DNS Leak with VPN, when "shield Trackers & ads blocking" set to aggresive

sym · December 25, 2021, 8:40pm

I am not sure if I can post issues here. Anyway, I came here looking for a solution, and I saw related issues without any solution.

After trying several things I came up with a solution. To put the shield in its default (standard) form.

( Tests performed at: https://www.doileak.com/classic.html )

aggressive mode on:

standard mode on.

I can live with the standard mode, so this post is more of a warning to those who use vpn and are wondering why their dns is leaking, or those who don’t even know that their dns is leaking.

Vendrugo · December 25, 2021, 10:03pm

Leak appears to me in Germany. Is the algorithm of that website good? I have the shields in standard mode, I also use adguard

I don’t think that’s very accurate

chh_68 · December 27, 2021, 6:44am

I did tests with 3-4 types of DNS. First one was VPN DNS, a custom DNS and my ISP default DNS. Both in aggressive mode and standard mode. DNS was not leaked in anyone of the test.

You could try https://www.browserleaks.net , https://dnsleaktest.com/ , https://coveryourtracks.eff.org/ etc.

I do such type of tests once in a month on all of my browsers (brave and others). Each time brave did not leak any of my dns quiries.

Also, it might be related to webrtc. You can turn it off from default settings. Change it to default interface-only or Disable non-proxied udp.

antonok · December 31, 2021, 7:15pm

@sym can you provide the version of Brave you’re running, and more information about how your VPN is configured (enough for someone else to reproduce the issue)? In addition, could you try with the #brave-adblock-cname-uncloaking flag disabled in brave://flags, and say whether or not that changes the result?

There have been a few edge cases we’ve patched regarding CNAME uncloaking in combination with VPN or proxy setups; it’s something we definitely want to fix if it’s still leaking in some cases.