DnsLibs icon indicating copy to clipboard operation
DnsLibs copied to clipboard

Published 20 hours ago verified publisher icon AdguardTeam

DNS leak while using automatic proxy (root) mode

Open Rtizer-9 opened this issue 1 year ago • 4 comments

Please answer the following questions for yourself before submitting an issue

  • [X] Filters were updated before reproducing an issue
  • [X] I checked the knowledge base and found no answer
  • [X] I checked to make sure that this issue has not already been filed

AdGuard version

4.7.23

Browser version

All Browsers

OS version

Android 14

Issue Details

Steps to reproduce:

  1. Select a custom dns like adguard, cloudflare anything apart from your own isp (automatic).
  2. Select "redirect to dns proxy" in "filter secure dns" in low level settings.
  3. Check on Dns leak websites.

Expected Behavior

Dns leak websites should ONLY show entries from the selected dns server and no other server should be present.

Actual Behavior

We can still see various entries from our own ISP which means dns entries are still leaking to them.

Screenshots

Screenshot 1

Additional Information

No such problem is observed on VPN mode which means this is specific to automatic proxy root mode.

Rtizer-9 avatar Aug 21 '24 18:08 Rtizer-9

@Dondrejohnson,@i1itione,@BatobolotovBato Please confirm.

Rtizer-9 avatar Aug 21 '24 18:08 Rtizer-9

Following the steps above and using the following sites, it shows on root mode how the DNS is being leaked to T-Mobile ISP on auto root mode: IMG_20240822_101011_161 IMG_20240822_100830_506 IMG_20240822_100829_919

but not on VPN mode: IMG_20240822_100704_937 IMG_20240822_100839_512

Dondrejohnson5 avatar Aug 22 '24 14:08 Dondrejohnson5

Anyone with any update on this issue?

Dondrejohnson5 avatar Sep 26 '24 13:09 Dondrejohnson5

Bump.

Seeing the same on my device.

EDIT: Unsurprising snoozefest from AG ...

privacyguy123 avatar Sep 26 '24 16:09 privacyguy123

Is there any update on this? It's been 3 months since I opened the issue and this issue has been present all this while for years. It's a dns leak after all.

Rtizer-9 avatar Nov 16 '24 08:11 Rtizer-9

photo_2024-11-19_23-02-07 photo_2024-11-19_23-02-15

I'm also having DNS leaks while using AdGuard in Automatic Root Proxy Mode and this honestly makes me cringe, I thought I was safe but nope I wasn't.

@sfionov How long would it take to fix this? This issue has been open for months now.

4adbfa76 avatar Nov 19 '24 22:11 4adbfa76

Hello! I apologize for missing this issue, it seems to be triaged to wrong repo, and DnsLibs is not actively developed now.

I believe this issue is about IPv6 DNS filtering.

Automatic root proxy mode in Adguard for Android has two different submodes: TPROXY and REDIRECT.

TPROXY mode is used on devices without iptables' nat table for IPv6. On devices with better kernel config, REDIRECT mode is used.

In TPROXY mode it was not possible to filter IPv6 DNS properly. Blocking it, however, will break connection. That's why it is not filtered, and the snack should be shown in this case.

If you use REDIRECT mode, everything should work as expected since it was implemented in https://github.com/AdguardTeam/AdguardForAndroid/issues/1354.

We'll recheck if DNS filtering in redirect mode is ok, and what happened to the snack in TPROXY mode.

sfionov avatar Nov 20 '24 07:11 sfionov

Are there any more issues and it's not working with REDIRECT mode?

Rtizer-9 avatar Dec 05 '24 05:12 Rtizer-9