Proton VPN Custom DNS Severs
Hello,
Had a quick search, didn't see an obvious answer, but apologies if this has already been covered. If I have the nextDNS client running on my desktop (Windows 10) then wherever I switch my VPN to, the nextdns.io webpage reports I am successfully using NextDNS. If I turn off the NextDNS client but have the VPN connect having put the IPv4 addresses in the Custom DNS part of the VPN client, then the only way I can get it to use nextDNS is by manually refreshing the IP on the nextdns.io home page, it is not automatically using it.
I am clearly not understanding something here, but shouldn't the VPN client now use nextdns every time?
3 replies
-
quick follow up, did a dnsleak test with that option set in Proton and it says that it is using the nextdns.io servers. I just get the same "This device is using NextDNS with no profile." on the setup screen, and it is definitely not applying any of the filtering/rules
-
This is normal when you manually enter the IP you need to sync it as it tells the server that x IP should use x configuration. It's a way designate a configuration for the IP.
For DoH and DoT (NextDNS client uses DoH) they also provide the configuration number so xyz123.dns.nextdns.io so when the DNS server gets connected it has the required information to connect the profile to your IP.
On any VPN unless you're using a static IP your IP is going to change even if you connect to the same location as VPNs have many servers even for lets say New York.
I'd advise using the client so you don't have to manually sync the IP from your actual IP to all the different VPN IPs that you'll get, on mobile it's also the same deal Private DNS or the Apple Configuration Profile use the protocols mentioned above and will report the configuration to the server so you don't have to do anything manually.
-
You can be using NextDNS with old DNS or new DNS. On top of that you can be using it generically, or with one of the profiles tied to your account. To get a feel for which situation you have there is
which is explained a bit here
https://www.routersecurity.org/testdns.php
If using a VPN even old insecure UDP DNS should be fine as the only thing not encrypted is from the VPN server to the DNS server and no one can tell who made that request.
My experience has been that VPNs offering custom DNS only support old insecure UDP based DNS. In that environment you need to link the VPN server IP address to one of your profiles. But this is very fragile.
Content aside
- 1 yr agoLast active
- 3Replies
- 3031Views
-
4
Following