You are not logged in.
I keep getting DNS servers I don't want to use reported on DNS Leaks sites.
resolv.conf
# Generated by NetworkManager
nameserver 9.9.9.9
nameserver 149.112.112.112
https://www.dnsleaktest.com/results.html
IP Hostname ISP Country
108.162.220.204 None iCloud Private Relay Dallas, United States
108.162.220.209 None iCloud Private Relay Dallas, United States
108.162.220.210 None iCloud Private Relay Dallas, United States
108.162.220.55 None iCloud Private Relay Dallas, United States
https://www.expressvpn.com/dns-leak-test
IP address Provider Country
172.69.65.23 Cloudflare United States
108.162.220.62 Cloudflare United States
108.162.220.63 Cloudflare United States
I don't want to use cloudeflare dns. I've tried everything.
systemd-resolved - too many configuration files
resolvconf - still reported cloudflare
NetworkManager - used the GUI to set the DNS and still reporting cloudflare
Pretty frustrated here, people. Not sure what else to do.
I also welcome an explanation as to why all these scripts are even necessary. Back in the day, I could just edit resolv.conf and bam, that was it. I don't even know wtf is going on anymore.
systemd critics, I am all ears and starting to warm up to this view
I set dnsmasq on my openwrt router and my Android TV picks up the correct servers without issue.
Still, can't fault systemd too much here since I ran:
sudo systemctl disable systemd-networkd
sudo systemctl disable systemd-resolved
installed NetworkManager and changed the DNS servers from he GUI as mentioned earlier.
And I still get those servers reported on leak sites.
Pleas help me!
Last edited by burnt_toast (2021-09-05 20:39:26)
Offline
What is it you want to achieve? Why do you not want to use cloudflare servers?
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
What I want: Only to use Quad9 DNS
Why not Cloudflare: Because I don't trust them
Offline
AFAIK, specifying the quad9 addresses as you have is all it takes. Typically, I specify the DNS entries in my router, all my devices use DHCP so the router server that up to them.
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
Well, you'd think, but as I mentioned in the original post, that is not working.
Offline
Perhaps quad9 is using cloudflare upstream? IDK.
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
I appreciate you taking the time to work through this with me, but honestly, I don't think that's the case.
For one thing, I configured the quad9 dns on dnsmasq on my openwrt router. So when I did a dns leak from the chrome browser on my Android TV, it correctly showed only the quad9 servers. You'll have to take my word on this, it's a bit of a pain, but if you insist on verification, I could probably figure something out with adb or even take a photo with my phone and upload it somewhere.
Furthermore, I've done a whois on the quad9 servers and doesn't report anything by cloudflare.
By "upstream" I take it you mean when they query an authoritative server. I wasn't able to find who they connect to for authoritative servers. I did find that they were owned by IBM so maybe I need to reconsider who I use for dns.
In any case, I', pretty sure the problem is Arch specific. I have another computer with arch on it and I get the same problem. I'm really not sure. I have a strange configuration because I have several routers that I use for experimentation. But all my arch machines do the same thing regardless of the router and as far as I can tell, they've all been configured the same way.
Last edited by burnt_toast (2021-09-05 17:54:42)
Offline
In any case, I', pretty sure the problem is Arch specific. I have another computer with arch on it and I get the same problem.
If I run 'traceroute 9.9.9.9' on my Arch box, I get the same output as I get when I run it on my openwrt router.
Last edited by graysky (2021-09-05 18:05:47)
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
Well, it sure is a big mystery.
In fact, they advertise privacy but hosted on IBM, idk.
Offline
I've experimented a bit and if I set 9.9.9.9 in resolv.conf , both tests show 74.63.25.238 (Woodynet Amsterdam) as server .
Searching for 9.9.9.9 lead me to https://www.techradar.com/reviews/quad9-dns
Like most public DNS services, Quad9 uses anycast traffic routing to send requests from your computers to its nearest servers. The service has servers in more than 145 locations across 88 countries,
Could it be that those other ip-addresses are from servers in the quad9 network ?
Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.
clean chroot building not flexible enough ?
Try clean chroot manager by graysky
Offline
That's a really good question.
Notice, the two dns leak tests show different providers/ISP. One says cloudflare and the other says iCloud Private relay.
Also, different IP's but I did run a whois on one and it definitely was Cloudflare. I figure they're all on the same network.
It also just dawned on me that I should've probably not posted that output from the dns leak tests. ngl, kinda embarrassed.
But since Quad9 is owned by IBM, I was planning on switching them anyway and maybe even installing dnscrypt. oh boy, fun times!
Offline
You're exclusively relying on some browser test?
Reproducible w/ a different browser?
dig archlinux.org
drill archlinux.org
nslookup archlinux.org
Offline
All those tools consistently show the quad9 servers.
So, begs the question, what are those sites reporting? Are those the authoritative servers, and if so, why doesn't quad9 protect that information from getting out? I'm a bit confused honestly.
Offline
The browser might start it's own dns journey and ignore the system config, so:
Reproducible w/ a different browser?
If you're not using it already, try chromium, because I guess it won't resort to cloudflare ;-)
Offline
That was it!
I ran it on a different browser and it showed the quad9 servers.
Furthermore, I was able to change the default dns for firefox by following this documentation:
https://newbedev.com/switch-firefox-to- … -host-file
Is there a solved button I should punch?
Last edited by burnt_toast (2021-09-05 20:19:58)
Offline
Nope, you've to edit the first post. You can then alter the subject of thre thread to mark it [solved]
Offline
Is there a solved button I should punch?
Offline
Just wanted to lastly say thanks everyone!
Offline
Perhaps quad9 is using cloudflare upstream? IDK.
Absolutely not. The entire point of Quad9 is to give users a non-monetizing alternative.
Happy to answer any questions about Quad9 generally.
Relative to this particular situation, any time someone's hijacking your queries (this time it sounds like it was Firefox, but under other circumstances it could have been OP's ISP) it's probably time to switch to DoT and start authenticating the server. Here's a tutorial:
https://medium.com/nlnetlabs/privacy-us … f2d2b687c5
I've experimented a bit and if I set 9.9.9.9 in resolv.conf , both tests show 74.63.25.238 (Woodynet Amsterdam) as server .
Could it be that those other ip-addresses are from servers in the quad9 network ?
WoodyNet is a transit provider for Quad9, yes. The IP addresses OP quoted are all Cloudflare, though, which is definitely not a transit provider for Quad9.
...since Quad9 is owned by IBM...
Also absolutely not the case. Quad9 is a Swiss public-benefit foundation. The public owns it. You own it.
Anyway, glad you worked out what was hijacking your queries.
-Bill
Offline
bwoodcock,
Thank you for the clarification.
Sometimes we get into things and just want to get the post up there and sacrifice a bit of articulation and nuance.
So yes, you are correct, IBM does not own Quad9 as Quad9 is a non profit organization according to wikipedia.
However, IBM (among others) did found Quad9.
Please forgive my ignorance here, IBM is in the cloud game. Are DNS servers generally hosted on cloud providers like AWS, Cloudflare, or in this case, IBM cloud?
If so, would not that present a conflict of interest or even a potential external influence that runs against the core philosophy.
A lot of these so called privacy and anonymity services are turning out to be frauds i.e. the VPN ecosystem and most recently, protonmail.
Can Quad9 confidently say that, for example, they will not divulge information to law or more to the point, can they confidently say that IBM will not if it turns out that they are relying on IBM for hosting or some other infrastructure?
Offline