ISP DNS is leaking when using unbound

I set up unbound according to your guide, but when I do a DNS leak test, I see my ISP DNS.

Should it be like that?


When using unbound, a DNS leak test would be expected to show your public IP being used as DNS server, e.g. your public IPv4 as assigned by your ISP to your router.

Are you really seeing your ISP's DNS servers being used?

1 Like

Running a DNS leak test is only of value if you are running your traffic through a VPN. A DNS leak would be when the DNS traffic is visible outside the VPN tunnel. If you aren't running your traffic through a VPN, then you needn't worry about a DNS leak.

When you run unbound, the IP of your DNS provider is your IP, since you are running unbound at your IP.


You're probably right, it's the same IP as the IP get from WhatIsMyIP.
But the DNS leak test tell me my ISP somehow. Is that OK? Maybe because I'm behind ISP's NAT?

I'm not worrying about a DNS leak, just trying to figure out if the my setup is working as excepted.

Another question, how unbound in you setup using DNSSEC without the auto-trust-anchor-file parameter? I saw other guides using this parameter for DNSSEC.


No, the leak test is looking at your IP address and using the PTR record for it in a reverse lookup. Since your ISP owns the IP address, they set the name.

1 Like

You need the trust anchor. This should already be configured by the unbound installer as follows, which is why we don't include it in our pi-hole.conf file:

cat /etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf

    # The following line will configure unbound to perform cryptographic
    # DNSSEC validation using the root trust anchor.
    auto-trust-anchor-file: "/var/lib/unbound/root.key"
1 Like

I saw @sha-265 post and my question is similar but let's be more concrete.. If I run dns leak test and there appears my public IP not DNS of my ISP, is that leak ?
all that in context of unbound without any VPN.

No. That is the actual IP of your DNS server. There is no concept of a DNS leak if you aren't using a VPN service. A DNS leak is where your data traffic is in the VPN tunnel but the DNS traffic is exposed outside of the tunnel. That is not your case.

1 Like