Question VPN DNS Filtering

Please provide comments and solutions that are helpful to the author of this topic.

n8chavez

Level 20
Thread author
Well-known
Feb 26, 2021
962
Many VPNs now have DNS filtering. Mullvad, hide.me, ivpn, and airvpn, among others I'm sure all have that feature. This is great in theory; having your IPs coming from the same place. But how do you know it's actually filtering anything? There's no webgui, or stats to indicated allows vs blocks. So how do we know how effective it is? I've been trying to answer these questions for myself and I've come up empty. I've tested using both Mullvad and hide.me, and I've yet to see it actually block anything. With both of these VPNs you can set the DNS blocking category, such as trackers, malware, porn, and ads. With both of these VPNs, I toggled the categories to block them all. I disconnected the VPNs and reconnected, just to be sure. I would think that would be enough to block the categories I chose. But nothing seems to have been block; I was still able to access sites I know things that should have been blocked. Does this happen with anyone else? Maybe I'm doing something wrong, but it doesn't seem to me that anything is being blocked using VPN DNS filtering.

As always, these are just musings from a self-proclaimed idiot.

Thoughts?
 

Back3

Level 14
Verified
Top Poster
Apr 14, 2019
672
I use Windscribe Pro. It has DNS filtering, but I don't enable it. I use NextDNS : on my iPhone and iPad, it is efficient and blocks a lot of bad or annoying stuff. So, for me, i'ts a keeper! On my PC, I also have uBlock Origin, so it's difficult to pinpoint what is being blocked by NextDNS or my extension.
 

brambedkar59

Level 32
Verified
Top Poster
Well-known
Apr 16, 2017
2,116
Test your self either via this link or going to domains where there is content you are trying to block.

I think that test is only for DNSFilter services and not for other DNS providers. I tried blocking everything inside parental control setting of NextDNS, flushed DNS cache for both browser and System, restarted browser and ran test. No matter which browser I used it all showed as "allowed", even though I can't actually open websites of that category.

1694824393117.png
1694824403915.png
1694824409154.png
 

n8chavez

Level 20
Thread author
Well-known
Feb 26, 2021
962
But what happens if you use another blocker, such as uBo? When I tried everything was blocked with it. I like the idea of VPN DNS filtering, and the fact that your IP and DNS IP will be the same. That of course assumes that filtering works correctly. I use ControlD. That really works. But my IPs are not the same. So I was hoping VPN filtering would work. It seems it doesn't.
 
Last edited:
F

ForgottenSeer 103564

I think that test is only for DNSFilter services and not for other DNS providers. I tried blocking everything inside parental control setting of NextDNS, flushed DNS cache for both browser and System, restarted browser and ran test. No matter which browser I used it all showed as "allowed", even though I can't actually open websites of that category.

Google AI on search came up with the solution, it states those are test domains, whether specific for that company or not is unsure. I tried the same test on that site, cloudfair dns test and a couple others with the same conclusions.

You can test a DNS filter in a few ways:

  • Visit debug.dnsfilter.com to test all categories at once.
  • Visit a domain in your policy block list.
  • Open your terminal and type dig example.com (or nslookup example.com if you're using Windows) to see if Gateway is successfully blocking example.com.
  • Attempt to browse to a well-known domain that is allowed by your policy, such as google.com.
You can also test categories individually by browsing the domains shown below in the content categories. For example, if you want to test your block page against adult content, visit adult.filterdns.net.
 

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,152
But what happens if you use another blocker, such as uBo? When I tried everything was blocked with it. I like the idea of VPN DNS filtering, and the fact that your IP and DNS IP will be the same. That of course assumes that filtering works correctly. I use ControlD. That really works. But my IPs are not the same. So I was hoping VPN filtering would work. It seems it doesn't.

Is uBO use to filter DNS queries or IP queries or both?
 

brambedkar59

Level 32
Verified
Top Poster
Well-known
Apr 16, 2017
2,116
Google AI on search came up with the solution, it states those are test domains, whether specific for that company or not is unsure. I tried the same test on that site, cloudfair dns test and a couple others with the same conclusions.

You can test a DNS filter in a few ways:

  • Visit debug.dnsfilter.com to test all categories at once.
  • Visit a domain in your policy block list.
  • Open your terminal and type dig example.com (or nslookup example.com if you're using Windows) to see if Gateway is successfully blocking example.com.
  • Attempt to browse to a well-known domain that is allowed by your policy, such as google.com.
You can also test categories individually by browsing the domains shown below in the content categories. For example, if you want to test your block page against adult content, visit adult.filterdns.net.
Did you just copy-pasted entire solution given by Google AI? Pls read my last reply again.
 
  • Like
Reactions: Nevi
F

ForgottenSeer 103564

Did you just copy-pasted entire solution given by Google AI? Pls read my last reply again.
I did, because it was fun, and it was the only solution googles entire database seems to have for testing. Me personally, i would just try a few domains, like pornhub, and others that should be blocked by the settings and see. If we are left to the help provided on the search engines, it is minimal at best. Those are dummy domains, whether they work or not with other solutions is unsure as stated, and why when i posted the original i stated either try this or manually going to domains.

P.S instead of laughing, try giving a solution.
 

brambedkar59

Level 32
Verified
Top Poster
Well-known
Apr 16, 2017
2,116
I did, because it was fun, and it was the only solution googles entire database seems to have for testing. Me personally, i would just try a few domains, like pornhub, and others that should be blocked by the settings and see. If we are left to the help provided on the search engines, it is minimal at best. Those are dummy domains, whether they work or not with other solutions is unsure as stated, and why when i posted the original i stated either try this or manually going to domains.

P.S instead of laughing, try giving a solution.
I wasn't laughing at you but the reply given by AI, which was rather funny.
I consider pointing out that a given "solution" doesn't work as helpful.
 
  • Like
Reactions: Nevi
F

ForgottenSeer 103564

Both. uBo is hard mode black all 3rd party requests by default. I allow the ones I need.
try this one as well, choose public sector and toggle other in filter provider. It will give you an idea.

 
  • Like
Reactions: n8chavez

brambedkar59

Level 32
Verified
Top Poster
Well-known
Apr 16, 2017
2,116
With both of these VPNs, I toggled the categories to block them all. I disconnected the VPNs and reconnected, just to be sure. I would think that would be enough to block the categories I chose. But nothing seems to have been block; I was still able to access sites I know things that should have been blocked. Does this happen with anyone else? Maybe I'm doing something wrong, but it doesn't seem to me that anything is being blocked using VPN DNS filtering.
Are you using another DNS (DNS Over HTTPS) within your browser? I think that might take priority over the VPN's DNS server
 

n8chavez

Level 20
Thread author
Well-known
Feb 26, 2021
962
try this one as well, choose public sector and toggle other in filter provider. It will give you an idea.

1 for 2 on that site without ubo.
 

n8chavez

Level 20
Thread author
Well-known
Feb 26, 2021
962
Can you check if there is any DNS leak occuring when using VPN? Run extended test and in the result DNS server should match that used by your VPN provider.

dnsleaktest.com

Oh, I have run that test as well as the ones listed below. They all came back no leak.

 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top