Gedsh
commented
4 months ago From the link above:
Findings Identified scenarios where the Android OS can leak DNS traffic: 1.If a VPN is active without any DNS server configured. 2.For a short period of time while a VPN app is re-configuring the tunnel or is being force stopped/crashes.
1.In case the user is using InviZible 24/7 with the Block connection without VPN option enabled, this can only happen after restarting the phone when InviZible is not running. But this leak is only caused by the browser, which is usually not started with android system. In any case, nothing can be done as obviously InviZible can't handle traffic if it is not running. There are no other cases where DNS servers are not configured in InviZible.
- When InviZible re-configures the tunnel, it completely blocks all traffic. InviZible never stops the VPN tunnel while it is running. It uses special technology to seamlessly switch over if the tunnel needs to be restarted.
I constantly check InviZible for leaks and can confirm the above described in practice. When InviZible is running, there are no leaks mentioned above. But if you can reproduce a bug, you are welcome to report it.
P.S. It is also a good idea to enable the Ignore System DNS option in the DNSCrypt settings. InviZible uses special restrictions for DNS when this option is enabled. https://github.com/Gedsh/InviZible/wiki/DNSCrypt-ignore_system_dns
According with the recent report from Mullvad VPN and confimed by Graphene OS, when a VPN service is selected and active in Android but DNS option is off, there is a DNS leacking.
Since Invizible force to set OFF the VPN native option in Android, this leaking needs to be confirmed in Invizible as well.
Some info:
https://x.com/mullvadnet/status/1786403243418939527
https://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android