0

When I use my ISP's DNS servers and I am connected via OpenVPN the DNS trafic will not bounce through the VPN tunnel. When I use others' DNS servers will my DNS traffic bounce through the VPN encrypted tunel?

schroeder
  • 125,553
  • 55
  • 289
  • 326
Danny
  • 203
  • 2
  • 7
  • similar to: https://security.stackexchange.com/questions/13900/if-i-use-a-vpn-who-will-resolve-my-dns-requests – mti2935 Apr 23 '21 at 15:27
  • Can you explain what you mean by "bounce through"? – schroeder Apr 23 '21 at 15:31
  • The question is: "If I use the DNS different my ISP`s DNS will it prevent DNS leaks?" – Danny Apr 23 '21 at 15:33
  • OP, thanks for clarifying your question. If you VPN provider does not provide DNS service, and you want to hide your DNS activity from your ISP, then you should use DNS over HTTPS (DoH) or DNS over TLS (DoT) see https://security.stackexchange.com/questions/248164/relationship-between-dot-doh-and-https?utm_source=dlvr.it&utm_medium=twitter. – mti2935 Apr 23 '21 at 15:46
  • I know it. I just want to get the answer: "If I use Google DNS and I use VPN that does not prevent DNS leaks, do my DNS requests/responses will be encrypted via VPN encryption and as a result can my ISP see my DNS requests?" – Danny Apr 23 '21 at 15:48
  • You seem to want to be asking a few different questions all at once and creating an XY problem. The core of what you want to know is what ***route*** your DNS traffic will take. – schroeder Apr 23 '21 at 15:59

1 Answers1

0

I'm assuming the typical setup that your VPN setup forwards all non-local traffic encrypted to the the VPN exit, i.e. all traffic to other systems in your local network will not be encrypted. I'm also assuming that the VPN does not come with its own DNS since you specifically ask about a DNS you've configured yourself. In this case the answer depends on where the DNS is configured and where the entry to the VPN is.

If your computer is the entry point of the VPN but you have DNS configured to be resolved by your router, then the DNS lookups will bypass the VPN, no matter if the DNS on the router forwards to your ISP's DNS server or to something else.

If the entry point of the VPN is your computer and you have your ISPs DNS configured on your computer, then the DNS will pass through the VPN and thus be encrypted. Note that even DNS lookups to your ISP will pass through the VPN unless you are directly connected (without cable modem, DSL router or similar) to the ISP, i.e. as long as the ISP's DNS is not in your local network.

If the entry point of the VPN is your router (i.e. router with VPN functionality) then all DNS lookups will pass through the VPN (i.e. encrypted) as long as the configured DNS server is not in the ISP's local network.

Steffen Ullrich
  • 190,458
  • 29
  • 381
  • 434
  • Important to note that a VPN only protects a portion of the route -- the DNS requests will be decrypted by the far end of the VPN and travel unencrypted through the network after that. – Ben Voigt Jan 13 '23 at 19:19