I’ve tested quite a few dns leak tests and only browserleaks.com shows that I have over 30 Servers and 3 ISP’s. Is this a leak and what can I do about it? Using Tor Browser. Thank you.
This is normal. It’s the exit node’s DNS. I just tested with TB and it’s showing six servers ranging in locations from the US to Germany and the Netherlands. The exit node location is the US.
my test only shows one IP, my public IP and one DNS, which is the same IP address.
Mate, you WANT that DNS to leak like a sieve when using TOR.
Spread those queries here, there and everywhere.
Give no one place enough info for Those Who Do Evil to track you.
Have you noticed that this test browserleaks.com in particular leaks more DNS’s than all of the others? This has been the case for me and I’m wondering why this one shows more DNS addresses while the other don’t do that.
You used Tor Browser or something else? Many people have been telling me that showing multiple DNS’s on TB is normal.
Did you test using Tor Browser? OP’s question is related to DNS queries on Tor Browser.
Nice so it’s a good thing. Is it normal on a non Tor Browser and using VPN with multihop? IP address is different from DNS addresses. And I say addresses because it found two DNS’s. Is that because of the multihop?
i used firefox. didn’t think the browser made a difference. my bad
Nice so it’s a good thing.
I think so. Upon thinking about it more since the first answer, having every DNS resolver under the sun randomly resolving things will make lives harder for our Benefactors.
As an aside, I just tested my TOR and it came back with 50 resolvers in 2 counties.
Is it normal on a non Tor Browser and using VPN with multihop? IP address is different from DNS addresses. And I say addresses because it found two DNS’s. Is that because of the multihop?
I think I understand your question, but if I may, I can answer it another way…
The DNS “used” by TOR isnt “on” your local PC. The DNS is done by the very last end-point on your behalf.
e.g. lets pretend you pop out in Hamburg Germany. The champion who set up that node would have configured it to resolve to those German DNS’s (I *think* it may be the default config that does it). Its likely they would have also set some DNS’s from ISPs in some of the local/neighbouring countries.
Now, your own DNS does nothing. Well, it resolves the first input node, but that is all. Each step along the chain is all but transparent to you.
I hope that makes sense (and I’m not mansplaining to you!)
…
Next part, IF one is using a VPN, it is *normal* for the VPN to connect to a known IP, or range of IPs. This will stop your local (or providers) DNS knowing what you might be up to. e.g. they don’t see a resolving request for `japan.NaughtyVPN.com`
They will see the IP it connects to, and they can draw their own conclusions from that, but they don’t know it for a FACT.
After that, the VPN will do all the DNS for all traffic shoved down it (or it should)
…
Next, Multi-Hop… what happens is your VPN then VPNs to another input point. I think you get that. Its just like chaining them together. Its almost a mini-TOR in a way (but it isn’t really, cos the VPN still knows ALL)
One should see only the single DNS. → the ones at the endpoint. Thats up to the VPN provider.
It is completely normal to see two. This will be usually two from the same provider, or even the DNS of the VPN provider plus another global provider.
…
There is more one can do. But this is getting too long.
DNS is absolutely critical. I believe not enough is done to protect users against predatory providers.
I strongly suggest reading up about DNS over HTTPS in your browsers, email and network configuration. Read this: https://adguard-dns.io/en/public-dns.html (see section: OurServer Addresses)
…
Edit - I would like to add, that if I can help further, just ask. ALSO, set your browser to use the DNS over HTTPS in the link above. This will STOP your ISP and VPN from seeing your DNS activity. The DNS will NOT be resolved by them (ISP/VPN), but by Adguard (or Cloudflare, which are equally as excellent).
Edit 2 - fixed URL
Thanks for the explanation. One question. If you trust your VPN which you have to, wouldn’t it make more sense to not use DNS over HTTPS and just have your VPN take care of the DNS?
My thinking says not.
I don’t trust the VPN. We’ve all heard “no logs” and it turns out they are a front for the CIA or CCP:)
By using the VPN, they are my IP traffic carrier only. Nothing more.
By using HTTPS in my browser they see the domain I visit. They don’t see the pages or content, but they know the domain. By adding DNS over HTTPS, they see even less.
They will only see the IP address. These are usually shared, rotate or change on multiple hosting servers. So information must be gathered real time (as it changes frequently) - a laborious and costly process indeed (and trackable by us! (I can explain it you wish))
The DNS providers see the domain I visit, but none keep active logs. Even if they did, it only resolves back to the VPNs own IP.
Nothing to really pin on me. It separates two valuable pieces of information… Makes the spying all the more difficult.
Now, if you visit SellNuclearSecretsToNorthKorea.com it’s fairly obvious to the VPN provider what you might be up to… The domain will be hidden from them, but that IP might not be shared with other domains (Silly!). If our tricky North Korean admins were smart, they’d also have domains selling holidays, cultural wares and recipes, all hosted on the same IP…
When the CIA kicks in my door, I proclaim in all innocence that I was buying some dinner plates, not selling state secrets.
Humour aside, it simply makes joining the dots harder for those who wish to track us.