Firmware openwrt-ar750s-3.201-0402.tar, possible still same DNS leak or again

Once again. One old possible DNS leak from one (3.105 ?) version are now seen again:

Envirement:

Possible DNS Leak:

  • One external DNS test show as location of DNS server allway the same city like the location of router is. Thats dont change by change the endpoint country of VPN …

The possible DNS leak can seen by check the seen DNS server p.e. by follow check:

By the way:

  • I am wonder a little bit about the configuration menues of the firmware in this point. Use the DHCP offered DNS and p.e. the gl offered cloudflare at he same time ? From my point of view, it shoulb possible to deselect the “Use the DHCP offered DNS” if the user configure to use p.e. cloudflare or so on…

Where are we supposed to report bugs in these beta ?
My MV1000 is running beta 6 and it seems already even better than previous “stable”. But there are a few things that should be improved.

Since GL deleted his own bugtracer, its looks they are no public bugracker on a gl website. A they are on other security related websites bugracker about security bugs… It can be it will the best to add bugs and suggestions on the follow list.

I think it would help if were clearer on the versions. There is no FW 3.102B6 and there never was FW 3.2. There is now the released FW 3.201, which is the B6 snapshot from April 2.

I mean the follow firmware:

The possible DNS leak can checked and seen p.e. by follow check:

Does it any news about the possible DNS leak ?

I fixed it for me temporary, by replacing the travel router by a DNS client and VPN software which don’t need additional hardware…

Using the router again, would be great too :wink:

Hi,

Could you give more details? Do you have any specific setting?

Possible DNS Leak:

  • One external DNS test show as location of DNS server allway the same city like the location of router is. Thats dont change by change the endpoint country of VPN …

The possible DNS leak can seen by check the seen DNS server p.e. by follow check:

By the way:

  • I am wonder a little bit about the configuration menues of the firmware in this point. Use the DHCP offered DNS and p.e. the gl offered cloudflare at he same time ? From my point of view, it shoulb possible to deselect the “Use the DHCP offered DNS” if the user configure to use p.e. cloudflare or so on…

What do you need for additional information ?

可能的DNS泄漏。

  • 一个外部DNS测试显示DNS服务器的位置一直是同一个城市,就像路由器的位置。这不改变通过改变VPN的端点国家…

通过检查所看到的DNS服务器,可以看到可能的DNS泄漏,即通过以下检查。

顺便说一下。

  • 我想知道一点关于固件的配置菜单 在这一点上. Use the DHCP offered DNS and p.e. the gl offered cloudflare at he same time ? From my point of view, it shoulb possible to deselect the “Use the DHCP offered DNS” if the user configure to use p.e. cloudflare or so on…

你还需要什么信息?

通过www.DeepL.com/Translator(免费版)翻译

If you use cloudflare etc. it will not use the dns offered by dhcp.

for vpn and dns, does your vpn has DNS push settings?

Wow. Did the new firmware really released with known DNS leak ?
What the benefit of like this ?

I am using Nordvpn, AR750S with 3.201 firmware. Checked and I don’t have dns leak.

After testing one time again now, with the actual Beta 3.201 2021-04-23, I replaced the firmware from all systems by the non DNS leaking released one openwrt 3.105.tar

By the way. The Beta 3.201 2021-04-23 have all some hours breaks in internet connection by ethernet cnnected clients (no wifi connected clients er tested). Thats are the 2nd no go for me. by the way, one other user reported on forum about breaks on his wifi connection all 30 minutes or so on…

Now I am out some days and stopp endlos testing… I am not a gl fulltime stuff or a gl shareholder… It can be I will check some times about they are statements about starting to fix the near endless list of bugs or doing some of suggested improvements…

Any news about fixing DNS leak on GL firmware newer than 3.105 ?

The Firmware 3.105 is the last one known without DNS leak on GL AR300, AR750 and AR750S.

Remark:
I added the test result of AR300 and AR750 to the first post now.

Thanks for your time testing the firmware.

But can you give details of the dns leak? e.g. what settings did you make, what vpn you are using, and other details I don’t know. Or did you use reserved settings from old firmware?

As I said, I tested 3.201 and I didn’t observe these leaks. There is no way to fix it if the problem cannot be replicated.

You can send me private message/email if you want.

For your info:
AR300M, FW 3,201
No DNS leak detected, using VPN (mainly Wireguard) and “override DNS settings for all clients”.

I use only Open VPN.
Now I added this to the first post now.

Open VPN works fine up to GL Firmware 3.105 on AR 300, AR 750 and AR750S. GL Firmware are not possible to use (at minimum for protonvpn) for AR 300, AR 750 and AR750S depend on DNS leak.

I think your leak is a DNS cache or browser cache issue. I cannot replicate it.

I can reproduce it and I reproduced it on a hand of different own environments and from others who use gl router. So I think it should not be released so long it have buggs on this level.

  • Firmware up to incl. 3.105 dont have a DNS leak
  • Firmware 3.201 have a DNS leak

I tested 3.201 and there is no DNS leak