Then the router sends the unencrypted query to your ISP DNS. So in every case of a DNS query which does not "obey" to the routing table, the query is sent to your router (configured to act as a DNS server), and not blocked by Comodo (because we allow communications in the home network, which is vital, otherwise it would not be possible to communicate with the router). The DNS server IP configured (DHCP pushed) on your physical interface is 192.168.0.1.
Windows lacks the concept of global DNS, so each card can have its own DNS server IP addresses. If you saw this info, were you able to see what setting (possibly in the router) was the culprit for the DNS leak? If it's the case, just replace your rule pertaining to your Home network in order to block packets toward port 53 UDP with 2 or 3 different rules:Īllow TCP In/Out From In To In Where Source Port Is Any And Destination Port Is AnyĪllow UDP In/Out From In To In Where Source Port Is Any And Destination Port Is Not 53Īllow ICMP In/Out From In To In Where ICMP Message Is AnyĪlso, in a private message, I had sent you detailed information about my router and ipconfig settings. Chances are that your router then queries your ISP DNS servers (obviously out of the tunnel), causing the leak. About the first case, your computer can communicate to your router, so please check whether DNS queries are sent to your router IP address. Please refer to my private message to you (to In my private message, I have copied you an example output of the DNS-leak test results, which shows my private ISP in addition to the Google DNS servers.Įither you have a DNS leak (which is a privacy risk) or you're tunneling DNS queries to your ISP DNS (which is not worrying). Please feel frees to end us your Global Rules and the definition of you Network Zones for a check.īut I *do* regularly see my ISPs DNS servers when performing the DNS Leak test. In this case, the DNS queries are tunneled and your provider will see the queries coming from our VPN server, so the leak is not real. If your ISP DNS IP addresses appear in the leak test, either there's actually a leak (therefore some mistake in the rules or network zones), or your provider has public DNS and your device is forced to use them. The Global Rules showed in the provided link block DNS leaks. Now I am wondering: Is this a coincidence? Should the Global Rules Method not block all DNS leaks because none are allowed if they don't pass through the VPN? In particular, as per the Rules, outbound UDP connections through my physical adapter are of course blocked on port 53 (as on any other ports).Īnd yet, when testing with I get a couple of InternetService Provider addresses, some of which are in other countries, but one among them is in my home country (and incidentally, this is my provider) I am using the Global Rules Method with Comodo