Need help understanding DNS Leak

mpboden

I'm basically trying to understand if I have a DNS Leak or if I actually understand the topic or not.

When I go to https://www.dnsleaktest.com/, the IP address does not match my WAN IP nor my IPS's DNS servers, but it points to a Cloudflare server.

For the above test, I used the following settings:

• I'm on the most current version of pfSense:
  

• I'm not using a VPN.

• I have DNS Resolver enabled and DNS Query Forwarding is unchecked.
  
  

• Under System/General Setup, I do not have any DNS servers listed and I have DNS Server Override and Disable DNS Forwarder unchecked.
  

• Under Firewall/NAT/Port Forward, I have the following rule:
  

• This creates the following LAN rule, which is first LAN rule after Anti-Lockout rule:
  

• Client is configured with DHCP and results in the following:
  

............................................................................................................................................................................
I also did a couple of tests to see the results.

• When I manually set the DNS servers on the client to Googles DNS, I still get Cloudflares server during the leak test, which is the same as before. I'm expecting Google's DNS servers to not show up because of my port forward rule.
  
  

• However, when I disable the port forward rule and retain the Google DNS servers on the client, I still get the Cloudflare server at https://www.dnsleaktest.com/. I would expect Google's DNS servers to show up. Am I missing something?
  
  
  

............................................................................................................................................................................

So in conclusion, either I have some settings wrong in pfSense or I don't understand the topic. Can anyone please provide more information for me? It would be greatly appreciated.

Does the DNS Leak Test only apply when using a VPN?
Are the Cloudflare servers the servers DNS Resolver is using so seeing them in the leak test is expected?
Why am I unable to override the DNS servers specified in client when the Port Forward rule is disabled?

Thank you!

Mike

bmeeks

Yes, a DNS Leak Test is only valid when you use a VPN. Go to the web site you linked and then read the topic "What is a DNS Leak?". There is a link near the top of that page.

What you are seeing otherwise is simply the public IP block "owner" of the IP address your provider is giving you for your WAN IP.

A "DNS Leak" means that when using a VPN, your DNS traffic does NOT go through the VPN and instead goes out in the clear to another server. Hence the term "leak". With a VPN configuration, the preferred path is for ALL traffic to go through the VPN tunnel.

mpboden

@bmeeks said in Need help understanding DNS Leak:

Yes, a DNS Leak Test is only valid when you use a VPN. Go to the web site you linked and then read the topic "What is a DNS Leak Test?". There is a link near the top of that page.

What you are seeing otherwise is simply the public IP block "owner" of the IP address your provider is giving you for your WAN IP.

A "DNS Leak" means that when using a VPN, your DNS traffic does NOT go through the VPN and instead goes out in the clear to another server. Hence the term "leak". With a VPN configuration, the preferred path is for ALL traffic to go through the VPN tunnel.

Thanks for clarifying. That helps a lot.