Cloudflare over DOT showing Singapore on DNS tests

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Luboknok

Regular Contributor
Using the DNS Privacy feature of Merlin my ac86u set to Cloudflare servers 1.1.1.1 and 1.0.0.1.

IPleaks reports both a Singapore IP and DNS address, I am in the USA. Otherwise the connection seems to work. Is this expected?

edit: tested on https://www.dnsleaktest.com/ and it reports the same IP but reports USA.
 

skeal

Part of the Furniture
Using the DNS Privacy feature of Merlin my ac86u set to Cloudflare servers 1.1.1.1 and 1.0.0.1.

IPleaks reports both a Singapore IP and DNS address, I am in the USA. Otherwise the connection seems to work. Is this expected?
Cloudflare has been having problems in the USA.
 

SomeWhereOverTheRainBow

Very Senior Member
my "USA" servers are reporting properly.

Using the DNS Privacy feature of Merlin my ac86u set to Cloudflare servers 1.1.1.1 and 1.0.0.1.

IPleaks reports both a Singapore IP and DNS address, I am in the USA. Otherwise the connection seems to work. Is this expected?

edit: tested on https://www.dnsleaktest.com/ and it reports the same IP but reports USA.
are you sure your browser hasn't hijacked your DNS traffic?
 

Luboknok

Regular Contributor
It turns out it's the VPNs DNS showing Singapore, even when DNS Privacy is activated with Cloudflare. I thought DNS Privacy would override pushed DNS. If not, what's the point?
 

Swistheater

Very Senior Member
It turns out it's the VPNs DNS showing Singapore, even when DNS Privacy is activated with Cloudflare. I thought DNS Privacy would override pushed DNS. If not, what's the point?
you can override VPN dns by nat rules.

Code:
iptables -t nat -D PREROUTING -i tun_example -p udp ! --source 192.168.1.1 ! --destination 192.168.1.1 --dport 53 -j DNAT --to 192.168.1.1 2>/dev/null
iptables -t nat -D PREROUTING -i tun_example -p tcp ! --source 192.168.1.1 ! --destination 192.168.1.1 --dport 53 -j DNAT --to 192.168.1.1 2>/dev/null
iptables -t nat -A PREROUTING -i tun_example -p udp ! --source 192.168.1.1 ! --destination 192.168.1.1 --dport 53 -j DNAT --to 192.168.1.1
iptables -t nat -A PREROUTING -i tun_example -p tcp ! --source 192.168.1.1 ! --destination 192.168.1.1 --dport 53 -j DNAT --to 192.168.1.1
if you know which tun interface your vpn is using. you would replace tun_example with that.

or if you want to go by IP range of your vpn interface you can do it by that as well instead of doing it by interface.

there are alot of fun things you can do to control flow of traffic with nat rules.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top