What's new

Cloudflare over DOT showing Singapore on DNS tests

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Luboknok

Regular Contributor
Using the DNS Privacy feature of Merlin my ac86u set to Cloudflare servers 1.1.1.1 and 1.0.0.1.

IPleaks reports both a Singapore IP and DNS address, I am in the USA. Otherwise the connection seems to work. Is this expected?

edit: tested on https://www.dnsleaktest.com/ and it reports the same IP but reports USA.
 
Using the DNS Privacy feature of Merlin my ac86u set to Cloudflare servers 1.1.1.1 and 1.0.0.1.

IPleaks reports both a Singapore IP and DNS address, I am in the USA. Otherwise the connection seems to work. Is this expected?
Cloudflare has been having problems in the USA.
 
my "USA" servers are reporting properly.

Using the DNS Privacy feature of Merlin my ac86u set to Cloudflare servers 1.1.1.1 and 1.0.0.1.

IPleaks reports both a Singapore IP and DNS address, I am in the USA. Otherwise the connection seems to work. Is this expected?

edit: tested on https://www.dnsleaktest.com/ and it reports the same IP but reports USA.
are you sure your browser hasn't hijacked your DNS traffic?
 
my "USA" servers are reporting properly.


are you sure your browser hasn't hijacked your DNS traffic?

Yes, even a sandboxed fresh profile firefox reports Singapore.

upload_2020-1-1_19-9-20.png


dnsleaktest.com shows USA

upload_2020-1-1_19-10-34.png


Strange
 
It turns out it's the VPNs DNS showing Singapore, even when DNS Privacy is activated with Cloudflare. I thought DNS Privacy would override pushed DNS. If not, what's the point?
 
It turns out it's the VPNs DNS showing Singapore, even when DNS Privacy is activated with Cloudflare. I thought DNS Privacy would override pushed DNS. If not, what's the point?

you can override VPN dns by nat rules.

Code:
iptables -t nat -D PREROUTING -i tun_example -p udp ! --source 192.168.1.1 ! --destination 192.168.1.1 --dport 53 -j DNAT --to 192.168.1.1 2>/dev/null
iptables -t nat -D PREROUTING -i tun_example -p tcp ! --source 192.168.1.1 ! --destination 192.168.1.1 --dport 53 -j DNAT --to 192.168.1.1 2>/dev/null
iptables -t nat -A PREROUTING -i tun_example -p udp ! --source 192.168.1.1 ! --destination 192.168.1.1 --dport 53 -j DNAT --to 192.168.1.1
iptables -t nat -A PREROUTING -i tun_example -p tcp ! --source 192.168.1.1 ! --destination 192.168.1.1 --dport 53 -j DNAT --to 192.168.1.1

if you know which tun interface your vpn is using. you would replace tun_example with that.

or if you want to go by IP range of your vpn interface you can do it by that as well instead of doing it by interface.

there are alot of fun things you can do to control flow of traffic with nat rules.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top