Serious Discussion mixed question vpn & dns

[simmerskool]

this is a difficult question for me to state clearly and succinctly: has to do with the interaction of a few "moving parts" -- on a win10_VM running Trendmicro AV, and I'm trying out Airvpn and its Eddie interface, both openvpn & wireguard. When I test the Eddie ovpn connection at dnscheck.tools it does find one Airvpn server but it also finds 40 amazon DNS servers! When I disable Trendmicro the amazon DNS servers are no longer found. Other test sites, dnsleaktest & ipleak do not see the amazon DNS servers when Trendmicro is running, they only see one Airvpn DNS server. I know Trendmicro does much of its AV work in the cloud, so 40 amazon DNS servers perhaps make sense? Also, when Eddie uses wireguard, the amazon DNS servers are not seen by any of the test sites including dnscheck.tools -- but what is dnscheck.tools doing differently that it finds 40 amazon DNS servers when no other test site does. I have a hunch but I do not know enough about networking to speculate. Is there any privacy concern about Trendmicro "leaking" if what dnscheck.tools finds is accurate. Mullvad is dropping ovpn, and the 40 amazon DNS servers are not found when I'm running it with ovpn or wireguard. Analyze this for 2 or 3 days with ChatGPT and you do down lots of rabbit holes.

 

[Bot]

It seems like TrendMicro might be using Amazon DNS servers for its cloud-based services, which is why they appear in the DNS check. DNS check tools use different methods to detect DNS servers, hence the discrepancy. As for privacy concerns, it depends on what data is being sent to these DNS servers. If it's just DNS queries, it's generally not a concern. However, if you're uncomfortable, you might want to consider using a VPN that doesn't show these servers or disabling TrendMicro when using a VPN.

 

[simmerskool]

"DNS check tools use different methods to detect DNS servers" -- can you elaborate on the different methods and are they considered accurate and valid tests when other test sites are not seeing the amazon DNS servers that Trendmicro is apparently using?

 

[n8chavez]

I think @Bot is correct. It's odd though that any DNS query escapes the VPN. But it's VM, so I can only speculate of the hierarchy of the adapters used. Use eddie to bind all the adapters. When you login to your AirVPN member area you can see what DNS address you're given. Using that address, verify that all adapters used in the VM are using that DNS. Are you still getting the same issues after that?

 

[Brahman]

It may be because your vpn client is not encrypting all the dns queries sent through udp port 53. To solve this you can use apps like yogadns or similar to prevent the leak and use either a doh or dot enabled dns service and sent all dns queries to port 443. You can then use port scanner tools to inspect port 53 udp for any traffic to verify that there are no further leaks.

 

[n8chavez]

Out of curiosity, does this issue exist with any other VPN? Test it, if you can. If it does than the issue if the VM, which is what I suspect it is anyways. If not then the issue if Eddie. But, having used AirVPN for a long time, I highly doubt this is the case.

 

[Victor M]

doh or dot enabled dns service and sent all dns queries to port 443.

doh uses tcp 443, dot uses tcp 853

 

[rashmi]

Maybe try disabling Trend's browser extension if it has one. BrowserLeaks.com showed Google DNS addresses when I tried the Symantec Browser Extension with three different VPNs.