stubby icon indicating copy to clipboard operation
stubby copied to clipboard
verified publisher icon getdnsapi

Computer is still using ISP's DNS service after setting up Stubby (likely has to do with my connection management program)

Open tristanbay opened this issue 3 years ago • 3 comments

I installed Stubby, as well as the required init script for my init system (OpenRC), and then modified my etc/stubby/stubby.yml file to change the DNS servers I'm using, as well as a couple other related settings. After starting the Stubby service, running stubby -i, restarting the service, refreshing a tab in my browser, and then running a DNS leak test in that browser tab, it still says that I'm using my ISP's DNS servers.

I think it may have to do with the fact that I'm handling my network connections with ConnMan, and I think that it uses a proxy to direct DNS queries sent to 127.0.0.1 and 0::1 to use the DNS server(s) of whatever router I'm connected to, and I think it locally caches the results of each query if the proxy is turned on.

What may be happening is that ConnMan is directing the queries before they reach Stubby, so Stubby won't be able to direct them to the DNS servers that I set instead. I've also tried turning this proxy off by modifying ConnMan's init script so that it'll start with the proxy disabled, but instead of automatically overwriting my etc/resolv.conf file to 127.0.0.1 and 0::1, it overwrites it to some of the addresses of my ISP's DNS servers, which then means that the queries don't even touch the local addresses that Stubby listens to.

So how do I get ConnMan to play nicely with Stubby?

tristanbay avatar May 08 '22 01:05 tristanbay

I'm sorry I don't have any experience with ConnMan but a quick read up indicates it is a very low level integration with the OS that may be difficult to bypass

@wtoorop do you know anything more about ConnMan/OpenRC?

saradickinson avatar May 11 '22 11:05 saradickinson

@wtoorop do you know anything more about ConnMan/OpenRC?

Not yet, but I'm willing to setup a vm with it and have a look. I find arch linux convenient for such things b.t.w., they have excellent documentation on all the different ways to configure your linux. See: https://wiki.archlinux.org/title/ConnMan Maybe @Philip-NLnetLabs can work with me on this. I have only time after RIPE84 b.t.w.

wtoorop avatar May 12 '22 07:05 wtoorop

ConnMan seems to have an option to disable the local proxy, see the section titled "Avoiding conflicts with local DNS server"

I have no experience with OpenRC or ConnMan

Philip-NLnetLabs avatar May 12 '22 10:05 Philip-NLnetLabs

I'm closing this issue as no further updates in over 6 months but I'm going to mark is as a known issue because it wasn't resolved.

saradickinson avatar Jan 10 '23 14:01 saradickinson