0

DNS leak?

I've just set up NEXTdns on all my parents devices  and Home router (ipv4 with linked IP) 

I've noticed many Facebook, Apple, Google and teamviewer DNS queries on their router configuration. All devices on the house have nextdns app or profile configured. The queries seem to duplicate that of a macbook pro running the app. 

Why would this be? Should the queries not be encrypted and hidden from the router? 

I can view the macbook DNS queries too on respective config. 

(Picture above from Router Configuration) 

9replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • Linked IP config doesn't use encryption. Only DoH and DoT.

    If your router doesn't support that, your setting with linked IP is correct so if you want using encrypted DNS, then you need using the App or "private DNS" feature on Android/ "profile" feature on iOS

    Like 1
  • I'm using the apps and DoH on all devices in the house (except Chromecast) 

    I would not expect to see the DNS logs for teamviewer, Facebook etc from the router 

    Like
  • Do you use different profiles for router and the other devices?

    When you look at details in the logs what do you see?

    From the screenshoot it looks like an Apple device logs.

    If the Chromecast go through router all  the apps you cast will use the router.

    Like
  • I have a configuration profile for my router and a configuration profile for my macbook.  The macbook is running the nextdns App. I am seeing duplicate logs in both configuration profiles. 

    I would expect NOT to see macbook pro DNS logs on the router configuration profile 

    Like
      • DynamicNotSlow
      • Pro subscriber ✓
      • DynamicNotSlow
      • 2 wk ago
      • Reported - view

      Thomas Griffiths sounds like your macbook use DHCP DNS as fallback.

      Try profile instead of app: apple.nextdns.io

      Like
      • aioyups
      • aioyups
      • 2 wk ago
      • 2
      • Reported - view

      Thomas Griffiths well, I'll try to explain some. There're 2 points.

      First, encryption only happen for transmission and will be decrypted at the end point, so nothing is hidden from the server and the device. This is a key point.

      Second, for the duplicate log. It happens because you make 2 different configuration but the incoming traffic comes from a source that satisfied both of their condition. How could that be? Well, your first configuration use linked ip method. And your second configuration use DoH. When your macbook send dns request naturally it will be recorded in your second configuration log, however you forget that you send the data through your router linked public IP so that dns request also satisfied the first configuration condition, naturally it will also be recorded in your first configuration log. (If you ask why it's not hidden since it's encryted, then the answer is the first point above).

      Hope this can satisfied your curiosity. 😄

      Like 2
    • DynamicNotSlow  the issue occurs when using the profile. The App behaves as expected 

      Like
    • aioyups thank you for your explanation, however, the reason I raised this is because I don't see the same behaviour with other devices using DoH on (configuration 1) whilst also connected to the router (configuration 2) when I use the nextdns App on my macbook the duplicates stop 

      Like
      • aioyups
      • aioyups
      • 2 days ago
      • 1
      • Reported - view

      Thomas Griffiths Well don't forget that when you create 2 configuration both of them have their own unique DoH&DoT ID&IP. If you use doh id from conf1 naturally the log will stays at conf1 and not conf2 since nothing match. So to understand it you just need to ask yourself wether it satisfied the condition? If it is then it will be logged. It's not about the app but the configuration on both server and client, if something not working as intended then just recheck the config. 😉

      Like 1
Like Follow
  • 2 days agoLast active
  • 9Replies
  • 262Views
  • 4 Following