DNS Leak Test shows DNS used is not Cloudflare, but Cloudflare is upstream server for PiHole

Jorgsmash · August 29, 2019, 4:54pm

Please follow the below template, it will help us to help you!

I'm not sure if this is a PiHole issue but this is the best place to get help as you guys are really good at diagnosing issues. Sorry if this shouldn't be in the help thread but thank you all for helping! You guys are awesome!

Expected Behaviour:

[Running the test provided at https://www.dnsleaktest.com
Should show that my DNS being used is CloudFlare (1.1.1.1). ]

Actual Behaviour:

_[The extended test from https://www.dnsleaktest.com is showing my DNS queries are being sent to:

I don't know who these people are or why my system would be sending DNS queries to that IP. I tried in Chrome, which is using my system DNS. I have my system set to use the pihole only for DNS, and the upstream servers are set to CloudFlare.

I also ran the test in Firefox, which I have set the DNS over HTTPS setting to use https://dns.adguard.com/dns-query (just for testing). I would expect running the test from the Firefox browser would show 176.103.130.131 or 176.103.130.130, the IPs for dns.adguard.com. But I get the same result in both browsers.

Maybe I'm misunderstanding how the dnsleaktest website actually works, but if I connect to a VPN I purchased and run the DNS leak test, the dns server IPs show up as the VPN Providers addresses:

]_

Debug Token:

[Replace this text with the debug token provided from running pihole -d (or running the debug script through the web interface]

RamSet · August 29, 2019, 5:16pm

That IP (the vultr.com one) is the host you are running Pi-hole on (cloud server or maybe your service provider?).

Does it match with the output whatsmyip.org ?

Jorgsmash · August 29, 2019, 5:36pm

So the host Pi-Hole is on is a Ubuntu laptop behind my Comcast router and the public ip is 24.x.x.x so it's not from them.

RamSet · August 29, 2019, 5:46pm

Ok. Then, you should see your Cloudfare IP as your DNS on the DNS leak test.

Unless, you are using IPV6 and your queries are leaking through that.

What you need to make sure is that you have 1 IP set as your DNS ip and that's the IP of your Pi-hole.

Can you replicate the same result on all devices?

Jorgsmash · August 29, 2019, 6:04pm

The ip of the pihole is the only ip in the dns settings for the machine in question.

I can test other machines when I get home (I'm remoted in now). I think I did it on my Playstation as well and saw that vultr.com ip.

I am 99% positive I have ipv6 disabled, but the test would show an ipv6 address if it was leaking.

drewski · August 29, 2019, 9:18pm

That's not true I haven't yet found a website that will display ipv6 dns servers. That includes dnsleaktest.com

They may mention that you have an ipv6 dns connection but nothing more.

capboomer · August 29, 2019, 10:06pm

@Jorgsmash, you are just seeing the actual IP of the box you are connecting to for your DNS. If everyone is configured for 1.1.1.1 we are not all hitting the same server somewhere. Cloudflare has a whole network (including vultr.com) that services the world. In the test above that is the specific IP you hit within that cloud of computers serving whatever your DNS destination is.

drewski · August 29, 2019, 10:52pm

^
Pretty much this

jec0047 · August 29, 2019, 11:39pm

For what it's worth, when I run that test from my network, it finds either 5 or 6 servers in each of the 6 query rounds, but they all show "Cloudflare" as the ISP.

Jorgsmash · August 30, 2019, 1:20am

@capboomer Thanks for the clarification. I do however wonder why, as @jec0047 mentioned, it doesn't show cloudflare as it once did. I have ran this test multiple times in the past to find that the results show Cloudflare. I was concerned because when I looked into the vultr.com company they came back with very poor reviews and I didn't know or trust these people.

If I were to configure the Pi-Hole to use CloudFlare's (or AdGuards) DNS over HTTPS do you think the results would differ?

I'm very intrigued by the list that AdGuard has put together here: Known DNS Providers | AdGuard Knowledgebase

I would probably use the https://dns.adguard.com/dns-query as my upstream DoH server. I have tried searching for people who have set up their Pi-Holes to use AdGuard's Free DNS servers (176.103.130.130 and 176.103.130.131) as the upstream servers but I haven't found anyone who has done that. But I have considered it. What do you think would happen using both a Pi-hole and AdGuard DNS as upstream?

RamSet · August 31, 2019, 5:08am

Ubound should be a better choice. I believe that myself, for the simple fact that you do not need third party upstream servers.

You will be “talking” directly with the root servers ...

capboomer · August 31, 2019, 4:12pm

I always suggest the following:
Pihole using cloudflared for DoH & I have unbound as a backup DNS.
https://docs.pi-hole.net/guides/dns-over-https/
Use a VPS to setup steisandeffect VPN (run your own VPN server).
https://github.com/StreisandEffect/streisand
Configure VPN for your pihole so all your mobile devices can use your DNS anywhere in the world.
https://docs.pi-hole.net/guides/vpn/overview/

system · September 21, 2019, 4:12pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.