ISP DNS is leaking when using unbound

I set up unbound according to your guide, but when I do a DNS leak test, I see my ISP DNS.

Should it be like that?


1 Like

When using unbound, a DNS leak test would be expected to show your public IP being used as DNS server, e.g. your public IPv4 as assigned by your ISP to your router.

Are you really seeing your ISP's DNS servers being used?


Running a DNS leak test is only of value if you are running your traffic through a VPN. A DNS leak would be when the DNS traffic is visible outside the VPN tunnel. If you aren't running your traffic through a VPN, then you needn't worry about a DNS leak.

When you run unbound, the IP of your DNS provider is your IP, since you are running unbound at your IP.


You're probably right, it's the same IP as the IP get from WhatIsMyIP.
But the DNS leak test tell me my ISP somehow. Is that OK? Maybe because I'm behind ISP's NAT?

I'm not worrying about a DNS leak, just trying to figure out if the my setup is working as excepted.

Another question, how unbound in you setup using DNSSEC without the auto-trust-anchor-file parameter? I saw other guides using this parameter for DNSSEC.


No, the leak test is looking at your IP address and using the PTR record for it in a reverse lookup. Since your ISP owns the IP address, they set the name.


You need the trust anchor. This should already be configured by the unbound installer as follows, which is why we don't include it in our pi-hole.conf file:

cat /etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf

    # The following line will configure unbound to perform cryptographic
    # DNSSEC validation using the root trust anchor.
    auto-trust-anchor-file: "/var/lib/unbound/root.key"
1 Like

I saw @sha-265 post and my question is similar but let's be more concrete.. If I run dns leak test and there appears my public IP not DNS of my ISP, is that leak ?
all that in context of unbound without any VPN.

No. That is the actual IP of your DNS server. There is no concept of a DNS leak if you aren't using a VPN service. A DNS leak is where your data traffic is in the VPN tunnel but the DNS traffic is exposed outside of the tunnel. That is not your case.

1 Like

A post was split to a new topic: DNS leakage when using cellular network

I saw this and it made me curious:

If one were to use 'Wi-Fi assist' (when the cellular connection 'helps' the local connection) who would win the DNS lookup (in a home setup)?
And can the VPN double-duty cellular and local traffic on the same machine??

Just an academic question; I don't use Wi-Fi assist and I admit this is waaaaay off, not only, this topic but Pi-hole fairness...

Why now?
I was at an airport and tried to use my VPN but it was, at first, only on the cellular data, until I turned off cellular data, reconnected to the airport wifi (actually, I turned off the Wi-Fi radio to force it to grab a new ip now that it is common knowledge that iOS will hold an ip address otherwise and leak info, even with a VPN) and then restarted the VPN and this thread got my attention.

4 posts were split to a new topic: Privacy using a VPN with Pi-hole+Unbound