Blocked site -
Bob Goodwin - Zuni, Virginia, USA
bobgoodwin at wildblue.net
Sat Oct 20 12:16:52 UTC 2012
On 20/10/12 05:20, Tim wrote:
> On Sat, 2012-10-20 at 04:08 -0400, Bob Goodwin - Zuni, Virginia, USA
> wrote:
>> > Ok, this is what I see. What is it telling me?
>> >
>> > We detected the 2 DNS servers listed below.
>> >
>> > WARNING: If you are connected to an anonymity/privacy service and
>> > ANY of the servers listed below are from your ISP then your DNS is
>> > leaking. (You should be able to recognize them based on the hostname
>> > and location).
>> >
>> > IP: 184.63.128.68
>> > Hostname: 184.63.128.68
>> > ISP: Wildblue Communications
>> > Country: United States
>> >
>> > IP: 184.63.128.69
>> > Hostname: 184.63.128.69
>> > ISP: Wildblue Communications
>> > Country: United States
>> >
>> > DNS should be set for opendns 208.67.220.220 and 222. The dns address
>> > they provided me six years ago is 12.189.32.61. I don't see either
>> > here, just a Wildblue address,different from the one my router thinks
>> > it is connected to [WAN IP: 184.20.151.17].
> Going from what I read of their site, that means that they've figured
> out the DNS servers you're getting answers from are the ones listed
> above, not the ones that you're hoping to use. Therefore, your ISP is
> acting as a transparent proxy, intercepting all your DNS requests and
> answering them, themselves, no matter what you do.
>
> In my case, it comes back with my public IP address. Which, kind of,
> makes sense. I run my own DNS servers, on my LAN, which is behind a
> router doing NAT.
>
> I'd like to know how they're doing their discovery.
>
> I can understand why ISPs might do proxying, though I don't think it's a
> brilliant idea (likewise with HTTP proxying). There's customers that
> badly configure their computers, so intercepting is a simplistic way to
> work around that. Some ISPs might try protecting their users from
> malicious content on the internet, though they could do that with their
> own servers without proxying, allowing you to make your own mind up to
> use their censored servers or your own choice of servers. And some ISPs
> are obligated to censor children's access, again they could do that
> other ways.
>
>
>
>
I was afraid that's what it meant and that explains some of the odd
results I've been seeing when changing my dns settings. It also means
that I am not getting the services I paid Opendns for which raises a
question of ethics. Should Opendns have known that a particular ISP
operates this way? Wildblue/Viasat is a major ISP!
Wildblue shut down their mail servers several years ago and routed
e-mail through Google, we are actually on gmail.com servers for e-mail
and I wonder if the dns service did not become what it is at that time?
I will inquire of Opendns about this. Perhaps they can offer a solution
... I am pretty well tied to my ISP since it is the only reasonably fast
service available here in this rural area, we don't even have cable TV.
There is dial-up but no DSL.
At dnsleaktest.com they describe a packaged solution for Windows VPN:
3 basic steps to fix the problem;
1. Before connecting to the VPN, set static IP address properties
if you are using DHCP
2. After connecting, remove DNS settings for the primary interface
3. After disconnecting, switch back to DHCP if neccessary or
reapply original static DNS servers
Which leaves wondering if there's a Linux solution available for my
non-VPN system?
Thanks,
Bob
--
http://www.qrz.com/db/W2BOD box9
More information about the users
mailing list