What is Reddit's opinion of DNS leak test?

From 3.5 billion Reddit comments

Two things,

• Making harder for government and ISPs to track which website you visit, AND
• Preventing ISPs from hijacking your DNS requests (transparent DNS proxies)

If you read the notice that was sent, this is likely not a DNS leak. They detected DHT UDP traffic on port 4107.

This indicates to me that this has nothing to do either with some sort of traffic analysis, DNS leaks, or otherwise.

The most likely explanation, Occam's Razor-wise, is the VPN was not actually connected at the time the tracker connected.

Could have fired it up at some point by mistake for a minute or so or what have you. Or started it too early.

It is really important when using VPN software to always connect to a remote server that can report your source IP, hostname, and ideally geolocation to ensure that you are connected. I never trust little colored icons or status messages. What will convince me of a VPN connection, and I verify it every time I use it (which is not often):

• https://www.whatismyip.com/
• https://www.dnsleaktest.com/

The latter one makes sure you aren't looking up hostnames outside of the VPN tunnel.

On the VM I run my VPN on (using the bog-standard OpenVPN client), it can take as much as a minute after LXDE has booted before I start seeing the VPN address.

Thus it is also possible you connected before the VPN had finished creating its tunnel.

Never trust VPN client statuses. Always verify the connection.

Whatever you use on the clearnet, it won't be the same using Tor. Tor enforces it's own philosophy for handling DNS requests. You see that when you do a DNS leak test: https://www.dnsleaktest.com/

Now, do the same test over clearnet. See the differences?

The simplest way would be to visit a website such as https://www.dnsleaktest.com and it will show you what DNS you are using.

P.S. Make sure to reboot the router AND all devices after you set it to 1.1.1.1, for the changes to take effect

Make sure your VPN service is properly secure though. I roll my own on a VPS, and you have to explicitly configure OpenVPN to route everything through the tunnel before it will. You can use the DNS leak test to make sure your VPN is secure. If you still see your ISP's DNS servers in the test results, your VPN is not configured properly. I wouldn't dream of connecting even my phone to a network out of my control without it.

The OS won't help (AFAIK) as the internet service provider is just going to see torrent traffic going to an IP they leased to you anyways. If you're worried about your VPN working, you can gather some data about what information you're leaking through services like the DNS Leak Test or ShieldsUP. Anything those sites can see your ISP can see too.

The best.. if configured correctly

1. Enable the VPN kill switch
2. DNS leak protection
3. Check your IP > http://checkmytorrentip.net/ | http://ipleak.net/ | https://www.dnsleaktest.com/
4. Disable IPv6 (or use a client that disabled it automatically, like the PIA client)

I think the typical recommendation is to use QBittorrent and in the advanced preferences configure the network interface to use the VPN only. If the VPN goes down, QB will not be able to send or receive.

Try it out by downloading a Linux ISO and connecting/disconnecting from the VPN.

Also go to a site like https://ipleak.net/ and run a test with their "Torrent Address Detection" option, and check for DNS leaks on a site like https://www.dnsleaktest.com/

NextDNS has not passed the DNSLeakTest even once. It shows real data every time. At the same time, Quad9 and Cisco OpenDNS are changing IP. This is my experience with NextDNS.

You want to turn on DSN leak protection and IPv6 leak protection.

Go to DNS leak test and do the extended test before the changes. See a bunch of DNS servers that aren't owned by Choopa LLC? This is a risk.

After turning on DNS leak protection, the same test should only return 1 DNS server, which is the Choopa LLC server that PIA runs.

1. Enable the VPN kill switch
2. DNS leak protection
3. Check your IP > http://checkmytorrentip.net/ | http://ipleak.net/ | https://www.dnsleaktest.com/
4. Disable IPv6 (or use a client that disabled it automatically, like the PIA client)

If you're sure VPN is always connected, you should be fairly safe. There is always the possibility of the phone not forcing all apps traffic to go via VPN though. Also check that your set up is not leaking DNS requests https://www.dnsleaktest.com/

Disable your VPN and run these DNS leak tests:

• https://www.dnsleaktest.com/
• https://ipleak.net/

Then enable your VPN and run the tests again.

If your city/nearby region for both instances is the same, that means your DNS is leaking and your VPN is not working properly and/or misconfigured.

1. Enable the VPN kill switch
2. DNS leak protection
3. Check your IP > http://checkmytorrentip.net/ | http://ipleak.net/ | https://www.dnsleaktest.com/
4. Disable IPv6 (or use a client that disabled it automatically, like the PIA client)

Sürekli bu tür başlıklar açmadan önce https://www.dnsleaktest.com/ sitesini kullanarak bir test yapın. ISPleri DNS adresini kullanmıyorsanız çoğu siteye engel yok zaten.

You have to enable the following check box in the openvpn config in pfsense:

"Redirect IPv4 Gateway Force all client-generated IPv4 traffic through the tunnel. "

That forces all traffic through the VPN tunnel, not just the traffic that is going to your private networks.

Another tip is to make sure you are using PFsense as the DNS server while connected to the VPN. A good place to check is here: https://www.dnsleaktest.com/

If you are using the hotels DNS, then you are leaking quite a lot of metadata the hotel can pickup.

Do you want the router to use a static DNS server for the WAN interface?

If so open up the console via ssh/web gui and type

configure

To stop the WAN interface from requesting DNS servers via DHCP from the ISP

set interfaces ethernet eth0 dhcp-options name-server no-update

To tell DNSMasq to use Google DNS

edit service dns forwarding set name-server 8.8.8.8 set name-server 8.8.4.4 top

To tell the router intself to use DNSMasq for name resolution (which in turn uses google's DNS as we just configured above)

set system name-server 127.0.0.1

To save

commit save

Finally, you need to renew the WAN IP to remove the DNS server provided to you by your ISP through DHCP

renew dhcp interface eth0

To confirm everything is in order type

show dns forwarding nameservers

You should see

-----------------------------------------------
Nameservers configured for DNS forwarding
-----------------------------------------------
8.8.8.8 available via 'statically configured'
8.8.4.4 available via 'statically configured'

-----------------------------------------------
Nameservers NOT configured for DNS forwarding
-----------------------------------------------
127.0.0.1 available via 'system'

You can run a DNS leak test to ensure you are truly using Google DNS. https://www.dnsleaktest.com/

Using a properly configured paid VPN, the risks of using Publicly Tracked Torrents are entirely eliminated :)

1. Enable the VPN kill switch
2. DNS leak protection
3. Check your IP > http://checkmytorrentip.net/ | http://ipleak.net/ | https://www.dnsleaktest.com/
4. Disable IPv6

Most browswers are coming with DNS over HTTPS turned on by default. This will bypass your pihole. I also had AVG attempt to take over my DNS with an optional feature called AVG Webshield.

Right now there is competition and value in your DNS requests. They claim they're keeping us SAFER by monitoring our requests, and blocking them as necessary.

Apple/iMac consumers are going to be shocked when they realize what iCloud Privacy Relay is on the new iOS 15.

https://www.dnsleaktest.com/

That's weird, I tried the link out to and I got no for everything except the very bottom section for ipv4 addresses. I checked with www.dnsleaktest.com and I got cloudflare as the response. I only have 127.0.0.1#5053 as the upstream server.

EDIT: I got the help site to work if I disable dnssec on the pihole and use my router to validate and cache dnssec instead. Could just be the way that the pihole does dnssec validation?

You have a flawed understanding of what 1.1.1.1 does and DNS in general. You still need a VPN if you are pirating, changing DNS servers will not prevent you from getting dmca/copyright notices.

What are you trying to pirate and how are you doing it? torrents?

Once you are connected to your VPN, run a dns leak test, preferably the extended one. https://www.dnsleaktest.com it should NOT say your home internet providers name for the DNS provider. You will be using your VPN providers DNS servers if VPN is properly setup and configured.

Awesome! Be sure to properly configure your VPN and test it out to make sure your DNS isn't leaking (if it is, your ISP can still see your traffic)

>https://www.dnsleaktest.com/

>https://ipleak.net/

About first question, VPNs can slow ONLY your connection: if you have a 10 Mbps ADSL,

• without the VPN you'll have 9.95 Mbps
• with VPN you'll have more or less 8-9 Mbps

but other users will always surf at the same speed they were used to before you bought the vpn, independently that you use the VPN or not.

About your second question, yea a VPN will protect you but be sure to have not ipleaks https://ipleak.net/ and dnsleaks https://www.dnsleaktest.com/; even more important configure the kill switch and bind, in the torrent app, the download ing to the VPN so if the VPN application crashes the connection and thus the tormenting will be dropped immediately and your IP won't be exposed.

Make sure your IP is changed at whatismyip.com and also run an extended dns leak test over at https://www.dnsleaktest.com/ that should give you a rough estimate of basic security using your VPN. If your leak test shows up your real IP or DNS, you might want to tweak your VPN. PIA however (if I'm not mistaken) has a 'dead mans switch' and has an anti-dns-leak setting. Make sure this is toggled :)

Essentially it determines if they can do a reverse DNS on you and find out who/where you are even if you are using a VPN.

Run the tests here: https://www.dnsleaktest.com/

Your ISP is most likely redirect your DNS requests to internet sehat/nawala/their own shitty DNS servers, so whatever IP address you manually set will be useless.

You can check wether your ISP is doing this by testing at this site after you changed the DNS. If it's still pointed to your ISP's DNS, then you will need to use dnscrypt.

1. Enable the VPN kill switch
2. DNS leak protection
3. Check your IP > http://checkmytorrentip.net/ | http://ipleak.net/ | https://www.dnsleaktest.com/
4. Disable IPv6 (or use a client that disabled it automatically, like the PIA client)

Use proxychains or a VPN, and check for DNS leaks

That or don't do anything illegal that requires you to conceal your identity

Edit: added hyperlinks

Edit 2: if you are paying for a VPN service, don't use it for information gathering (port scanning). Use a public proxychain for that, as the target may ban the IP if who is scanning them

Do an extended test to see if your leaking your IP while using a VPN.

https://www.dnsleaktest.com/

You might have just got caught downloading some porn while your VPN configuration leaked your ip address/your torrent client booted up automatically with your computer before the vpn was started.

unbound DNS server run it locally (on the same computer) used this guide: http://freedif.org/unbound-your-own-dns-server/

and set my DNS servers on settings on my client to 127.0.0.1 (same pc) though you can also have a local computer (LAN network computer) that is dedicated to being the local dns server for your home.

(had to use a startup script however to keep pc to stay pointing to local dns, my isp assigned router has a nasty tendency to tell client pcs to swtich DNS back to their DNS servers)

the speed increase is beautiful and since its a local dns running on your pc or on your local network you can choose to hold your own logs or not log your call there. (even filter out addresses you don't want access to like known ad sites)

Another alternative as /u/pirateserb mention the dnscrypt servers are great and had used that option before running local unbound dns server.

Used: https://www.dnsleaktest.com to test that dns requests aren't going places that you don't expect.

as long as your queries are going out the vpn interface, not too much to worry about whichever servers used, but using vpn's servers adds protection against this type of privacy loss:
https://www.dnsleaktest.com/

as long as your vpn's IP shows up you're good

the problem is that some types of vpns, depending on general config, and addresses/routes used can cause your dns queries to go out on your normal internet connection and google knows all the sites you visit. sites that have subdomains, for example analbeads.pics.com then google knows that too

No.. if it's properly configured

1. Enable the VPN kill switch
2. DNS leak protection
3. Check your IP > http://checkmytorrentip.net/ | http://ipleak.net/ | https://www.dnsleaktest.com/
4. Disable IPv6 (or use a client that disabled it automatically, like the PIA client)

Or.. you could use a /r/Seedboxes or switch entirely to Private /r/trackers

1. Enable the VPN kill switch
2. DNS leak protection
3. Check your IP > http://checkmytorrentip.net/ | http://ipleak.net/ | https://www.dnsleaktest.com/
4. Disable IPv6 (or use a client that disables it automatically, like the PIA client)

You don't need SOCK5 for to eliminate the risks of P2P necessarily.. the VPN by itself is enough :)

1. Enable the VPN kill switch
2. DNS leak protection
3. Check your IP > http://checkmytorrentip.net/ | http://ipleak.net/ | https://www.dnsleaktest.com/
4. Disable IPv6 (or use a client that disables it automatically, like the PIA client)

Strange configuration, most people using virtual machines would put the VPN in the virtual machine itself. That way the host itself can still be used outside the VPN.

In your case just double-check the networking configuration of the virtual machine (should not be bridged). BTW you should be able to test yourself, does your virtual machine have a web browser? Just go to https://ipleak.net/ and https://www.dnsleaktest.com/ to make sure your virtual machine has the expected VPN IP addresses, not your main non-VPN internet.

https://www.dnsleaktest.com/

If you've got it set up right, (not using your ISP DNS server etc) then they will see you connect to a VPN and how much bandwidth you are using. That's it.
Your connection is encrypted between you and PIA and nobody else should be able to see what you are doing, that's the point of the exercise.

DNS stands for Domain naming system. the purpose is to translate IP addresses to words. A DNS leak is where when you're using a VPN connection you use your ISP's DNS servers instead of your VPN's.

Your browser has no effect on this at all, a decent write up can be found here

Don't use the proxy.. use the full VPN (and make sure it's properly configured)

1. Enable the VPN kill switch
2. DNS leak protection
3. Check your IP > http://checkmytorrentip.net/ | http://ipleak.net/ | https://www.dnsleaktest.com/
4. Disable IPv6 (or use a client that disables it automatically, like the PIA client)

You should use the entire VPN, not the proxy..

1. Enable the VPN kill switch
2. DNS leak protection
3. Check your IP > http://checkmytorrentip.net/ | http://ipleak.net/ | https://www.dnsleaktest.com/
4. Disable IPv6 (or use a client that disables it automatically, like the PIA client)

You also need to make sure you route all your traffic across the VPN. Watch out for DNS leaks.

Imagine that you send all your traffic across the VPN, but before its sent you do your DNS look ups using a DNS server controlled by work. So in effect, they can see what addresses you look up before it goes over the VPN.

Look up DNS Leak test

https://www.dnsleaktest.com

I'm going to assume you are using the VPN to avoid anti-piracy/copyright trolls/etc..

1. Enable the VPN kill switch
2. DNS leak protection
3. Check your IP > http://checkmytorrentip.net/ | http://ipleak.net/ | https://www.dnsleaktest.com/
4. Disable IPv6 (or use a client that disables it automatically, like the PIA client)

If this is not what you're using it for, be specific and ask :)

As long as you have it properly configured.. you shouldn't be at risk

1. Enable the VPN kill switch
2. DNS leak protection
3. Check your IP > http://checkmytorrentip.com | https://www.dnsleaktest.com/
4. Disable IPv6 (or use a client that disables it automatically, like the PIA client)

If his ISP has a transparent dns proxy, they can be rewriting the dns results no matter which dns server he uses... transparently. That's why you need encrypted dns, vpn's, etc.

https://www.dnsleaktest.com/what-is-transparent-dns-proxy.html

I know you found out why, but if you were using an actual VPN, your DNS could be leaking. If you have a free trial for a VPN, make sure it doesn't leak your DNS before you buy it.

You can test if it leaks Here

Well, I don't see anyone suggesting tests to see how well your VPN is doing. So here, do these tests, https://ipv4.ipleak.net/ and https://www.dnsleaktest.com/

Your IP address, DNS address, torrent address, all of them should only show 1 IP address (and that IP address shouldn't be yours). If you are using Chrome and you see extra IP addresses in the DNS sections then you need to install the WebRTC Leak Prevent addon to Chrome.

If you're torrenting and internet turns off/on VPN might not reconnect but torrents won't stop sharing, so you'll be exposed if that happens. Look for a Kill Switch function in your VPN, you need to have that turned on for sure.

Adding block-outside-dns to the config provents dns leaks, meaning all DNS requests are resolved using the VPN's servers.

There is no need to use a third party DNS. Source

That's not entirely true: DNS Leaks and Transparent DNS proxies can allow your ISP to see what domains you're requesting and track your browsing history.

> Should I worry about letting the app access my gmail account?

You should worry about the fact that you use Gmail. :)

Why is ChatSecure trying to access your Gmail account? It makes an account on a XMPP/Jabber service.

> There is an open lock icon with a red X that tells me encryption is off. I touched it, but it is not turning on.. Is there anything I need to do?

The 'red X' is there to verify that the person you intend to talk is really the person you intend to talk to. They need to have a XMPP/Jabber account as well.

> There is an option to choose which applications to route through TOR, and I selected a bunch of them, but how do I test if that is indeed working?

Route your web browser through Tor and then check your IP address. If it isn't what it should be, then Tor was successful. You can check your IP address at https://www.dnsleaktest.com/ or https://ipleak.net/

Tuossa on pari testiä jolla voi testailla VPN:ää. Kannattaa myös katsoa ettei IPv6 vuoda VPN:n ohi.

• ipleak.net
• www.dnsleaktest.com
• ipv6-test.com

I'm using Cactus VPN, and no complaints so far. They give you a 24 hour free trial to start with so you can test it out. Use a DNS leak test to see if it's working. Mine thinks I'm in Kansas at the moment, so suffer in yer jocks ASIO.

https://www.dnsleaktest.com/how-to-fix-a-dns-leak.html

If your VPN provider has DNS servers (PIA does), then you could set your Internet adapter to use those. (Windows instructions for changing DNS servers: http://windows.microsoft.com/en-gb/windows/change-tcp-ip-settings).

>the kill switch shuts down my computers communication with the internet

The tunnelled connections are dropped anyway, that is just how network tunnelling works, even in some edge case (e.g if the inside IP for the other end is a Public IP) where this doesn't happen it's OS configuration not the VPN that is protecting you.

>to avoid my IP being exposed.

Your home IP is exposed, it still connects to the Internet for the VPN to tunnel down. Your remote IP would never be exposed anyway.

>A DNS leak is just that, a DNS leak, https://www.dnsleaktest.com[1] for more info.

But you listed it as a feature of the VPN, it's not really something a VPN can provide, its OS configuration.

>Also the point of not logging is so that if they get a warrant, the VPN providers say "Whelp, here's a box of nothing"

They get a warrant saying 'please log this IP addresses traffic', then next time they get your data.

It sounds like you pay a fair bit of moneyfor a bit of snakeoil+marketing, If you don't know what threats it's protecting you against you probably don't need to missuse a VPN.

e.g:

If you want anonymity use Tor

If you want to break copyright law outside of US jurisdiction get a VPS outside of US jurisdiction

Perhaps a VPN is the right solution for your problem, but if it's not setting up a Private Network, then it probably isn't.

Under advanced settings, turn on VPN kill switch, and DNS leak. Make sure you save.

And as /u/krp5150 has said, do an IP leak test.

Personally I use dnsleaktest.com, other sites may be better, but I've never had a problem with this, so have never needed to use any others.

Edit: Typo's.

As far as seeding is concerned.. yes, if properly configured

1. Enable the VPN kill switch
2. DNS leak protection
3. Check your IP > http://checkmytorrentip.net/ | http://ipleak.net/ | https://www.dnsleaktest.com/
4. Disable IPv6 (or use a client that disabled it automatically, like the PIA client)

As far as the data contained within the torrent.. as /u/312c said, check your metadata before you post anything

Yes.. if you configure it correctly

1. Enable the VPN kill switch
2. DNS leak protection
3. Check your IP > http://checkmytorrentip.net/ | http://ipleak.net/ | https://www.dnsleaktest.com/
4. Disable IPv6 (or use a client that disabled it automatically, like the PIA client)

Yes!

Read.. /r/opentrackersdotorg/comments/1y7dq0/how_to_avoid_antipiracycopyright_trollsetc/

^ Make sure you have your VPN properly configured..

1. Enable the VPN kill switch
2. DNS leak protection
3. Check your IP > http://checkmytorrentip.net/ | http://ipleak.net/ | https://www.dnsleaktest.com/
4. Disable IPv6 (or use a client that disables it automatically, like the PIA client)

Use the following steps to avoid your IP being present in the swarm of Publicly Tracked Torrents..

1. Enable the VPN kill switch
2. DNS leak protection
3. Check your IP > http://checkmytorrentip.com | https://www.dnsleaktest.com/
4. Disable IPv6 (or use a client that disables it automatically, like the PIA client)

Also, use the search > http://www.reddit.com/r/VPN/search?q=torrent&sort=new&restrict_sr=on

Encrypting the data in your client is unnecessary and accomplishes nothing..

The goal is to eliminate your IP Address from the swarm(s), encrypting the client data doesn't do this :/

Run the client and make sure you do the following..

1. Enable the VPN kill switch
2. DNS leak protection
3. Check your IP > http://checkmytorrentip.com | https://www.dnsleaktest.com/
4. Disable IPv6 (or use a client that disables it automatically)

More info > /r/opentrackersdotorg/comments/1y7dq0/how_to_avoid_antipiracycopyright_trollsetc/

https://www.dnsleaktest.com/, it's a website to test DNS leak.There are plenty of free DNS leak testing websites around, and the best do a great job of pointing out any privacy problems.

With your VPN disconnected, go to dnsleaktest.com and tap Extended Test. Make a note of the DNS server IP addresses listed in the test report.

UDM's built-in manual IPsec S2S seems to have about a 5% overhead in terms of bandwidth loss. In terms of CPU/RAM load on the UDM, I have not noticed any load increase.

As a side note, if you have privacy concerns and are not wanting your ISP to *easily* monitor/shape your DNS traffic, on the "Uganda" side, be sure to set the DHCP's DNS server of the LAN to something custom (8.8.8.8, 8.8.4.4, etc.). Otherwise, even though you have S2S working and traffic routed remotely, your ISP's local DNS will still serve your DNS queries. This is know as DNS leaking and you want to avoid this. To see if you DNS is being served/proxied by your ISP, you can test here.

Never needed to do it but I think it should be doable.

Seems easy enough to test, right? Just connect to your hotspot then & then run the normal tests e.g. https://ipleak.net/, https://www.dnsleaktest.com/, etc. & see what IP is coming up. If working correctly you should be seeing the IP and DNS of your VPN configuration.

Maybe also check over in /r/VPN, people there often use VPNs on phone/mobile devices (outside of torrenting).

I have used PIA for 3 years with excellent results and service. Set up is almost nonexistent other than logging into your PIA account for the first time.

I only connect when I torrent. Be sure that you use the "kill switch" within the PIA software. If for some reason PIAs service is disrupted or there is a software glitch and you're system is no longer protected by the VPN, kill switch will instantly kill the internet connection to your computer or other device so your IP isn't exposed. I've noticed mine trip a couple of times over the years, but it's not a big deal as it usually corrects itself immediately.

If you decide to use the VPN only for torrenting, you'll find with the kill switch enabled it can screw with your systems network settings if you disconnect from your selected server to go back to your regular non VPN system state. Rather then disconnect, just "exit PIA" and you'll have zero issues with this. If you want to try different servers, again, don't disconnect just use "switch to" to access a different server from the list. All this will become much more clear to you when you look through the simple software PIA supplies.

Within PIAs settings I also have "DNS Leak Protection" enabled along with "Allow Access to Local Networks" I do a DNS leak test now and again just to be sure my IP isn't showing up.

Anyhow, hope this is of some help.

You can access this website to check which DNS is being used. If you see your ISP DNS, or different DNSes, than you have leak.

https://www.dnsleaktest.com

PIA's website will tell you if you are connected to one of their IP addresses.

I use PiHole with upstream DNS servers 1.1.1.1 and 8.8.8.8.

if you go to https://www.dnsleaktest.com/ and then do the standard test, the results must be 'Cloudflare' if your phone is good configured..

if the result is your ISP, then the PiHole is bypassed...

So, now you have a visual confirmation that you are using your PiHole ;-)

You normally just need to enable Kill Switch and DNS Leak options in the PIA VPN application. Also make sure to test that everything looks OK with leak test sites like https://ipleak.net/, https://www.doileak.com/, https://www.dnsleaktest.com/

There isn't anything you are required to configure in your torrent client but if you want to play it safe disable UPnP since PIA does not do port forwarding via UPnP.

exactly, a simple drop * non local subnet rule in pfsense on each interface or a floating rule would fix this quite easily. You can use DNSLeak from behind a VPN to test if your DNS is leaking.

You can test your VPN by browsing to some of the test links in the right side bar.

https://www.dnsleaktest.com/

If it shows your real IP and your normal DNS servers when you are connected to VPN, then you have a leak.

If it shows your VPN server IP and your VPN DNS server then you are okay.

Those both work for me, but checking a DNS leak test, https://www.dnsleaktest.com/ shows I use more than a couple DNS providers.

Funny how archive.org won't archive anon. But archive.is will. http://archive.is/WvT1j

Using a VPN is not enough, you have to make sure your DNS resolver configuration is not set to your router, otherwise you will be sending all DNS queries to the ISP's DNS server and not through the tunnel (because most home routers are just DNS forwarders). And even then, you probably need to set up local recursive DNS resolver software, otherwise you will be tracked by the recursive resolver that you are using through the tunnel. If it is 8.8.8.8 then Google knows what sites you are visiting. Same thing with OpenDNS. Your VPN provider will be able to see all your DNS traffic because it is unencrypted. Best thing to do is to find a VPS provider you trust that doesn't have your private info and roll your own VPN server.

edit: test your dns configuration: https://www.dnsleaktest.com/

There are many ways to identify you even if you're using VPN.

Your dns traffic may be leaking: https://www.dnsleaktest.com/

Browser fingerprint: https://panopticlick.eff.org/

The computer or phone you're using is signed in to Google/iTunes/Facebook/E-mail accounts. LE can go to those companies and ask them which users connected to them at a certain time from the Netherlands VPN server.

PIA may be forced to disclose information on it's users. IP or Account info. They have in the past.

NSA may be collecting metadata on internet traffic. Even if your connection is encrypted they can see for example at 1:15 PM qdash connected to PIA and sent 2345 bytes of traffic, and at the same time PIA sent 2345 bytes of traffic to X website. They'll be able to figure out it was you without seeing what was transferred.

If you want to be secure from gov agencies you'll need to buy a new phone/laptop with cash (each device has a unique id, so they may still be able to track it down to the store and review their camera footage). Don't login to any personal accounts on it. Never use it to connect to the internet from your house or anywhere near your house. Only use open wifi. Don't walk inside the the location that offers the open wifi because you'll be caught on camera. Leave your personal phone at home because its always being tracked. Skip the VPN because it's just another way to identify you. Connect only to encrypted websites and/or use TOR. Even if you do all this you're still not 100% safe.

DNS leak protection is just as important for anonymity as the actual VPN service. I would also recommend PIA.

Here ( https://www.dnsleaktest.com/what-is-a-dns-leak.html ) is a link describing what a DNS leak is, and also here ( https://ipleak.net/ ) is a great website to test how secure your connection is.

I enjoyed it for the time I had it, always make sure your VPN is running when using it for "Frowned Upon" uses if that is your intentions at times. A VPN can leak if you will, PIA does have a kill switch on their client now, but it is not always fast enough. you can read basic information about a DNS leak on DNSLeakTest.

Well all the setup is made on my computer, didn't touch the router The biggest problem is be sure that you are not leaking your DNS I did an overwrite and put google DNS 8.8.8.8 and 8.8.4.4 instead of the usual ones You can do that at the router level or on your own computer (check with https://www.dnsleaktest.com/ if you are leaking or not)

PS: the only reason I am using openVPN over PIA is because I know the protocole used by openVPN and have experience configuring it, and the PIA software is some closed source blob that I cannot trust) And if you need help to automaticly setup the openVPN feel free to PM me Also, are you on windows or Linux ?

PS2: Dont use a proxy for the Deluge client, it just slows down and adds no layer of security at all It shoud'nt make more you more vulnerable, but it is useless

Yeah , in some cases you have a dns leak , in that case your querys are still being sent to your ISP provider , but yeah it is safe to go into http://www.whatsmyip.org/ , and https://www.dnsleaktest.com/ to check your dns servers , if thats all fine then youre good to go .

I had the exact same problem: you're correct, and there is a solution.

You're right: Comcast sniffs for DNS queries and redirects them to their own servers. There are websites that let you confirm this, ~~but I can't find it right now~~ EDIT and I found it! DNS Leak Test*.

The solution is kind of simple: buy your own cable modem. The culprit is Comcast's stock modem/router combo by Arris. The sniffing is all done in that box, not on the network. If you replace that box with your own (the Surfboard brand ones work great) it will fix the problem.

* This website runs some DNS queries from your computer and checks where the return packets are actually coming from. The results should match the servers you think you're using. Sometimes companies will distribute load among several of their own servers, so as long as the owner is who you think it should be, you're fine. E.g. I use Google's 8.8.8.8 server, but my results came from 74.125.177.51, also owned by Google.

Some VPN's are susceptible to DNS leaks though.

https://www.dnsleaktest.com/what-is-a-dns-leak.html

"Under certain conditions, even when connected to the anonymity network, the operating system will continue to use its default DNS servers instead of the anonymous DNS servers assigned to your computer by the anonymity network. DNS leaks are a major privacy threat since the anonymity network may be providing a false sense of security while private data is leaking."

To test your VPN, go here: www.dnsleaktest.com

and run the "extended test".

If any server not belonging to the VPN you're using shows up on the list, your VPN has a DNS leak.

Sounds like Verizon is doing NXDOMAIN hijacking using a transparent DNS proxy. Since standard DNS queries (not DNSSEC) are sent plain text, it is not very hard for Verizon to intercept the NXDOMAIN reply and change it to their search page.

Here are some tests and information: http://dnsleak.com/

https://www.dnsleaktest.com/what-is-transparent-dns-proxy.html

https://www.smartydns.com/support/transparent-dns-proxy-test/

Has he checked to confirm that there is now no leak whilst connected to his VPN by using the testing link above?

Test link 1

Test link 2 - (another site that allows you to test for DNS leaks.)

If his IP shows up in any of the links during a test then he is still leaking information.

He probably has a DNS leak whilst connected to his VPN. Also get him to disable ipv6 as well on his machine.

Get him to test whether or not he has a leak whilst connected to his VPN here, and if he does, then here is a way to fix it (Windows version)

https://www.dnsleaktest.com/how-to-fix-a-dns-leak.html

fully automated dns fix for windows xp/vista/7 if using an open VPN (like PIA)

well, is there an automated fix for newer windows system, or can that not be done? Also, would running the VPN through a macbook laptop be more secure than windows 7?

Windows compromises the whole setup. Never trust a closed-source OS when you expect privacy. Otherwise I use a similar setup.

Host OS(GNU/Linux - Encrypted HDD & /home) > VPN > Guest OS (GNU/Linux - Encrypted VDI & /home) > VPN > Tor (If browsing DN)

The important thing here is making sure your DNS isn't leaking. You can test for that here: https://www.dnsleaktest.com/

You also want to make sure that you aren't using any account that wasn't created with this setup, while using this setup.

A VPN makes it look like you are in another location so yes they would not be able to tell what you are downloading. If you are looking for one I suggest PIA also make sure to get the tools to make sure you do not have a DNS leak when it runs because that can get you if that is happening.

> I have dns protection

> Irrelevant to torrenting

Isn't it relevant to torrenting, though, due to possible internet traffic leaks?

According to http://freedomhacker.net/check-and-see-if-your-vpn-connection-is-secure/:

>As you can see, a DNS leak can be a huge vulnerability. It doesn’t defeat the purpose of a VPN, but it still tells your ISP what websites you visit.

So wouldn't it tell them that the user is visiting piratebay, kat, etc?

Here's some more info on DNS leaks that I found.

Paid VPN is more than enough, a proxy isn't.. just configure your VPN correctly and you'll be fine

1. Enable the VPN kill switch
2. DNS leak protection
3. Check your IP > http://checkmytorrentip.net/ | http://ipleak.net/ | https://www.dnsleaktest.com/
4. Disable IPv6 (or use a client that disables it automatically, like the PIA client)

Yes.. as long as it's paid, has no logs and is properly configured

1. Enable the VPN kill switch
2. DNS leak protection
3. Check your IP > http://checkmytorrentip.net/ | http://ipleak.net/ | https://www.dnsleaktest.com/
4. Disable IPv6 (or use a client that disables it automatically)

Yes.. if you use a Paid VPN and it's configured correctly :)

1. Enable the VPN kill switch
2. DNS leak protection
3. Check your IP > http://checkmytorrentip.net/ | http://ipleak.net/ | https://www.dnsleaktest.com/
4. Disable IPv6 (or use a client that disables it automatically)

Use a paid /r/VPN or /r/Seedboxes or switch entirely to Private /r/trackers

Yes, they could be easily. I know Comcast use to, no idea if they still do, I stopping using them long-along.

As for preventing, you can either pipe it through a mechanism that's not standardized (See:- Tor's TCP DNS, Linux command tor-resolve, it takes awhile and can easily be attacked, I recommend not using it):-

>$ tor-resolve example.com

>93.184.216.119

>$ host example.com

>example.com has address 93.184.216.119

Or OpenDNS's 'DNSCrypt' (Better than Tor's still relatively poor):-

http://www.opendns.com/about/innovations/dnscrypt/

Personally? I'd email your ISP and tell them to stop fucking with your shit... that, or, just use a simple IPTables script to move it from UDP:53 to UDP:54 or something simple like that, I highly doubt your ISP is DPIing every port on every protocol. You'd need to find a UDP server that accepts it on port 54, or, roll with your own.

EDIT:- You can check if they're doing it here (Although, not 100% accurate, they could still be modifying it on the return... so, basically, if they don't want you to know they're doing it, you don't know):-

https://www.dnsleaktest.com/

> Do I need to configure the proxy in uTorrent?

No

1. Enable the VPN kill switch
2. DNS leak protection
3. Check your IP > http://checkmytorrentip.net/ | http://ipleak.net/ | https://www.dnsleaktest.com/
4. Disable IPv6 (or use a client that disables it automatically, like the PIA client)

Just make sure you configure the VPN correctly..

1. Enable the VPN kill switch
2. DNS leak protection
3. Check your IP > http://checkmytorrentip.net/ | http://ipleak.net/ | https://www.dnsleaktest.com/
4. Disable IPv6 (or use a client that disabled it automatically, like the PIA client)

From what I can tell.. you just run their client (properly configured)

1. Enable the VPN kill switch
2. DNS leak protection
3. Check your IP > http://checkmytorrentip.net/ | http://ipleak.net/ | https://www.dnsleaktest.com/
4. Disable IPv6 (or use a client that disabled it automatically, like the PIA client)

You might need to do some port-forwarding.. but I'm not sure (I don't use a VPN)

Now that you have a <strong>VPN</strong> (PIA), make sure that it's configured correctly..

1. Enable the VPN kill switch
2. DNS leak protection
3. Check your IP > http://checkmytorrentip.com | https://www.dnsleaktest.com/
4. Disable IPv6 (or use a client that disables it automatically, like the PIA client)

Once your VPN is properly configured, you are no longer at risk.. enjoy :)

1. Read > /r/opentrackersdotorg/comments/1y7dq0/how_to_avoid_antipiracycopyright_trollsetc/
2. Enable the VPN kill switch
3. DNS leak protection
4. Check your IP > http://checkmytorrentip.com | https://www.dnsleaktest.com/
5. Disable IPv6 (or use a client that disables it automatically, like the PIA client)

1. Enable the VPN kill switch
2. DNS leak protection
3. Check your IP > http://checkmytorrentip.com | https://www.dnsleaktest.com/
4. Disable IPv6 (or use a client that disables it automatically, like the PIA client)

I was using nordlynx last night and while i was attempting to download a torrent i was getting extremely slow speeds.

i asked for some advice on nordvpn discord and someone suggested i use the openvpn(udp) setting and my download speed increased instantly.

&#x200B;

i checked on https://www.dnsleaktest.com/ if i was still protected and i was. so, i dont see a problem.

Domain Name System translates human readable addresses into IP locations understandable by networking equipment.

Run this on both: https://www.dnsleaktest.com/

When a dns request is failing (due to server being down for example) your www.example.com cannot be translated into IP (like 192.168.1.1) and subsequent request for content will fail.

See if you can change isp to whatever your local cable company is, usually cheaper and less BS. You may have been targeted if your using a lot of bandwidth.

You most likely have a dns leak. https://www.dnsleaktest.com/what-is-a-dns-leak.html

Time to upgrade your experience and join usenet.

I've used two different VPN providers and if you use their app it goes through their DNS server. Here's how I "fixed" it:

• Router DNS config points to RPI(s)
• RPI has openvpn client configured to always use the VPN. All traffic (including DNS requests) should go through the VPN.
• Desktop uses OpenVPN client instead of the VPN Provider's client. In the *.ovpn file that you use to connect to the VPN server add the following (probably near the top): --- dhcp-option DNS RPI_ADDRESS_HERE This makes the VPN client use your DNS server.

Test with https://www.dnsleaktest.com. If you only see your VPN provider you should be good.

If you want to be extra paranoid, setup Unbound on the RPI, but still keep the openvpn connection on the PI.

The way these tests work is by requesting a unique hostname and seeing what IP is doing the recursive resolving. If it's the DNS servers you're using it'll show those, if your ISP MITMs your DNS traffic to use their own caching, it'll be your ISP's servers doing the recursive resolving and as such will show on those tests.

That being said, the site linked by OP isn't very clear, this one works better.

In my student accommodation any traffic bound for DNS was intercepted... to a server that often had outages, to work around it I had to tunnel my DNS queries.

Woodynet is PCH who partially owns the Quad9 DNS service. If you go to the system's network setting page, do you see the pihole ip as your DNS server? You should also check https://www.dnsleaktest.com to see what's going on. This will allow us to investigate/help further.

Can you share your exact Firefox proxy settings?

If you have any IP in the "No Proxy for” box, Firefox will attempt to resolve names to IP addresses (using resolv.conf) before choosing whether to proxy out via Squid. Try blanking out "No Proxy for” and run the test again.

It is possible your ISP is intercepting UDP/53 traffic with their own nameserver, but if that were the case you'd expect other tests to show the same results...