What's new

[solved] DNS Leak with VPN Client

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Spaghetti_Jack

Occasional Visitor
at
i have constant DNS leak while using VPN Client,

what i set up wrong?

printscreens:
- VPN Client
- WAN internet Connection
- LAN DHCP server

dnsleak.png



dnsleak2.png


dnsleak3.png
 
Last edited:
Change your Accept Dns config from Disabled to Exclusive
 
Yes, it works, there is no leak now any more

however i used STRICT for that,

  • Strict: DNS servers pushed by the VPN provided DNS server are prepended to the current list of DNS servers, which are used in order. Existing DNS servers are only used if VPN provided ones don’t respond.
  • Exclusive: Only the pushed VPN provided DNS servers are used.

unfortunately i don't completly understand the difference between those two. Could you please sketch it for me in 3 simple sentences?
 
Could i understand it as a EXCLUSIVE has a 'kill switch' while STRICT not?
 
Exclusive means all DNS traffic is forced to use the VPN's servers by redirecting all DNS queries to it through NAT.

Strict means that dnsmasq will know both the VPN and the ISP DNS servers, and will try them in order. If one fails, then the query will be sent to the other servers, meaning that any of these servers can be used at any time.
 
Now i hear you loud and clear - was it you who wrote the github policy?
It seems that for the sake of having VPN, in fact `Exclusive` is the one that interests us - the users.
Thank you

Solution for future:
VPN -> VPN Client configuration :
1) Accept DNS Configuration : Exclusive
2) Force internet Traffic through Tunnel : YES
 
It seems that for the sake of having VPN, in fact `Exclusive` is the one that interests us - the users.
I think that statement is too bold.

It's simply a personal preference, depending on the scenario which applies to you. I have the VPN DNS-servers set to Disabled, because I specifically [B}not[/B] want them to be used. I'm using the NextDNS CLI Client and have a ProtonVPN subscription. NextDNS provides parental controls, logging, black- and whitelisting, broad insights in how my kid uses his Internet, regardless whether he's at home or at school. At home he's connected through the tunnel of the router, when on his way, as soon as he gets out of range of our trusted wifi networks, an app called Passepartout (which allow custom DNS server) immediately rebuilds a connection to ProtonVPN. That way I feel a lot safer. So, in my case, I specifically prefer to use another DNS than my VPN-provider provides. Not only are they slower, they also lack the many possibilities NextDNS offers me. So it's all a personal preference, based on what you want to achieve.
 
And some people do use VPN clients for their real intended purpose: to remotely link with a remote network such as your office's. In such cases, you do not want to use exclusive DNS, as it would break local resolution. You want the VPN DNS just added to your local DNS, and rely on the domain to determine which DNS server to use for your queries (local or remote).
 
I think that statement is too bold.

It's simply a personal preference, depending on the scenario which applies to you. I have the VPN DNS-servers set to Disabled, because I specifically [B}not[/B] want them to be used. I'm using the NextDNS CLI Client and have a ProtonVPN subscription. NextDNS provides parental controls, logging, black- and whitelisting, broad insights in how my kid uses his Internet, regardless whether he's at home or at school. At home he's connected through the tunnel of the router, when on his way, as soon as he gets out of range of our trusted wifi networks, an app called Passepartout (which allow custom DNS server) immediately rebuilds a connection to ProtonVPN. That way I feel a lot safer. So, in my case, I specifically prefer to use another DNS than my VPN-provider provides. Not only are they slower, they also lack the many possibilities NextDNS offers me. So it's all a personal preference, based on what you want to achieve.
And some people do use VPN clients for their real intended purpose: to remotely link with a remote network such as your office's. In such cases, you do not want to use exclusive DNS, as it would break local resolution. You want the VPN DNS just added to your local DNS, and rely on the domain to determine which DNS server to use for your queries (local or remote).
Both are true, rabbit holes are deep, oceans where the whales live are wide
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top