Set dummy DNS if none are valid

This is a fix for DNS leaks when no DNS server has been configured due to an underlying OS bug. Lockdown mode ("Block connections without VPN") would also not help in this case. More information on this issue: https://issuetracker.google.com/issues/337961996
author: David Göransson <david.goransson@mullvad.net> 2024-05-06 14:58:43 +0200
committer: Albin <albin@mullvad.net> 2024-05-08 14:55:32 +0200
commit: e94535859f15ee855f499574037adff27b9e1cfa (patch)
tree: 14261219083f04315c75d7bada9d13210fe4bae8 /android/lib/talpid/src
parent: 64393a6c5b09738c7e5c70bd4bc40d63169618a6 (diff)
download: mullvadvpn-e94535859f15ee855f499574037adff27b9e1cfa.tar.xz
mullvadvpn-e94535859f15ee855f499574037adff27b9e1cfa.zip
1 files changed, 17 insertions, 0 deletions
diff --git a/android/lib/talpid/src/main/kotlin/net/mullvad/talpid/TalpidVpnService.kt b/android/lib/talpid/src/main/kotlin/net/mullvad/talpid/TalpidVpnService.kt
index 94b097fe13..76abde2a01 100644
--- a/android/lib/talpid/src/main/kotlin/net/mullvad/talpid/TalpidVpnService.kt
+++ b/android/lib/talpid/src/main/kotlin/net/mullvad/talpid/TalpidVpnService.kt
@@ -2,6 +2,7 @@ package net.mullvad.talpid
 
 import android.net.VpnService
 import android.os.ParcelFileDescriptor
+import android.util.Log
 import java.net.Inet4Address
 import java.net.Inet6Address
 import java.net.InetAddress
@@ -103,6 +104,18 @@ open class TalpidVpnService : VpnService() {
                     }
                 }
 
+                // Avoids creating a tunnel with no DNS servers or if all DNS servers was invalid,
+                // since apps then may leak DNS requests.
+                // https://issuetracker.google.com/issues/337961996
+                if (invalidDnsServerAddresses.size == config.dnsServers.size) {
+                    Log.w(
+                        "mullvad",
+                        "All DNS servers invalid or non set, using fallback DNS server to " +
+                            "minimize leaks, dnsServers.isEmpty(): ${config.dnsServers.isEmpty()}"
+                    )
+                    addDnsServer(FALLBACK_DUMMY_DNS_SERVER)
+                }
+
                 for (route in config.routes) {
                     addRoute(route.address, route.prefixLength.toInt())
                 }
@@ -148,4 +161,8 @@ open class TalpidVpnService : VpnService() {
     private external fun defaultTunConfig(): TunConfig
 
     private external fun waitForTunnelUp(tunFd: Int, isIpv6Enabled: Boolean)
+
+    companion object {
+        private const val FALLBACK_DUMMY_DNS_SERVER = "192.0.2.1"
+    }
 }
author	David Göransson <david.goransson@mullvad.net>	2024-05-06 14:58:43 +0200
committer	Albin <albin@mullvad.net>	2024-05-08 14:55:32 +0200
commit	e94535859f15ee855f499574037adff27b9e1cfa (patch)
tree	14261219083f04315c75d7bada9d13210fe4bae8 /android/lib/talpid/src
parent	64393a6c5b09738c7e5c70bd4bc40d63169618a6 (diff)
download	mullvadvpn-e94535859f15ee855f499574037adff27b9e1cfa.tar.xz mullvadvpn-e94535859f15ee855f499574037adff27b9e1cfa.zip