1 (edited by mailman 2017-05-03 17:47:16)

Topic: DNS leak in proxy mode

Hi there!
First, thanks for this browser, great idea!

I'm concerned with some DNS leaks while using the proxy mode. It seems that while the browsed url and all the material that comes along whtih (js, css, img etc.) are well fetched via proxy, some prefetch occurs for urls within the web page.
Please see this packet capture:
dump with DNS leak
It shows DNS request to my ISP while browsing to yahoo.fr with EPIC proxy enabled.
This is a common behavior of chromium. One may be able to disable prefetch or even any DNS requests, ensuring its privacity but it must be with command line flags (eg --host-resolver-rules).

It would be nice:

  • to automatically force "no prefetch" or "no DNS requests" when proxy is activated

  • or to have a GUI option for that (no need to restart the browser)

  • or at least to warn the user about this DNS leak

Any thoughts on this?

Re: DNS leak in proxy mode

There should not be any prefetching or DNS leaks when Epic's proxy is on.  The only DNS resolution you should see is for the proxy server itself.   If the proxy fails, it should be a failed request, it should use your host's DNS server or anything else. 

It's like a DNS request for the proxy server e.g. it will ping one of our domains to get the IP address of a proxy server. 

If you have any other details (i.e. OS type, etc.) do let us know & we'll double-check this.

Re: DNS leak in proxy mode

Thanks for your reply.

I'm using Windows version of Epic (55.0.2661.75 build) and this what let me ask you about any DNS leak.

  • Step to reproduce:

    1. try turn off any other programms that may issue DNS requests

    2. turn on epic browser, proxy mode

    3. start capturing packets with your favourite sniffer (I used tcpdump, UDP traffic, port 53)

    4. browse to some site (www.yahoo.fr in my test)

  • Expected result
    The only possible DNS request should be about epic proxy

  • Observed result (only first requests, actually there is a bunch of them)
    dump with DNS leak

    1. DNS requests releted to epic occur first, as expected

    2. No DNS request for the targeted hostname, as expected too

    3. a bunch of other DNS request, related to the visited web page

    The combination of points 2 and 3 let me think of a sort of DNS prefetch for the links on the page.

  • Other test

    Start Epic browser with the  --host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE *.epicbrowser.com" flag, as per Chromium doc (see the page about socks-proxy). This page expose the case of a socks proxy but same principle applies to other proxy types too since we are just dealing with chrome behavior, not the proxy)

  • Result

    1. Only the epic proxy hostname shows in DNS requests

    2. no more possible browsing without proxymode (since the browser is unable to solve hostname

    This is the expected behavior with the "--host-resolver-rules" flag

I can't find the "disable prefetch" option in settings where it sits in plain chromium so I first assumed it may be disabled by default. I was just doing a check to be sure and was very surprised to see this leak.

Can you please either explain what I did wrong or how to deal with that.


Re: DNS leak in proxy mode

Any update about this issue?
I'm not sure why but forum reports 4 posts but only 3 are displayed. Is there a "hidden" reply. Perhaps someone has already answered but his post isn't shown?

Re: DNS leak in proxy mode

We've tested it and we've never had any DNS leaks in Epic with Epic's encrypted proxy on.  Not sure why those issues are coming up.

Re: DNS leak in proxy mode

I have just completed some DNS leak tests using your proxy and on each test it says that google is my ISP. Ok i know Google isn't my ISP but why would it say it is? I thought Google had broken all links with Epic or vise versa.

Re: DNS leak in proxy mode

It's Google DNS servers.  We'd like to use another DNS service but in testing they were the most reliable for our level of traffic and it's all via our proxy servers so it's close to impossible to track any individual via those requests hence no privacy issues.  That said, we'd like to operate our own DNS servers...if we keep growing with your support, we can in time :-).

Re: DNS leak in proxy mode

One possible source of DNS leaks is through plugins.  The sites mentioned didn't seem to be using a plugin like Flash...but plugins can definitely lead to DNS / IP leaks.  Try disabling plugins and see what DNS requests are made.