DNS queries for ALL blocked programs leak when DNS is proxied over loopback

henrypp / simplewall

Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer.

GNU General Public License v3.0

6.03k stars 478 forks source link

DNS queries for ALL blocked programs leak when DNS is proxied over loopback #1731

Closed ghost closed 5 months ago

ghost commented 6 months ago

SimpleWall gives priority to "Allow Loopback for All" over all other rules. If Windows is set to proxy all DNS queries via loopback address, then SimpleWall cannot block DNS queries for any program. In such a case, all blocked programs leak DNS queries. This only happens if programs use DNS proxy, such as DNSCrypt-Proxy. The only way around this is to disallow loopback for all and create loopback rules for every program individually and too many programs use loopback.

ghost commented 5 months ago

This is specific to DNSCrypt-Proxy. Closing the issue.