Mulvad’s ‘Connection Check’ service claims that I have Leaking DNS Servers. I run a pihole and as far as I can tell it is functioning correctly. My PC’s IP shows up in the pihole logs, at any rate.
I’m wondering 1 - What does a “leaky DNS server” mean and 2 - do I need to worry about this?
The entire concept of a “DNS leak” is:
If you are using a VPN service, and your DNS traffic is not contained within the VPN tunnel, that is a DNS leak. Your DNS traffic is exposed outside the encrypted tunnel.
If you don’t have the VPN active, there can be no DNS leak.
When the VPN is active, almost all VPN services automatically move your DNS traffic to inside the encrypted tunnel, going to DNS servers of their choosing.
In the unlikely case that you have set up Mullvad to use a server outside the encrypted tunnel (i.e. your Pi-hole), then you may have a DNS leak.
use a checker such as dnsleaktest.com
These show you the service you are using
say, you are using google dns in pihole, the results will show google dns
the “leak” is if you end up using dns servers you did not intend to use
eg, your pc is asking your isp dns instead of pihole
these checker sites run by VPN companies are used to check for leaks when you are using their products, to ensure that you are using their service.
Hence, if you are not using their service their checker would think a leak is happening
Thank you for the explanation
Mullvad shows this as a “leak” because they want you to use their VPN/dns servers.
Not exactly. If the DNS traffic is routed outside the VPN tunnel, by definition that is a DNS leak. But, if you use an encrypted upstream DNS server with Pi-hole, even though the DNS traffic may be outside the VPN tunnel, there is technically a DNS leak but nothing is exposed since the DNS traffic is also encrypted.
Regardless of how the Mullvad or any other tests work, you only have a DNS leak if your DNS traffic is exposed outside the VPN tunnel.
This is completely besides the point of the OP’s question and the test they were using.
The OP had the following questions in their OP:
“I’m wondering 1 - What does a “leaky DNS server” mean and 2 - do I need to worry about this?”
I believe these have both been accurately answered.
"The entire concept of a “DNS leak” is:
If you are using a VPN service, and your DNS traffic is not contained within the VPN tunnel, that is a DNS leak. Your DNS traffic is exposed outside the encrypted tunnel.
If you don’t have the VPN active, there can be no DNS leak.
When the VPN is active, almost all VPN services automatically move your DNS traffic to inside the encrypted tunnel, going to DNS servers of their choosing.
In the unlikely case that you have set up Mullvad to use a server outside the encrypted tunnel (i.e. your Pi-hole), then you may have a DNS leak."
Regardless of what any DNS leak test site shows or doesn’t show, this is still the accurate answer to the OP’s question.
At least this dismissive attitude from the pihole team…
Dismissive as in “here is a direct and accurate answer to your two questions?”