What's new

Using Surfshark on Asus AC1900 with Merlin w/384.13 Have DNS leak .Why ?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I have no idea how Surfshark is making that assessment, but fwiw, here's my general take on the matter.

There are a multitude of ways you can create a DNS leak. In fact, not everyone even agrees on the definition of a DNS leak. For some, it's merely making sure you avoid the ISP's DNS servers. For others (including me), it includes never accessing *any* DNS servers over the WAN, where they can be eavesdropped on and/or redirected. And when it comes to online testing tools, I find them to be notoriously inaccurate when it comes to the router, probably because the client is NOT directly accessing the public DNS servers, but only *indirectly* via the local DNS proxy, DNSMasq.

In my own case, I'm using ExpressVPN, and their own DNS leak testing page always tells me I'm using their DNS servers (even lists them), when in fact I know w/ 100% certainty I'm NOT! I always have "Accept DNS configured" as Disabled, override my ISP's DNS servers in DNSMasq w/ 1.1.1.1, 1.0.0.1, and 9.9.9.9, and bind them to the VPN w/ route directives. The reason ExpressVPN mis-reports it is because the only thing it's doing is noticing I'm connected through the VPN's public IP when I access that page! IOW, it's just an assumption, that in fact is WRONG.

As I said, these online DNS leak testing tools are notoriously unreliable when it comes to the router. IMO, the *only* way to be 100% sure is to monitor connection tracking and actually observe where DNS queries are being routed, in real-time.

Code:
cat /proc/net/nf_conntrack

All other methods are just educated guesses, which are often wrong. If it happens to be right in its assessment from time to time, it's most likely just coincidental.
 
P.S. The fact that we're now using things like DoT/DoH, or having the browsers accessing their own preferred DNS servers, is complicating things further, making such declarations even less reliable (which is ironic given the intent of all this was ensure confidence in the prevention of DNS leaks). Frankly, DNS at this time is a mess. I don't know how the average person can, w/ any reliability, determine if they do or don't have a DNS leak, unless, as I said, you bother to dig deeper within connection tracking.
 
Last edited:

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top