DNS leaking, do I have a problem?

I finally suceeded installing Wireguard on my Raspi running PiHole, feel a little nerdy proud :slight_smile:
The only thing I seem to lack is that my DNS is leaking!?
But I don't understand this well enough to judge if I got a problem?
I am using this site to check: http://dnsleak.com/

"Your IP" is showing the public entry/exit point to my home network, the public address of my router.
"DNS IP" is showing the correct IP address of my DNS provider.

But this is exactly what I get when I browse the internet from within my home network without Wireguard enabled.

To further test things I started a different VPN on my tablet, Proton VPN, and ran the DNSLeak.com test again, and yes, in this case IP and DNS are identical.

So long story short, do I have a problem with my leaking DNS given that I will "leak" it all day long when at home without a VPN?
And if I do, anyone got an idea how I can hide it considering I use the PiHole as DNS?

By the way, if anyone is interested in the setup details I'd be happy to post it here.

Not sure what you understand as DNS leak, but it basically is this: If you have an active VPN connection and DNS resolution is still done via your "normal" DNS provider (which usually is one from your ISP) rather than the one provided by your VPN provider. So that even when traffic is encrypted with the VPN, your ISP is aware of the sites you are browsing since your DNS queries still arrive at their DNS servers.

If you just want to use a different DNS server than the one from your ISP, you can configure that in pihole itself.

Agree, I configured a different DNS server (no logging, no filtering) already for all machines on my home network.

What I am trying to achieve with my local Wireguard setup is two things:

  1. Provide secure access to home resources : this I got and a "leaking" DNS won't matter.

  2. Replace the need for commercial VPN providers when using a public wifi: this I got as well and again the DNS shouldn't matter.
    For someone going after me, all traffic will look like originating from home, no matter where in the world I am. And I benefit from Pihole filtering even on public lan which is kind of cool :grinning:

After reading up some more on this I think the "bleeding" DNS is relevant for people who need to hide their location, the Edward Snowdens of the world, where the local DNS may provide a hint on their whereabouts or who's accessing a resource.

Ah sorry, misunderstood your first post. You are hosting your own VPN server and connect to it from other places... (for the sake of preventing spying your traffic I assume)

Yeah, it's when you want to be more or less "anonymous" so that you can't be traced back. When you use a VPN service to hide your IP address but you're leaking DNS traces to your ISP for instance it could be traced back easier to you (f.e. You make a webrequest to a certain server with client IP address ABC, but 10ms before there was a DNS request to resolve the ip address from client IP XYZ, you could make the assumption that ABC in reality is XYZ using a VPN where you have ABC...)
So if you do bad stuff there is some possibility to trace back to your real (non-VPN) IP address...

Indeed, I should have mentioned my use cases in the opening post.

What got me started was that the setup guide I followed was highlighting the importance of hiding the DNS server which now seems pointless to me?

What purpose does a hidden / not-bleeding DNS serve when one runs the VPN server at home? People can still locate me simply because of the IP my ISP assigned to me.

Actually this also a valid concern. Imagine you are in a network connected to your home VPN, but DNS is resolved by the foreign networks DNS server. That foreign DNS server could point to a malicious website instead of the real one... (Although if you go on https sites only it is probably not that critical)

So like if you go to mybank.com, instead of giving you the real and legit ip address, it'll give you a malicious one.

Agree, but in my setup the DNS server I use with my VPN on, is the one I configured on the pihole, always.
But I am "bleeding" the Pihole DNS server address, which I believe I can safely ignore.

A VPN configured to keep me anonymous (which my setup is not about) will have to show the same IP for the DNS server and VPN exit.

Yepp. It is as if you'd be in your home network locally.

That site also tells me that I have a DNS leak and I am positive that I do not have one since it shows the correct IP and not the DNS IP from my ISP.

I would try a different site if it was me.
I have had good luck with dnsleaktest.com

EDIT:
Just noticed the post date I hope I am not brekaing any rules regarding bumping older topics.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Forum kindly sponsored by