNS from x.x.x.x It will send it to IPfire and
IPfire will use its own DNS (the ones you have configured..
so any tool used Say on green will think it reached x.x.x.x
Undound is using DNS over TLS on the WAN side.
And clients use standard DNS over port 53.
I don’t think your problem is with DNS .
Your browser is getting a response just not the one you want.
@rjschilt Oh OK, fair enough. That’s the website I use to test my DNS
OK, small update. I found the DNS Sever that was using those xTOM servers, it was an adguard DNS server. I have now removed it from my DNS list, however, there is no change to my issue, I still cannot view any Imgur embedded images of get to the login page. I have also run a DNS leak test and I get one DNS server that apparently Is found. According to the test result it means that that one DNS server COULD potentially store my data and everything I look up. If that is the definition of a DNS leak, then I guess the only wy to avoid it is to disconnect from the internet completely, which I am obviously NOT going to do. Also, these “test” sites all seem to want to push you to buy a VPN solution, something I am also NOT interested in doing, as it is simply another layer of complexity, in my opinion. I am simply just going to wait until I hear back from my ISP, although I am strongly suspecting that somewhere along the line, international traffic is in fact being directed through the U.K., at least in my case and there is nothing I can do about it. So I am going to mark this post a a solution.
I don’t think so.
- As I showed earlier,
xTom offers free public DNS resolvers at DNS.SB.
xTom - Domain Name System - Adguard DNS - you can find connections to Datacamp Limited
154.47.30.251 IP Address Details - IPinfo.io
https://www.reddit.com/r/Adguard/comments/qo5fcu/is_adguard_connected_to_datacamp_limited/?utm_source=chatgpt.com
https://www.reddit.com/r/Adguard/comments/1lcj4qu/datacamp_limited/
Other useful information
encrypted DNS server addresses, like DoT or DoH, are most often written as domain names. In this case, to first resolve the encrypted DNS server address, AdGuard sends a DNS query to the bootstrap address, which is by default a system DNS server. This connection is what check services perceive as a leak.
Regards
“I don’t think so.”
@tphz In MY specific case, on MY specific IPFire box, in MY specific DNS server list, it WAS so. End of story.
Could you test which IP address you get from each of the listed DNS server at your position?
Probably you get different IP addresses from UK and European DNS servers than from the South Africa DNS server? This happens often with distributed Cloud services.
I want to thank everyone for all their suggestions, however, it seems this is one of those issues that cannot be resolved as it only affects some people here in South Africa. As such, I am giving up on trying to resolve this and will simply find another online image hoster.