the problem identified with a dns leak test is that while your actual tunnel to
http://www.myprivatesite.com is all encrypted inside the tunnel,
the lookups for
http://www.myprivatesite.com are all being forwarded directly to the ip address in your resolv.conf.
now if your dhcp router is setting the resolv.conf entry to say 192.168.1.1 ie a dns proxy, it then passes that lookup directly to your isp assigned
dns resolver, ie the dns server that you will find if you google say tiscalli dns servers, for example, if that was your isp.
so someone like G*H* or whoeever who is looking at what you are doing on the internet wont just look at port 80 and 443, they will look at all ports, and even though your desktop is forwarding all that "myprivatesite" traffic so whats contained in that site cant be seen, it does not stop all the dns requests
going to your isp's dns servers.
so how do you avoid this.
well some vpn providers will give you a dns server ip that is routable via there vpn, and you should update your dns settings to use that.
or just set your dns to 8.8.8.8, as that will also more than likely be routable via the vpn.
to hard set your dns and override dhcp , you need to edit the /etc/sysconfig/network-scripts/ifcfg-NICADAPTERNAME and add
PEERDNS=no
then edit /etc/resolv.conf and make sure nameserver is set to 8.8.8.8 instead of 192.168.1.1 or your isps dns server
and then restart your network or computer.
before you star privatebrowsing check with
traceroute 8.8.8.8 and see that its going down tun0
the benefit of googles dns 8.8.8.8 is that its also useable when you are not privatebrowsing, im not sure if your vpn provided dns is
regards peter