VPN with public dns?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

VPN with public dns?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
36 Reply
Re:VPN with public dns?
2022-09-23 01:12:23

Dear @btx,

 

btx wrote

@Fae 

please fix this one too:

The following sensitive language has been used which goes against the rules of the Community: "𝐡𝐞/𝐬𝐡𝐞". Please enter again.

 

Thank you for your valued feedback. It's fixed now.

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  2  
  2  
#32
Options
Re:VPN with public dns?
2022-09-27 10:42:18

As a follow-up to this post:

I just noticed that the router is also using Google-DNS - even without an active VPN and without any Google-config on the WAN-port (see attached images).

The first image shows the IP-statistics between Google-DNS and the TP-link router.

The second image shows the WAN-settings of the TP-link router.

 

Is there anything I can do to prevent this from happening?

Alternatively: would it work to block all outgoing DNS traffic with destination 8.8.8.8?

 

Cheers - Will

 

=====

 

*** making it run like clockwork ***
  0  
  0  
#33
Options
Re:VPN with public dns?
2022-09-27 11:06:51 - last edited 2022-10-13 10:10:01

EDIT

  0  
  0  
#34
Options
Re:VPN with public dns?
2022-09-27 14:59:33

  @ITV I would think you could create a stub LAN subnet (ie dummy subnet that goes nowhere, except maybe some unused port on the ER605) on the router for 8.0.0.0/8, router IP being 8.0.0.1 and that should blackhole any Google DNS traffic.  I don't think any Policy Route should be required, but you'll know soon enough in your PCAP.

<< Paying it forward, one juicy problem at a time... >>
  0  
  0  
#35
Options
Re:VPN with public dns?
2022-09-27 20:23:42

Thank you all for the feedback.


I took the easy way out by adding a rule which denies all DNS traffic to the Google DNS-services.

This was easy because the TP-link router ACL's work with an "implicit allow" (versus "implicit deny" like most other vendors).

 

*** making it run like clockwork ***
  0  
  0  
#36
Options
Re:VPN with public dns?
2022-10-24 17:36:08

Team Tp-link-support:

Just read the release notes of the new controller version (i.e. 5.6.3) - in particular the section called "VPN optimization":

Does this mean that this issue is fixed when the new gateway firmware is also made available?

 

Cheers - Will

 

*** making it run like clockwork ***
  1  
  1  
#37
Options
Related Articles