I’m using the NextDNS CLI on Mac and I’m always connected to a VPN. I’ve been using dnsleaktest.com to test things and it’s always looked right. I get 1 result from a nextdns server in the same location as my VPN connection.
But I’ve recently been checking on https://whoer.net/dns-leak-test and I get many results. Often times a bunch different nextdns servers but in different countries mixed with some Cloudflare servers also in different countries. Is this normal? Why is whoer.net giving different results and does it mean I’m leaking?
The only way to do this correctly is to download WireShark and look at the packets leaving your computer. DNS goes over UDP on port 53. Turn on the packet capture and look for packets leaving unencrypted. Don’t rely on some DNS leak site, which probably isn’t working.
dnsleaktest seems to be half assed accurate (right dns but wrong ip) but that other site you linked is completely fucked. it is looking at enabled but not in use virtual adapters. my vpn is turned off and its saying im using a vpn on cloudflare servers. im using nextdns on my actual ip
So I found out that If I enable “Block Bypass Methods” under Parental Controls in my NextDNS config, it completely blocks whoer.net lol… I still don’t know what that site is doing exactly but it’s not normal.
EDIT: Nvm, Block Bypass Methods is just another block list that blocks a bunch of VPN and DNS providers: here
Well, it depends on what operating system you have, and also your network setup. I have UDP port 53 blocked on at my router/firewall so that even if my DNS does leak, it doesn’t matter.
I’m not sure what DNS client you are using, but you could change the client. I started using YogaDNS to transport DNS over TLS. It seems to be a better program. I haven’t pulled out WireShark to check, but it might be a good idea.
Well, like I said, you can take it a step further and block outgoing UDP on port 53 at the network level. That’s a sure fire way to disable unencrypted DNS leakage.
Tell me if I’m wrong, but doesn’t a DNS leak defeat the purpose of using NextDNS?
Also, yes and no. Are you trying to hide your tracks and leave no trace? If so, DNS leakage would be bad as it would expose your IP address and where you’re going, but then hopefully you’re also using a VPN or TOR. But if you’re just browsing stuff, then some leakage is okay. Honestly, I mostly want to block trackers or threats. If a few DNS packets get out, so what. But it all depends on your threat model.
I have some friends who pick a VPN port, then block all ports but the VPN’s exit port. That way no leakage occurs w/ the VPN traffic. Again, all I’m trying to do is reduce my footprint.
I blocked UDP 53 on my router and still getting those leaks. I looked into it a bit more and found this thread from nextdns help center with the same issue.
It’s a long thread but based on what I picked up it’s a real issue with NextDNS. Someone mentioned that NextDNS actually uses cloudflare servers so it’s normal but the staff never mentioned that, in fact, they acknowledged that this is an issue but that it’s a client side issue.
I’m not sure what to think, I have the same issue on many devices and not just on my home network.