DNS Leak

RASelkirkRASelkirk
in General VPN Support
Hi All,

What's up with this? When I run the check I get two different results during the same check, in the same window. So, which is it? I can rerun the check and the results will be flipped (red on top, green on bottom)...

Russ



Comments

  • Omnibus_IVOmnibus_IV
    edited February 2018
    Since you did not tell us what test site was used, we cannot make a determination. Recommend you used ipleak.net. If the results are like that in the green box above you should be good.

    So, what test site did you use?
  • RASelkirkRASelkirk
    The one listed on this site's support page: http://dnsleak.com/. I ran the ipleak test and got the same result except three diff servers. The two blurred IP's are not exactly what I see with PIA inactive, but they do identify my provider...

    Russ



  • [Deleted User][Deleted User]
    Do you have DNS Leak Protection enabled in the app's Advanced Settings? If not, please make sure you check that option.

    The reason you're seeing 2-3 different DNS servers is because some of your DNS requests are being tunneled through the VPN, and some are not. 

    If you don't have DNS servers manually configured, it's possible that any time your system is assigned a new IP address via DHCP, your DNS settings will be overwritten. The best way to resolve this is by configuring PIA DNS manually to prevent your DNS requests going through your ISP, or anyone other than PIA.
  • planetm115planetm115
    PIAColleen said:
    If you don't have DNS servers manually configured, it's possible that any time your system is assigned a new IP address via DHCP, your DNS settings will be overwritten. The best way to resolve this is by configuring PIA DNS manually to prevent your DNS requests going through your ISP, or anyone other than PIA.
    Does it have to be OpenDNS?  Can I use another DNS server of my own choosing?
  • [Deleted User][Deleted User]
    @planetm115, we recommend PIA DNS — OpenDNS can actually cause issues with PIA. The PIA application will always attempt to use PIA DNS for your DNS requests. If you want to use another set, then setting up your service through OpenVPN might fit your use case better. 
  • RASelkirkRASelkirk
    I uninstalled/reinstalled PIA and it's only finding the one server I'm connected to now. Apparently, the original install was corrupted, as I'm now seeing a few additional PIA services in TM that weren't there before...

    Russ
  • [Deleted User][Deleted User]
    @RASelkirk, it sounds like that might be possible. Are you now seeing the full list in Task Manager?
  • planetm115planetm115
    edited February 2018
    @planetm115, we recommend PIA DNS — OpenDNS can actually cause issues with PIA. The PIA application will always attempt to use PIA DNS for your DNS requests. If you want to use another set, then setting up your service through OpenVPN might fit your use case better. 
      The setting for PIA DNS using
     
    1. Enter 209.222.18.222 for the Preferred DNS server.
    2. Enter 209.222.18.218 for the Alternate DNS server.

    Is that the one?

    ~

    I'm also thinking about using Quad9.  Will that work with PIA?

  • RASelkirkRASelkirk
    PIAColleen said:
    @RASelkirk, it sounds like that might be possible. Are you now seeing the full list in Task Manager?

    At first it seemed like it, wish I'd taken a screenshot. Here's what I have now:


    Maybe if you told me what program you used to see the results in that thread...

    Russ
  • RASelkirkRASelkirk
    And here's what I see in my TCP stack.



    Russ
  • planetm115planetm115
    edited February 2018
    @PIAColleen, are you still around?

  • [Deleted User][Deleted User]
    Yup, apologies! Just returned from my weekend. 

    @planetm115,  209.222.18.222 and 209.222.18.218 are indeed our DNS servers. If you want to use third party DNS with PIA, we recommend configuring your service through OpenVPN since the PIA app will always attempt to use PIA DNS first. 

    @RASelkirk, I just used Task Manager to see the processes PIA runs. Here's what I see with the VPN connected:
     




  • planetm115planetm115
    edited March 2018
    @PIAColleen, the thing is when I use PIA's DNS settings, my traffic slows down significantly.  It seems to work just fine using OpenDNS settings.  Now why is that?

    I'm not sure I want to go through setting up OpenVPN.  I usually go with "If it ain't broke, don't fix it" but somebody turned me on about Quad9 and that's why I brought it up.
  • Omnibus_IVOmnibus_IV
    Is OpenDNS safe for use on VPN? That is the $64,000 question.
  • Max-PMax-P
    Omnibus_IV said:
    Is OpenDNS safe for use on VPN? That is the $64,000 question.
    OpenDNS is known to block PIA's servers once in a while. We definitely recommend using PIA's DNS when on the VPN however because each VPN server has its own DNS server dedicated to the VPN clients (that's why your DNS IP always shows as the gateway IP and not PIA's DNS IP). This should also in theory mean it's the fastest you can get because it's localhost relative to where the VPN exits. There is a drawback to this however: unless someone else on the same server visited a site recently, it's not going to be in the cache so the first lookup could be slower than Google's DNS or OpenDNS.

    I've found PIA's DNS to be a bit underwhelming when used outside of the VPN however, in which case I prefer to use my ISP's default DNS instead as theirs seems to be somewhat local (therefore low latency) and they don't appear to mess with DNS so no reason to use OpenDNS or Google's DNS here.
  • planetm115planetm115
    Max-P said:

    I've found PIA's DNS to be a bit underwhelming when used outside of the VPN however, in which case I prefer to use my ISP's default DNS instead as theirs seems to be somewhat local (therefore low latency) and they don't appear to mess with DNS so no reason to use OpenDNS or Google's DNS here.
    Interesting you should say that.  So if I use my local ISPs DNS settings, there's no risk of my local ISP peeping into my tunneling using PIA?
  • Max-PMax-P
    @planetm115 No, that's not quite what I meant.

    DNS is a service that's accessed over IP and its role is to take addresses like example.com and then translate that into an IP address the computer can use.

    There are three situations that can happen:
    1. Connecting to PIA's VPN, and using PIA's DNS servers through the VPN. This is the preferred method, and the only one that guarantees your ISP only sees encrypted PIA traffic, because it is not involved. This is what a system without the so called DNS leaks do.
    2. Not being connected to PIA, and using your router's DNS, which it will then forward to ts own configured DNS for you. This is done so that if the ISP's DNS changes, the router doesn't need to update all the computers with new DNS servers, it just starts forwarding to the new one on behalf of the devices on the network.
    3. You can have an incomplete VPN connection and have what we call a DNS leak. In this case, you are connected to the VPN and your IP traffic is going through the VPN, but your computer somehow still uses your router's DNS. This is a situation that shouldn't happen, but it tends to happen a lot still because lots of things fight with eachother to configure the network.
    Situations 2 and 3 both sends your DNS traffic to your router, and this is where things gets a little interesting. This is where we then have three more options:
    1. Your router can be using your ISP's DNS, which is the default and what most people use.
    2. You can use a third-party's DNS like Google's DNS or OpenDNS.
    3. You can use PIA's DNS, which technically counts as a third-party DNS but has special properties when you have situation 3 above.
    With all three options, your ISP can see the entirety of your DNS requests and get a general idea what you are doing on the Internet despite not seeing the actual traffic you send to those sites. Now, if you are connected to the VPN and leaking DNS, this is what these options will also do for you:
    1. When using your ISP's DNS, any website you visit can easily know your ISP and can generally use this data to have a pretty good approximate of your actual location, or maybe even find out your real IP address. Not great for sure.
    2. When using a third-party's DNS, this third-party then also knows what kind of sites you visit and also have your real IP since your router is doing the request, not your computer where the VPN runs. The websites you visit can also have a vague approximation of your real location by knowing which server of the third-party you are hitting, which usually have servers in mutliple regions announcing the same IP for performance reasons.
    3. When using PIA's DNS, this is where it gets interesting. It will still go to the closest server, but it will at least go to a PIA server. That means websites will only see that you are using PIA, possibly with a mismatch between the DNS server you use and the VPN server but it will still show both as PIA. The catch is that since your router is still doing the DNS request for you, it still goes through your ISP.

    So ideally, when using the VPN you don't want any DNS leaking outside of the VPN. However, if you do leak, then what DNS your router uses will affect the final outcome of it in different ways, and this may range from okay to really bad depending on who you want to hide your Internet activity from.

    I hope this is clearer!
Sign In or Register to comment.