Joined: 04 Aug 2018 Posts: 1447 Location: Appalachian mountains, USA
Posted: Tue Nov 16, 2021 21:54 Post subject:
Minor note: For checking DNS servers used, try https://dnsleaktest.com so that you can see which ISP hosts each server. The Quad9 servers forwarded to by 9.9.9.9 will always show WoodyNet as their ISPs. That makes clear that those are not from your own ISP. I believe I saw somewhere — Quad9 blog post? — that Woody refers to the Quad9 founder or CEO or some such. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
However lately the new DNSMasq version seems to give up rather quickly on strict-order and you can still end up with a DNS leak.
Is it known at what version this occurrence begins? Maybe I could try an older version that doesn't have this issue and see if that alleviates the problem.
Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Thu Nov 18, 2021 16:31 Post subject:
You can try it but if you do not use PBR everything should be routed via the VPN so also all DNS queries.
If strict order is not working it is possible that you do not use the pushed DNS server from your VPN provider but also the DNS servers from static DNS 1,2,3.
However for the outcome that should not matter as the DNS query will come from the same Letvian address as it is routed via the VPN tunnel.
So if you cannot watch TV while you are not using PBR then it looks like the content provider is blocking VPN's
But feel free to try an older build, who knows, I have seen stranger things
You can try it but if you do not use PBR everything should be routed via the VPN so also all DNS queries.
I did try, various builds, back, to r47086 up to the latest, as expected no change.
egc wrote:
If strict order is not working it is possible that you do not use the pushed DNS server from your VPN provider but also the DNS servers from static DNS 1,2,3.
However for the outcome that should not matter as the DNS query will come from the same Latvian address as it is routed via the VPN tunnel.
What's interesting is that the leak test seems to show the VPN pushed DNS, which is wanted, but always 6 or more Comcast DNS, which are not wanted. I also have 9.9.9.9, and 1.0.0.1 as static DNS 1 and 2 on the router, and these do not seem to show up at all. WAN type is Automatic - DHCP with "Ignore WAN DNS" selected. Would really like to know why my static DNS do not appear and the unwanted ISP DNS do appear. I'm pretty sure that is the cause of the issue, because when the ipleak test seems to show only the vpn pushed router, then I can use the service.
Joined: 04 Aug 2018 Posts: 1447 Location: Appalachian mountains, USA
Posted: Mon Nov 29, 2021 23:22 Post subject:
This is a bit off the wall, but there were reports some number of builds back of the logic of the "Ignore WAN DNS" setting being enable/disable reversed, at least on some routers. Can't hurt to see if unchecking it turns on the desired ignoring. Long shot.
Also, as mentioned above, you'll never see 9.9.9.9 in the ipleak.net display. You'll instead see mysterious IP addresses to which Quad9 forwards your requests. To see if they actually are Quad9 DNS servers, try the test at dnsleaktest.com and look in the ISP field. WoodyNet in that slot means Quad9. I think Woody was a founder or CEO or something, and they apparently stuck that in the ISP field when they registered the IPs. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.