Found a DNS leak problem about wstunnel HOT 5 CLOSED

Yes, this parameter "network.trr.mode" in Firefox must be changed to 3 to ensure that all DNS queries only use DNS over HTTPS. Thank you for your help!

from wstunnel.

Most likely, you haven't configured properly your wireguard client. Can you please share your config

from wstunnel.

local windows client added a static route and modified the allowed IP to: 0.0.0.0/1, 128.0.0.1/1.DNS is 8.8.8.8, After checking again, the real IP is no longer displayed. Thank you for your prompt reply.

from wstunnel.

At this time, use the Firefox browser to enable the DoH function and select a DNS resolver that supports DoH.At the same time, set Firefox to only allow DNS over HTTPS resolution and not allow regular DNS as a backup. Then open the https://ipleak.net website for testing. you will not see the local ISP DNS; but after canceling the DOH function of Firefox, open it again. When testing the https://ipleak.net website, you will see that among the many DNSs, there is a local DNS. How to solve this problem?

from wstunnel.

I suppose you are on windows ? You can specify your the dns resolver to use in the client command line
But for firefox you must use DoH or else there is no guarantee that windows is going to send dns to your vpn interface

      --dns-resolver <DNS_RESOLVER>
          Dns resolver to use to lookup ips of domain name. Can be specified multiple time
          Example:
           dns://1.1.1.1 for using udp
           dns+https://1.1.1.1?sni=cloudflare-dns.com for using dns over HTTPS
           dns+tls://8.8.8.8?sni=dns.google for using dns over TLS
          For Dns over HTTPS/TLS if an HTTP proxy is configured, it will be used also
          To use libc resolver, use
          system://0.0.0.0

          **WARN** On windows you may want to specify explicitly the DNS resolver to avoid excessive DNS queries

from wstunnel.