Warp+ vpn leaking DNS requests

Now with general availability of warp+, I am running leak tests on http://ipleak.net and dnsleaktest.com and they are leaking dns requests from my mobile ISP and home ISP. Very disappointing to see continued dns leaks with the 1.1.1.1 DNS android app. Am on android pie with the latest updates on a Samsung galaxy J6

2 Likes

I noticed the same when I started to use 1.1.1.1 + Warp today.

My ISP can associate my personal IP address with the names of all the sites I connect currently when using warp so there’s not really any privacy regarding that.

1 Like

Sorry I think there may be some confusion. The sites you are linking to do not test DNS requests made by your client. They report the IP address of your client.

Cloudflare WARP provides an encrypted connection from your mobile device to Cloudflare’s edge to prevent your connection from being snooped and optimizations to improve performance. It is not intended to hide your IP address from the websites you visit. We make no attempt to hide/alter/obfuscate the identity of a visitor from a website operator.

3 Likes

Fro a newly published blog post from Matthew Prince:

From a technical perspective, WARP is a VPN. But it is designed for a very different audience than a traditional VPN. WARP is not designed to allow you to access geo-restricted content when you’re traveling. It will not hide your IP address from the websites you visit. If you’re looking for that kind of high-security protection then a traditional VPN or a service like Tor are likely better choices for you.

1 Like

dnsleaktest.com does test which DNS resolvers are being used by my client.

When I am connected to warp+, my understand is only the CloudFlare DNS resolvers are being used.

However, I see that my ISP DNS resolvers are being used as well.

Wait, so, WARP does NOT tunnel traffic then? If not, what’s the point?

You should probably read the article. Warp does tunnel the traffic from your device to Cloudflare’s edge.

I don’t get why it’s leaking the DNS and IP though, if optimal privacy is the plan?

Optimal privacy isn’t the plan, rather, encrypting the last mile is the intended purpose.

2 Likes

If dns requests are leaking, then the last mile is not being encrypted.

If you believe you’ve found a :wbug: there’s an option in the app to report it.

1 Like

That is not correct, DNS leaking is a totally different (technical) problem to solve, and is outside the scope of what Cloudflare intends to do with Warp.

1 Like

I will say, it is a bit confusing.

If you haven’t heard about it yet, WARP is a mobile app designed for everyone which uses our global network to secure all of your phone’s Internet traffic.

Most people will equate “online security” with “being hidden”. I thought it myself. In which case, the windscribe VPN is a slower alternative.

1 Like

Ultimately there is a big difference between encrypting the last mile, providing connectivity (to internal resources), alternative routing/transport (Warp+) vs containing active content from sneaking a packet out (tor via tails is about the only thing fit for purpose here).

1 Like

Please don’t spam affiliate links, it’s really tacky and disrespectful…

1 Like

If it is a reasonable alternative to Warp for folks who are looking for features it doesn’t provide is it really spam? I’m not familiar with the tool, but I am familiar with @jules, so I imagine it’s a decent tool. If that’s not the case then let me know.

Anyone who signs up with that ‘spam affiliate link’ gets an extra GB for free. It’s not an affiliate link that I make money from. Note the URL has ‘friend’ in it, not ‘affid’ or similar.

I’m just tired of these links everywhere, there’s thousands of VPN services, should we allow them posting here too? Does it contribute to the conversion?

The friend links usually mean, give one get one.

I don’t use any app at the moment.

To prevent DNS leaking, this is what I do.

  1. Go to Android Settings
  2. Go to Wifi & Internet
  3. Go to Private DNS
  4. Select Private DNS mode > Private DNS provider hostname > Type there one.one.one.one

I am sure, if you run test next time there won’t be any leak. All DNS request will be answered from Cloudflare server only not your ISP default one.

2 Likes

That’s not true. A primary purpose of WARP is to encrypt DNS traffic through the last mile, thereby preventing consumer-facing ISPs from seeing its contents. When WARP is enabled and functioning correctly, simple DNS leak tests will pass:

Notice that the query is coming from Cloudflare because my DNS requests are being sent to 1.1.1.1. I would see the same result if I weren’t using WARP but had manually set my DNS server to 1.1.1.1; however, my requests would most likely be unencrypted between my phone and 1.1.1.1, so my ISP could see the contents.

However, if I am using the default DNS server provided by my ISP and I have WARP disabled, I’ll see a different result:

Note that none of these are my IP address—these are the resolvers provided by my ISP. The IP addresses listed their will definitely see my queries and may choose to log or interfere with them.

If I’m seeing the results in the last screenshot, I can be almost certain that the last mile is not being encrypted.