I just started using a VPN and have a question on checking for DNS leaks. I've gone to dnsleaktest.com and run the test. I know if your ISPs servers show up that you have a leak. But what if the ISP is not there but you have several servers listed under Google? Is that a leak or is it ok? Is it preferable to have only one server listed from a location/country other than your real one?
Here you go. I'm actually connected to a VPN server in Bulgaria. The test shows several Google DNS servers in Finland. Would these results be considered a DNS leak?
High-end VPN services run their own DNS servers, often with non-public IPv4 addresses in the VPN tunnel subnet. Others use various public DNS servers, such as Google. Some let you specify what DNS servers to use. The clueless ones just let you use your default DNS servers, which are often the ones assigned by your ISP.
@Kid Shamrock - At first glance (not much of a glance can be made, it is a screenshot!), I doubt you are experiencing a DNS Leak. However, it looks like your VPN makes use of Google Public DNS addresses. I wouldn't call that a DNS Leak in its traditional definition... but still, it's a series of Google DNS servers. You might want to ask your VPN if they run their own DNS servers or make use of public DNS servers. Lets hope the monthly/yearly fee isn't too expensive; you shouldn't be paying for a VPN if it uses public DNS. @mirimir - Have you had much exposure to the "block-outside-dns" feature of OpenVPN?
No. I'd never heard of it. But now I see that it's a Windows-specific patch for OpenVPN: https://sourceforge.net/p/openvpn/mailman/message/34620249/ Have you used it? I wonder whether VPN providers include that in their Windows clients.
From what I have come across so far, it's to "improve" (laughs) on a flaw found in Windows 8 through to 10... relating specifically to how these Windows releases handle DNS resolving. For the most-part, W7 isn't included in the discussion. However, I have noticed some VPN providers offering this patch on client-side (eg: typing it into custom configs), or server-side (eg: every node you connect to has the patch activated). Just thought I'd ask the VPN Guru a question is all... Damn Linux, immune from most bullcrap out there!
Try to use a different browser for testing, since you are using Chrome and you are probably logged into your Google account. Mine for comparison.
Damn. It just keeps getting worse Windows knows best, kids Interesting. Good to know. Well, that's going a bit far. Network Manager is pretty bad. It often just falls over and dies if the uplink flaps, leaving you wide open, with direct connectivity It's pretty much OK if you have iptables locked down, however.
I tried Cyberfox and Edge and got the same results as I did using Chrome, so it's not browser related. I guess there's no leak, but I question how anonymous it would be with Google involved. Pretty sure they log everything...