New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DNS leak out-of-the-box #67
Comments
Just realised that the current configuration was done deliberately as part of this commit last month. Apologies for not finding this before opening the issue! Should this change be reconsidered? It's inconsistent with what people would expect when using Nord VPN: I'm also concerned that people will pull the latest Instead, the documentation could explain how to enable resolution of other containers. If the current configuration is deemed preferable, can the documentation be updated so that the example Docker Compose YAML includes the |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Please don't close. I believe it still needs thought and attention when the author has the time available. |
I stumbled on this as I was attempting to switch from the old docker to the new one, and indeed, and I was expecting the DNS queries to go through NordVPN rather than through my own ISP! What exactly are these DNS servers? |
+1 for at least documentation update |
happy to accept MR with a documentation update |
The problem
I'm slightly out of my comfort zone on this one, but I think that this Docker image is leaking DNS queries out-of-the-box compared to the older
bubuntux/nordvpn
image.Evidence
I had been trying to move from
bubuntux/nordvpn
tobubuntux/nordlynx
, was successfully gaining a working connection with an IP address in the country of my choosing, but was still getting geo-blocked by the service I was trying to use. Connecting to the same end point using the olderbubuntux/nordvpn
image didn't give this problem.I tried the following two commands from both
bubuntux/nordlynx
andbubuntux/nordvpn
after changing my Docker Compose file to ensure each was connected to the same end point:These echo the IP address detected by the server and also the headers from the HTTP request (though I couldn't imagine how a VPN would change the latter) . I could see no difference between the output of the two running containers, so was mystified why I could connect successfully without geo-blocking from
bubuntux/nordvpn
but not frombubuntux/nordlynx
.I eventually reasoned that the host I'm actually trying to connect to is probably using a Content Distribution Network (CDN) and is resolving the target hostname into an IP address that's located close to my real location using my ISP's DNS servers, which would be enough for the service I'm trying to use to say "aha - you're not allowed in!".
I configured Nord VPN's DNS servers using the following addition to the
environment
section of my Docker Compose file:Upon doing this, I could connect to the target host successfully again.
Proposal
Assuming my evidence / theory isn't flawed, I propose that the default value for the
DNS
environment variable should be as above, so that somebody doesn't receive a DNS leak out of the box but can still choose to override their DNS servers when required.The text was updated successfully, but these errors were encountered: