Menu
What's new
By:
Filters Better Search

Using Surfshark on Asus AC1900 with Merlin w/384.13 Have DNS leak .Why ?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I have no idea how Surfshark is making that assessment, but fwiw, here's my general take on the matter.

There are a multitude of ways you can create a DNS leak. In fact, not everyone even agrees on the definition of a DNS leak. For some, it's merely making sure you avoid the ISP's DNS servers. For others (including me), it includes never accessing *any* DNS servers over the WAN, where they can be eavesdropped on and/or redirected. And when it comes to online testing tools, I find them to be notoriously inaccurate when it comes to the router, probably because the client is NOT directly accessing the public DNS servers, but only *indirectly* via the local DNS proxy, DNSMasq.

In my own case, I'm using ExpressVPN, and their own DNS leak testing page always tells me I'm using their DNS servers (even lists them), when in fact I know w/ 100% certainty I'm NOT! I always have "Accept DNS configured" as Disabled, override my ISP's DNS servers in DNSMasq w/ 1.1.1.1, 1.0.0.1, and 9.9.9.9, and bind them to the VPN w/ route directives. The reason ExpressVPN mis-reports it is because the only thing it's doing is noticing I'm connected through the VPN's public IP when I access that page! IOW, it's just an assumption, that in fact is WRONG.

As I said, these online DNS leak testing tools are notoriously unreliable when it comes to the router. IMO, the *only* way to be 100% sure is to monitor connection tracking and actually observe where DNS queries are being routed, in real-time.

Code: 
cat /proc/net/nf_conntrack

All other methods are just educated guesses, which are often wrong. If it happens to be right in its assessment from time to time, it's most likely just coincidental.
 
P.S. The fact that we're now using things like DoT/DoH, or having the browsers accessing their own preferred DNS servers, is complicating things further, making such declarations even less reliable (which is ironic given the intent of all this was ensure confidence in the prevention of DNS leaks). Frankly, DNS at this time is a mess. I don't know how the average person can, w/ any reliability, determine if they do or don't have a DNS leak, unless, as I said, you bother to dig deeper within connection tracking.
 
Last edited:
You must log in or register to reply here.

Similar threads

OakleyFreak
Solved Guest network On VPN on 3004-388.8_2
Replies
2
Views
466
OakleyFreak
OakleyFreak
M
DNS Leak due to Wireguard DNS and PiHole Upstream DNS
Replies
8
Views
1K
mehravishay
M
T
Wireguard Client VPN not using DNS
Replies
14
Views
879
Tom Jo-Jo Junior Shabadoo
Tom Jo-Jo Junior Shabadoo
Groot
WireGuard VPN leaking DNS with DNS Director / RT-AX88U
Replies
5
Views
1K
Groot
Groot
J
VPN on RT-AX88U-Pro
Replies
3
Views
3K
Sethr
S
Similar threads
Thread starter Title Forum Replies Date
L Client to client disabled when using static IP on OpenVPN ASUS RT-AC3200 VPN 31
S Offload OpenVPN to Raspberry Pi 5 versus using my AXE16000 for site-site? VPN 2
A Tailscale and Asus Merlin Router VPN 16
G Pi-Hole + Asus WRT Wireguard VPN 1
M Asus OpenVpn Server behind behind another router (Google Mesh). VPN 1

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 608 (members: 13, guests: 595)
Top