Re: iwd: Using iwd to connect to a wireless network (Part 2 - DNS managers)

To: debian-user mailing list <debian-user@lists.debian.org>
Subject: Re: iwd: Using iwd to connect to a wireless network (Part 2 - DNS managers)
From: Stella Ashburne <rewefie@gmx.com>
Date: Thu, 30 Sep 2021 16:06:09 +0200
Message-id: <[🔎] trinity-eb491edb-c41f-44ad-8c1b-34718c5bac7d-1633010769318@3c-app-mailcom-bs04>
In-reply-to: <[🔎] E1mVwU2-0004kb-Ka@enotuniq.net>
References: <[🔎] trinity-de3d8b23-7025-4e21-9738-d2eacd5db57c-1632922778512@3c-app-mailcom-bs08> <[🔎] sm0sfxmdzua.fsf@lakka.kapsi.fi> <[🔎] E1mVv3I-0004gI-2W@enotuniq.net> <[🔎] trinity-ad479221-8433-4084-8cde-2819a8537908-1633009287005@3c-app-mailcom-bs04> <[🔎] E1mVwU2-0004kb-Ka@enotuniq.net>

Hi Reco

Thanks for sharing your experience with me.

> Sent: Thursday, September 30, 2021 at 9:52 PM
> From: "Reco" <recoverym4n@enotuniq.net>
> To: debian-user@lists.debian.org
> Subject: Re: iwd: Using iwd to connect to a wireless network (Part 2 - DNS managers)
>
>
> The limitation of update-resolv-conf in its current (as of bullseye)
> form is that it does nothing to the list of the resolvers that are
> configured already before the openvpn handshake. Which could lead to DNS
> leaks, which are considered a bad thing by some.
>
I see. Thanks for your explanation.

The following describes what I've been doing when I used the installer since Debian Jessie:

1. Plug the LAN cable out from its RJ45 port
2. Click "No" when asked if I wish to have auto networking configuration enabled
3. Input my IP address, netmask, default gateway and the IP addresses of my preferred DNS resolvers (my preferred DNS resolvers are hosted/managed by privacy-conscious folks all over the world; none of them are from my country, which is part of the Five-Eyes Alliance.)

Based on the above description, do you think that update-resolv-conf in Bullseye will leak the IP addresses of my ISP's DNS resolvers?

> Back in the day I solved that problem by using a custom dnsmasq config
> and a handful of netfilter rules, these days I just use network namespaces.
>
Would you like to show me how to use network namespaces to solve the problems when using update-resolv-conf?

Reply to:

Follow-Ups:
- Re: iwd: Using iwd to connect to a wireless network (Part 2 - DNS managers)
  - From: Reco <recoverym4n@enotuniq.net>

References:
- iwd: Using iwd to connect to a wireless network (Part 2 - DNS managers)
  - From: Stella Ashburne <rewefie@gmx.com>
- Re: iwd: Using iwd to connect to a wireless network (Part 2 - DNS managers)
  - From: Anssi Saari <as@sci.fi>
- Re: iwd: Using iwd to connect to a wireless network (Part 2 - DNS managers)
  - From: Reco <recoverym4n@enotuniq.net>
- Re: iwd: Using iwd to connect to a wireless network (Part 2 - DNS managers)
  - From: Stella Ashburne <rewefie@gmx.com>
- Re: iwd: Using iwd to connect to a wireless network (Part 2 - DNS managers)
  - From: Reco <recoverym4n@enotuniq.net>

Prev by Date: Re: iwd: Using iwd to connect to a wireless network (Part 1 - Connection status show OK but unable to surf the net)
Next by Date: Re: iwd: Using iwd to connect to a wireless network (Part 1 - Connection status show OK but unable to surf the net)
Previous by thread: Re: iwd: Using iwd to connect to a wireless network (Part 2 - DNS managers)
Next by thread: Re: iwd: Using iwd to connect to a wireless network (Part 2 - DNS managers)
Index(es):
- Date
- Thread