Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Leak while trying to route DNS queries through VPN

    Scheduled Pinned Locked Moved DHCP and DNS
    4 Posts 2 Posters 336 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Grid3374
      last edited by Grid3374

      Hi everyone,

      I have a Nord VPN gateway configured though which I am routing alias hosts.
      The gateway is mainly used for Chromecast to circumvent geo-locked TV app.

      When I run Nord VPN as an app on Chromecast - everything works.

      When I try to route the Chromecast (with Nord VPN disconnected) - I get DNS leaks and the app can't access the service.

      rules
      DNS (general setup)

      Any suggestion would be helpful.

      Thank you!

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @Grid3374
        last edited by

        @Grid3374
        Are you sure, that the stated DNS server in the rule is used by the client?
        Obviously it isn't as the rule doesn't shoe any hit.
        If the client requests any other server, it is passed by the third rule.

        The DNS settings in System > General setup are only applied to pfSense itself, not to clients.
        For clients if they use a DHCP, you have to state the DNS server to use in the DHCP server settings.

        However, easier than this is to forward any DNS traffic to a public server. So in the port forwarding rule you have to state "any" as destination and set your desired DNS server in the target.

        DoT cannot be forwarded, so I'd suggest to block it. As well consider to block DoH with pfBlockerNG.

        G 1 Reply Last reply Reply Quote 0
        • G
          Grid3374 @viragomann
          last edited by

          @viragomann

          OMG. Thank you!

          You saved me hours of misery and wasted time! 😂

          Tried everything you wrote.

          I had the wrong DNS entered. The IP I entered was used by Nord VPN win app when connected to the server I configured for the tunnel.
          The rule was not getting any hits at any point.

          For DNS in System>General setup - I removed everything except 9.9.9.9

          I had my Chromecast IP statically mapped and what did the trick was simply adding Nord's DNS in the target, as you wrote (103.86.96.100).

          It is still showing as "leaking" but the app is able to go around the geo-block.

          "However, easier than this is to forward any DNS traffic to a public server." - which public server?

          Will need to look into Dot and DoH and pfBlocker later.

          Again, thank you!

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @Grid3374
            last edited by

            @Grid3374 said in DNS Leak while trying to route DNS queries through VPN:

            "However, easier than this is to forward any DNS traffic to a public server." - which public server?

            You can use any public server.

            The points are that you forward any DNS traffic to a public server and policy route any DNS traffic (to this server) from the certain source devices to the VPN server. So all DNS traffic goes out over the VPN and hence get the VPN providers public IP.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.