Archive > 21.7 Legacy Series

DNS leaks, even after DNS catch-all port forward

(1/3) > >>

Nikotine:
I have setup DNS over TLS with Cloudflare servers and I want all my local clients to use that DNS provider.
I have a NAT port forward rule that redirects all DNS queries to the firewall.
It is working on a firewall group, containing all my VLANs.



I have setup my pc to use 8.8.8.8 as DNS server, to test.



The firewall logs show that the DNS requests are forwarded to localhost (I am 10.25.9.10).
Immediately after I see the request go out to Cloudflare.



Yet dnsleaktest.com shows that I'm still using Google's DNS servers...



I'm doing
--- Code: ---ipconfig /flushdns
--- End code ---
in between tests.
How can I close this leak?

opnfwb:
Which browser are you using? Chrome may be bypassing your settings and using Google's DNS servers regardless of what you have specified on the network.

I'd try with either FireFox or Vivaldi and see if you can duplicate the results just to rule out DoH hidden in a browser setting.

abulafia:
To be more specific, chrome could be using DoH = DNS over Https, which would bypass your redirect of port 53 traffic.

Also consider that you may need to block/redirect ports 784 / 853 (?) For DNS over Quic / TLS traffic.

Nikotine:

--- Quote from: opnfwb on September 16, 2021, 05:53:46 pm ---Which browser are you using? Chrome may be bypassing your settings and using Google's DNS servers regardless of what you have specified on the network.

I'd try with either FireFox or Vivaldi and see if you can duplicate the results just to rule out DoH hidden in a browser setting.

--- End quote ---
This is in Chrome and you are right, it doesn't happen in Firefox!


--- Quote from: abulafia on September 16, 2021, 06:37:39 pm ---To be more specific, chrome could be using DoH = DNS over Https, which would bypass your redirect of port 53 traffic.

Also consider that you may need to block/redirect ports 784 / 853 (?) For DNS over Quic / TLS traffic.

--- End quote ---
But looking at the logs, it seems the request to 8.8.8.8 goes out via port 53, which I'm already redirecting. So how is Chrome reaching its DNS server?

opnfwb:
I actually don't use Chrome (can't stand Google's stuff). However, based on this thread I think you can manually change Chrome's DNS here.
https://support.google.com/chrome/thread/115313308/how-to-change-chrome-secure-dns-settigs?hl=en

Navigation

[0] Message Index

[#] Next page

Go to full version