Does DNS over TLS negate the need to block DNS leaks?



  • I currently use an alias for all my VPN hosts that allows me to force any DNS requests from them out via the VPN gateway preventing DNS leaks. Would I be right in assuming that this is no longer required when using DNS over TLS? And while my DNS requests would leak, the packets would be encrypted so largely useless to an ISP hoping to snoop on their customers?


  • Rebel Alliance Developer Netgate

    It depends on which part of "leaks" you don't like.

    Some people don't want requests going outside of the VPN because the queries are sent in the clear – DNS over TLS helps here

    Some people don't want requests going outside of the VPN because the target DNS server(s) see the client's real address -- DNS over TLS does nothing for this, only sending the query across the VPN will obscure the original client address.



  • Makes sense, thanks.


Log in to reply