Hello all! I have a Pi Hole doing my DNS running Unbound, and all devices on my network automatically are directed to 192.168.1.3 which is it's IP address via DHCP. I have network-wide ad-blocking and thought everything was just fine.
I followed the WireGuard Selective Routing guide to add my ProtonVPN account, did the rules and single gateway and followed every step as good as I could possibly understand. The tunnels are established and I *thought* everything was fine .. it says my IP address is the VPN IP and I can happily switch hosts on and off between the VPN which I was really pleased with, so again, thought everything was fine, until I stumbled onto this site: https://mullvad.net/en/check
and all of a sudden it says my DNS is leaking, and my mind is absolutely blown away that it has my exact unencrypted IP and city where I live.. How could this happen?!
I checked from a client which is going through this local gateway and as far as I know is supposed to be using my Pi Hole, so I am very concerned and not sure how to proceed
Thanks very much
How are you checking that the pi hole is being used? How are you blocking DNS?
DoH is difficult to block and enabled by default with Firefox. Some other things use it as well to get around DNS filtering.
Hi,
I don't know if I understand you correctly. But your local unbound DNS resolver really knows what hostnames you looked up. So yeah you're leaking this kind of data to your pi hole.
That's what it says.
However, your pi hole could connect via VPN to hide your original IP. To identify roughly your location an IP address is enough.
Quote from: CJ on October 24, 2023, 02:37:21 PM
How are you checking that the pi hole is being used? How are you blocking DNS?
DoH is difficult to block and enabled by default with Firefox. Some other things use it as well to get around DNS filtering.
I have tried to ping flurry.com for example, or visit other websites and have no ad-blockers or in-browser tools being used.
ipchicken.com will report I am connected through my VPN as expected, then my jaw drops when I go to the Mullvad DNS leak test, because it somehow knows my home IP! What a disaster
The biggest problem is that a VPN doesnt really protect your identity. The moment you use a browser, or use services that require an account, your identity can be revealed through profiling your behavior. (Fingerprinting)
If you are so concerned about your identity, then you should use TOR (the onion router) and the browser from that project. There everything you do gets sent through multiple nodes and everything is almost perfectly anonymized.
Quotebecause it somehow knows my home IP! What a disaster
It does know your DNS server's IP. At least given you're talking about the leak test.
Frozen, if I use Mullvad's check while on VPN it does not know my home static IP. Is there a problem with your protonVPN connection, or routing things through it? This should have nothing to do with Pi hole.
Please clarify the exact context of your problem.
Quote from: frozen on October 24, 2023, 05:16:34 PM
I have tried to ping flurry.com for example, or visit other websites and have no ad-blockers or in-browser tools being used.
ipchicken.com will report I am connected through my VPN as expected, then my jaw drops when I go to the Mullvad DNS leak test, because it somehow knows my home IP! What a disaster
As I mentioned, if you're using Firefox, DoH is automatically enabled and will bypass your pihole. Additionally, ping and browsers are not what you want to use for testing. Something like dig or nslookup will allow you to determine what DNS servers are being used as well as test different ones to see any differences.
Quote from: Monviech on October 24, 2023, 05:33:09 PM
The biggest problem is that a VPN doesnt really protect your identity. The moment you use a browser, or use services that require an account, your identity can be revealed through profiling your behavior. (Fingerprinting)
If you are so concerned about your identity, then you should use TOR (the onion router) and the browser from that project. There everything you do gets sent through multiple nodes and everything is almost perfectly anonymized.
TOR doesn't help if you sign into something while connected. :) A couple people have been caught that way.
Additionally, if you can get access to enough exit nodes (I forget the exact numbers), you can determine who is sending what. Admittedly, the scale is large enough that only nation states would be able to do it, but it's possible.
First off, Mullvad is trying to scare anyone into using their services. The site cited also tells you you are unsafe because you don't use Mullvad VPN. You better check with https://www.dnsleaktest.com, which will even tell which DNS providers are being used.
Second: Understand first what a DNS leak actually means: When you request a DNS name, you "leak" that information to whoever you actually ask. Other than doing all DNS lookups yourself, you WILL leak that info to SOMEONE. Also, if you do not use DoH or DoT, at least your ISP can see what your are asking for even if you do not use their DNS servers.
Firefox actually uses DoH and many other aplliances or Apps may use whatever they like for DNS requests. So, they may "leak" that info to some DNS providers.