Question VPN DNS Filtering

Please provide comments and solutions that are helpful to the author of this topic.

n8chavez

n8chavez

Level 17
Thread author
Well-known
Feb 26, 2021
818
Many VPNs now have DNS filtering. Mullvad, hide.me, ivpn, and airvpn, among others I'm sure all have that feature. This is great in theory; having your IPs coming from the same place. But how do you know it's actually filtering anything? There's no webgui, or stats to indicated allows vs blocks. So how do we know how effective it is? I've been trying to answer these questions for myself and I've come up empty. I've tested using both Mullvad and hide.me, and I've yet to see it actually block anything. With both of these VPNs you can set the DNS blocking category, such as trackers, malware, porn, and ads. With both of these VPNs, I toggled the categories to block them all. I disconnected the VPNs and reconnected, just to be sure. I would think that would be enough to block the categories I chose. But nothing seems to have been block; I was still able to access sites I know things that should have been blocked. Does this happen with anyone else? Maybe I'm doing something wrong, but it doesn't seem to me that anything is being blocked using VPN DNS filtering.

As always, these are just musings from a self-proclaimed idiot.

Thoughts?
 
  • Like
Reactions: Nevi, brambedkar59 and Jonny Quest
B

Back3

Level 14
Verified
Top Poster
Apr 14, 2019
660
I use Windscribe Pro. It has DNS filtering, but I don't enable it. I use NextDNS : on my iPhone and iPad, it is efficient and blocks a lot of bad or annoying stuff. So, for me, i'ts a keeper! On my PC, I also have uBlock Origin, so it's difficult to pinpoint what is being blocked by NextDNS or my extension.
 
  • Like
  • HaHa
Reactions: TommyHillis and Nevi
brambedkar59

brambedkar59

Level 29
Verified
Top Poster
Well-known
Apr 16, 2017
1,878
Ultimate Vision said:
Test your self either via this link or going to domains where there is content you are trying to block.

Debug | DNSFilter

debug.dnsfilter.com debug.dnsfilter.com
Click to expand...
I think that test is only for DNSFilter services and not for other DNS providers. I tried blocking everything inside parental control setting of NextDNS, flushed DNS cache for both browser and System, restarted browser and ran test. No matter which browser I used it all showed as "allowed", even though I can't actually open websites of that category.

1694824393117.png
1694824403915.png
1694824409154.png
 
  • Like
Reactions: Ville, Kongo, Nevi and 1 other person
n8chavez

n8chavez

Level 17
Thread author
Well-known
Feb 26, 2021
818
But what happens if you use another blocker, such as uBo? When I tried everything was blocked with it. I like the idea of VPN DNS filtering, and the fact that your IP and DNS IP will be the same. That of course assumes that filtering works correctly. I use ControlD. That really works. But my IPs are not the same. So I was hoping VPN filtering would work. It seems it doesn't.
 
Last edited:
F

ForgottenSeer 103564

brambedkar59 said:
I think that test is only for DNSFilter services and not for other DNS providers. I tried blocking everything inside parental control setting of NextDNS, flushed DNS cache for both browser and System, restarted browser and ran test. No matter which browser I used it all showed as "allowed", even though I can't actually open websites of that category.

View attachment 278633View attachment 278634View attachment 278635
Click to expand...
Google AI on search came up with the solution, it states those are test domains, whether specific for that company or not is unsure. I tried the same test on that site, cloudfair dns test and a couple others with the same conclusions.

You can test a DNS filter in a few ways:

  • Visit debug.dnsfilter.com to test all categories at once.
  • Visit a domain in your policy block list.
  • Open your terminal and type dig example.com (or nslookup example.com if you're using Windows) to see if Gateway is successfully blocking example.com.
  • Attempt to browse to a well-known domain that is allowed by your policy, such as google.com.
You can also test categories individually by browsing the domains shown below in the content categories. For example, if you want to test your block page against adult content, visit adult.filterdns.net.
 
  • HaHa
Reactions: Nevi and brambedkar59
H

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,033
n8chavez said:
But what happens if you use another blocker, such as uBo? When I tried everything was blocked with it. I like the idea of VPN DNS filtering, and the fact that your IP and DNS IP will be the same. That of course assumes that filtering works correctly. I use ControlD. That really works. But my IPs are not the same. So I was hoping VPN filtering would work. It seems it doesn't.
Click to expand...

Is uBO use to filter DNS queries or IP queries or both?
 
brambedkar59

brambedkar59

Level 29
Verified
Top Poster
Well-known
Apr 16, 2017
1,878
Ultimate Vision said:
Google AI on search came up with the solution, it states those are test domains, whether specific for that company or not is unsure. I tried the same test on that site, cloudfair dns test and a couple others with the same conclusions.

You can test a DNS filter in a few ways:

  • Visit debug.dnsfilter.com to test all categories at once.
  • Visit a domain in your policy block list.
  • Open your terminal and type dig example.com (or nslookup example.com if you're using Windows) to see if Gateway is successfully blocking example.com.
  • Attempt to browse to a well-known domain that is allowed by your policy, such as google.com.
You can also test categories individually by browsing the domains shown below in the content categories. For example, if you want to test your block page against adult content, visit adult.filterdns.net.
Click to expand...
Did you just copy-pasted entire solution given by Google AI? Pls read my last reply again.
 
  • Like
Reactions: Nevi
F

ForgottenSeer 103564

brambedkar59 said:
Did you just copy-pasted entire solution given by Google AI? Pls read my last reply again.
Click to expand...
I did, because it was fun, and it was the only solution googles entire database seems to have for testing. Me personally, i would just try a few domains, like pornhub, and others that should be blocked by the settings and see. If we are left to the help provided on the search engines, it is minimal at best. Those are dummy domains, whether they work or not with other solutions is unsure as stated, and why when i posted the original i stated either try this or manually going to domains.

P.S instead of laughing, try giving a solution.
 
  • HaHa
Reactions: Nevi and brambedkar59
brambedkar59

brambedkar59

Level 29
Verified
Top Poster
Well-known
Apr 16, 2017
1,878
Ultimate Vision said:
I did, because it was fun, and it was the only solution googles entire database seems to have for testing. Me personally, i would just try a few domains, like pornhub, and others that should be blocked by the settings and see. If we are left to the help provided on the search engines, it is minimal at best. Those are dummy domains, whether they work or not with other solutions is unsure as stated, and why when i posted the original i stated either try this or manually going to domains.

P.S instead of laughing, try giving a solution.
Click to expand...
I wasn't laughing at you but the reply given by AI, which was rather funny.
I consider pointing out that a given "solution" doesn't work as helpful.
 
  • Like
Reactions: Nevi
brambedkar59

brambedkar59

Level 29
Verified
Top Poster
Well-known
Apr 16, 2017
1,878
n8chavez said:
With both of these VPNs, I toggled the categories to block them all. I disconnected the VPNs and reconnected, just to be sure. I would think that would be enough to block the categories I chose. But nothing seems to have been block; I was still able to access sites I know things that should have been blocked. Does this happen with anyone else? Maybe I'm doing something wrong, but it doesn't seem to me that anything is being blocked using VPN DNS filtering.
Click to expand...
Are you using another DNS (DNS Over HTTPS) within your browser? I think that might take priority over the VPN's DNS server
 
n8chavez

n8chavez

Level 17
Thread author
Well-known
Feb 26, 2021
818
brambedkar59 said:
Can you check if there is any DNS leak occuring when using VPN? Run extended test and in the result DNS server should match that used by your VPN provider.

dnsleaktest.com
Click to expand...

Oh, I have run that test as well as the ones listed below. They all came back no leak.

My IP Address

The main tools for checking IP address privacy. Showing Your IP Address, Reverse IP Lookup, Hostname, and HTTP Request Headers, Your Country, State, City, ISP/ASN, and Local Lime, Whois Lookup, TCP/IP OS fingerprinting, WebRTC Leak Test, DNS Leak Test, and IPv6 Leak Test.
browserleaks.com browserleaks.com

dnscheck.tools - test your dns resolvers

A tool to test for DNS leaks, DNSSEC validation, and more
dnscheck.tools dnscheck.tools

DNS Leak Test | Perfect Privacy

Visit our free DNS Leak Test to check your VPN - Perfect Privacy VPN protects from leaks ✓ Anonymous VPN since 2008 - Our mission is your internet privacy!
www.perfect-privacy.com www.perfect-privacy.com
 

Similar threads

jetman
    • Like
    • Thanks
Question Is there any independent testing of DNS providers?
Replies
4
Views
1,289
VPN and DNS
jetman
jetman
SohanRay
    • Like
Advice Request Using 3rd party DNS with VPN doesn't let me Stream Content
Replies
12
Views
760
VPN and DNS
SohanRay
SohanRay
CyberTech
    • Like
    • Applause
    • Thanks
Serious Discussion Mullvad's public encrypted DNS Servers run in RAM now
Replies
0
Views
605
VPN and DNS
CyberTech
CyberTech

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top