Jump to content
Not connected, Your IP: 18.207.136.184
pfolk

Does custom DNS Server expose real IP ?

Recommended Posts

Hi,

 

as per a few other threads, in order to get some websites to work properly with AirVPN (e.g. imdb), it was suggested by a member to use a custom DNS server, e.g. 1.1.1.1.

 

While this does solve the issue - of IMDB blocking AirVPN half of the time - I wonder if anybody could elaborate on whether this workaround is a security issue that could potentially expose the real IP ? (hence rendering VPN usage pointless)

 

Thanks

 

Share this post


Link to post

No, they will just to know which DNS server you are using, which could point to your ISP if you use theirs. I use OpenDNS with dnscrypt and the only thing that ipleak.net can see is that I am using OpenDNS. If you route DNS requests outside the tunnel, the DNS provider will know your IP address. If you route it inside the tunnel, then they will only see the VPN server IP. I route outside the tunnel for speed because I am already encrypting my DNS requests and the only thing I am trying to accomplish is my internet provider not seeing anything to profile me with and some anonymity on the web at large to avoid being targeted by certain bad actors. I am not worried about a DNS server that I shared none of my personal information with that serves millions of requests per minute as I am not doing anything illegal or anything.

Share this post


Link to post

 If you route DNS requests outside the tunnel, the DNS provider will know your IP address. If you route it inside the tunnel, then they will only see the VPN server IP.

 

I am using eddie and have added DNS servers to the DNS tab in settings.  Is this routing DNS requests inside the VPN tunnel?

Share this post


Link to post

I am using eddie and have added DNS servers to the DNS tab in settings.  Is this routing DNS requests inside the VPN tunnel?

 

All traffic is routed through the tunnel. Problem is that, if not using AirDNS, requests to other DNS servers are unencrypted after the AirVPN server.


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

Thats pretty much the same using airvpn dns servers?

They need to resolve as well, which is probabbly unencrypted anyway. Thats fine when you use dnscrypt or DoH for auth.

 

I am using eddie and have added DNS servers to the DNS tab in settings.  Is this routing DNS requests inside the VPN tunnel?

 

All traffic is routed through the tunnel. Problem is that, if not using AirDNS, requests to other DNS servers are unencrypted after the AirVPN server.

Share this post


Link to post

 

Thats pretty much the same using airvpn dns servers?

They need to resolve as well, which is probabbly unencrypted anyway. Thats fine when you use dnscrypt or DoH for auth.

 

I am using eddie and have added DNS servers to the DNS tab in settings.  Is this routing DNS requests inside the VPN tunnel?

 

All traffic is routed through the tunnel. Problem is that, if not using AirDNS, requests to other DNS servers are unencrypted after the AirVPN server.

 

 

Sure, they are recursive DNS that Air runs but the requests they make to authoritative DNS are not tied back to you.

 

If you use another DNS like 1.1.1.1 you also still have some anonymity since you're one of dozens of people using the VPN server.

Share this post


Link to post

 

I am using eddie and have added DNS servers to the DNS tab in settings.  Is this routing DNS requests inside the VPN tunnel?

 

All traffic is routed through the tunnel. Problem is that, if not using AirDNS, requests to other DNS servers are unencrypted after the AirVPN server.

 

How would I use DNS outside of the tunnel while using Eddie?  Not that I would want to.  Just like to know how.

Share this post


Link to post

You add the IP to the list of IPs routed outside the tunnel.

 

Sent via Tapatalk.


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

If you use another DNS like 1.1.1.1 you also still have some anonymity since you're one of dozens of people using the VPN server.

 

Could you elaborate on this in detail ? I feel I'm not fully getting your statement...

 

So if I use 1.1.1.1 as DNS they will see that and then in turn could inquire with AirVPN who that user was at that point in time... ? 

 

(1) since AirVPN does not store data, there should be no concern, right ?

(2) and since there will most likely be multiple users using 1.1.1.1 it would be impossible to identify, right... ?

 

trying to completely understand whether using DNS of 1.1.1.1 is defeating the purpose of using a VPN at all...

 

Thanks for the info.

Share this post


Link to post

 

If you use another DNS like 1.1.1.1 you also still have some anonymity since you're one of dozens of people using the VPN server.

 

Could you elaborate on this in detail ? I feel I'm not fully getting your statement...

 

So if I use 1.1.1.1 as DNS they will see that and then in turn could inquire with AirVPN who that user was at that point in time... ? 

 

(1) since AirVPN does not store data, there should be no concern, right ?

(2) and since there will most likely be multiple users using 1.1.1.1 it would be impossible to identify, right... ?

 

trying to completely understand whether using DNS of 1.1.1.1 is defeating the purpose of using a VPN at all...

 

Thanks for the info.

 

 

You seem to understand things properly.

Share this post


Link to post

Moving this topic on slightly, I beleive that Air runs its own DNS servers but where are they located?  Is it a central server somewhere or does a Dns server run on each of the individual vpn servers?

One of the advantages of 1.1.1.1 is latency, they are everywhere so a connection to one would be a relative short path no matter which air vpn server I connect to. 

Share this post


Link to post
2 hours ago, kbps said:

does a Dns server run on each of the individual vpn servers?


From the Technical Specs page:
Quote
  • Every VPN server has its DNS server, directly finds out information about the root servers, top level domains and authoritative name servers.
More properties of the DNS servers can be found there. :)

A bigger advantage of AirDNS is even smaller latency, because your gateway is your DNS server. :D and the DNS requests never leave the tunnel so it's a bit more.. "private", if you want to call it that. :)

Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post
3 hours ago, giganerd said:

From the Technical Specs page: More properties of the DNS servers can be found there. :)

A bigger advantage of AirDNS is even smaller latency, because your gateway is your DNS server. :D and the DNS requests never leave the tunnel so it's a bit more.. "private", if you want to call it that. :)

Hi Giganerd, Not hijacking this one, But what do you mean with "a so it's a bit more.. "private", ? . To my understanding: what happens in Vegas stays in Vegas. Right?
 

Share this post


Link to post
57 minutes ago, Kenwell said:

But what do you mean with "a so it's a bit more.. "private", ?


DNS is unencrypted. If you use a DNS other than AirDNS, the query is unencrypted after the AirVPN server and visible to the outside. If you use AirDNS, it stays in the tunnel which is encrypted, therefore, the DNS query is as well. So yes, Vegas stays in Vegas kind of a thing. :)

Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post
5 hours ago, giganerd said:

From the Technical Specs page: More properties of the DNS servers can be found there. :)

A bigger advantage of AirDNS is even smaller latency, because your gateway is your DNS server. :D and the DNS requests never leave the tunnel so it's a bit more.. "private", if you want to call it that. :)

Thanks.  answered my question exactly.  I must have missed this information on the specs page.

So really the only way to improve latency would be to run my own DNS server in my local network.  This could be done on raspberry pi.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...