ignoramous
commented
6 months ago Do you have Configure -> DNS -> Show website icon in DNS logs enabled?
Which website are you using to test DNS leaks? What output do you see with browserleaks.com/dns?
Closed SevenFactors closed 5 months ago
ignoramous
commented
6 months ago Do you have Configure -> DNS -> Show website icon in DNS logs enabled?
Which website are you using to test DNS leaks? What output do you see with browserleaks.com/dns?
YellowRoseCx
commented
6 months ago Check to make sure your browser settings and your phone connection settings isn't using a Google DNS server or else it will use both as you're experiencing Also, I like to check with https://ipleak.net
I have my DNS setting set to my NextDNS TLS URL in my Android connection settings, my NextDNS DNS over HTTPS set in my browser settings, and my NextDNS DoH set in the Rethink App and I only see my NextDNS server when I check it
SevenFactors
commented
5 months ago Please excuse the late reply. Due to life events I was not able to reply sooner.
I can confirm the issue manifest when "Show website icon in DNS logs" setting is enable. The setting is experimental and this reads that icons are retrieved from nextdns.io and duckduckgo.com
ignoramous
commented
5 months ago Disable Show website icon in DNS logs (turn it OFF) and then test for "leaks"? I usually use, browserleaks.com/dns. Thanks.
SevenFactors
commented
5 months ago Disable
Show website icon in DNS logs(turn it OFF) and then test for "leaks"? I usually use,browserleaks.com/dns. Thanks.
With the option disabled there is no issue. I will just leave it off for now. After all, it is in a experimental stage.
ignoramous
commented
5 months ago After all, it is in a experimental stage.
To be clear, turning Show website icon in DNS logs ON doesn't leak DNS. It confuses the remote server attempting to detect "leaks".
brookzee
commented
5 months ago After all, it is in a experimental stage.
To be clear, turning
Show website icon in DNS logsON doesn't leak DNS. It confuses the remote server attempting to detect "leaks".
Issue should remain open.
This is not true, atleast on my device build. I can confirm after weeks trying to figure out where the Google LLC leaks were coming from (same as OP's issue) Including testing various DNS providers, auth methods, and Firefox about:config settings, simply turning this setting OFF fixed the leaks.
The leaks were only visible on browserleaks.com/ip Using dnsleaktest.com or ipleak.net did not detect them FYI with the setting ON
user-agent: Mozilla/5.0 (Linux; Android 14; Mobile; rv:12 7.0) Gecko/127.0 Firefox/127.0 app-version:0.5.5e
Can provide more device debug info if required.
ignoramous
commented
5 months ago This is not true
Web-based services like dnsleaktest.com etc don't really test for "leaks" (they can't), but rather test for something adjacent to a "leak". What they classify a leak needn't be one.
To understand how these tests work, there are many open source versions of these "leak tests", one of which you can find here: https://github.com/redirect2me/which-dns?tab=readme-ov-file
brookzee
commented
5 months ago Okay good to know but The Google LLC leak as shown and same as OP issue was from browserleaks.com check. Again turing OFF show icons fixed the issue. Maybe the function of it has a bug or there was some favicon surveillance plant file downloaded somehow in that storage location that was able to call out.
On Fri, Apr 26, 2024, 17:25 ignoramous @.***> wrote:
This is not true
Wev services like dnsleaktest.com etc don't really test for "leaks" (they can't), but rather test for something adjacent to a "leak". What they classify a leak needn't be one.
There are many open source versions of these "leak tests", one of which you can find here: https://github.com/redirect2me/which-dns?tab=readme-ov-file
— Reply to this email directly, view it on GitHub https://github.com/celzero/rethink-app/issues/1282#issuecomment-2080136887, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJLXX2IO6MM6GSDJMSVOFKDY7LA5BAVCNFSM6AAAAABEVJVL46VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBQGEZTMOBYG4 . You are receiving this because you commented.Message ID: @.***>
okcprime
commented
3 days ago its not DNS leak . NextDNS has Their Assigned Servers hosted in differrent Cloud platform some of them are Hosted using GCP and thats what shows GOOGLE LLC ( ISP ). Nextdns servers anexia , vultr , bom , lightnode , greencloud etc uses different ( Exit node , entry node ) in various GCP , AWS , AZURE platform those infrastructure belings to Amazon , google , microsoft etc .
and For NEXTDNS do not use any thirdparty App . either use Tailscale ( override local dns + NextDNS) or Just DoH , DoT setup as documented in Nextdns .
Note DNS LEAK = if in a test you see your own ISP DNS IP ADDRESS for India JIO has 2 DNS IP , AIRTEL has 2 DNS IP , BNSL has 2 DNS IP .
so apart from those your carrier DNS IP if you see something else than Its not DNS LEAK
example
if DNS test shows IP range of 49.4x.xxx.xxx ( which is JIO ISP DNS ip snet than its DNS LEAK. apart from this if you see any other IP in DNS section than its not DNS leak.
TO check DNS LEAK and Encryption intake or not , You can use either tshark or wireshark ( ref to proper wireshark documentations )
verify NEXTDNS
https://test.nextdns.io note down which Exit node you are connected ( anexia , bom , vultr etc ) look for PROTOCOL and SERVER tag
now start TSHARK in termux , WSL or Linux terminal
Tested on Rethink App ver 0.55a (fdroid) & now ver 0.5.5c (github) both on regular android 10 and GrapheneOS (latest)
Issue
While testing for DNS leaks I came to notice some odd results. Besides my custom set DoH (NextDNS), I get a bunch of Google DNS results all from a different city/state. The only local result is my set DoH provider.
The only result I should be getting is NextDNS or whatever DNS provider I set sans any other DNS provider IPs but for some reason this is happening.
// Is this happening to anybody else? //
Things to Note
I tested same NextDNS profile on said devices sans Rethink app and the results I got only showed the expected NextDNS IP, server name etc.
I have Rethink-App's Fall Back DNS to None
Tested with and without "Block Connection without VPN"
I've tested with Cloudflare DoH/DNScrypt and also got the same results.
Quad9 yielded the same results but after lots of tests results are from Quad9 (Woodynet)
I don't want to keep running back to back test as I don't want to run into issues with mullvad.
I also ran some "extended" tests at dnsleaktest.com but these only yield my set DoH IP.