DNS leak with WARP

This web site (ipleak.net) generates a battery of random names (which surely don’t exist) and asks my system (Win 10… which is insecure due to its lack of proper DNS implementation) to resolve them, in order to force my system to resolve those names with every DNS it is configured to access (since the names don’t exist, the fall back to every nameserver is inevitable). Can you add security features to WARP to prevent DNS leak either with firewall rules or changing DNS settings to all interfaces?
I m (and my ISP) located in Hungary (EU) and Cloudflare’s closest data center is located in Austria (EU).

@sdayman Can you please take a look to this? No response from anyone for a long time… Thanks

I’m going to flag @MoreHelp, as it’s been way longer than 72 hours.

2 Likes

Solution found for Windows platform:
Change DNS service from automatic to manual and type Cloudlfare’s name server addresses. Do the same with ipv6 too.

No more DNS leaks…

That’s not necessary if your browser doesn’t leak the DNS servers.
In my case, ipleak.net only finds one DNS server (that belongs to Cloudflare), without changing the Windows settings (they are all blank).

Thanks for the comment. I changed back the settings (blank) and tested with Firefox, Chrome, IE and Edge, and all resulted the issue I wrote in the post. After changing DNS settings back to manual (Cloudflare’s servers), i got the same result as you in all browsers. I do think it is related to Win 10 or at least to particular builds…

This doesn’t make sense to me. WARP is supposed to send your browser traffic over Cloudflare’s VPN, disregarding your local DNS settings.

Then you can probably run the test without WARP and it’ll still pass the leak test.

Let’s see if we can get @kkrum’s input on this.

I m also clueless with this, but you are right. Disabling WARP results the same in DNS leak test.

WARP is not a traditional VPN solution. It doesnt become the default gateway and no private addresses are used for the tunnel. Thus you have to configure manually the DNS settings in Network settings, as I wrote above, to prevent DNS leaks in Windows platform. We tested WARP on OSX too with default network settings (automatic IP and DNS settings) but the same issue never happened.
In conclusion: use WARP with manually configured DNS settings if you use Windows OS to prevent leaks and keep your traffic private (inc. DNS queries).

This should not be the case. WARP should be consuming all DNS traffic and sending it to our network. Can you file an in-app feedback request and post the ticket number you get from there?

1 Like

Thanks. Case number: 56460
There is no option to attach file to the feedback, so I was not able to attach DNS logs, debugs and screenshots.

Thanks @ronai I was able to find it and I am able to reproduce the issue. I’ll follow up with dev team on Monday and see if we can figure out what is going on.

2 Likes