My current configuration is the following: I use a vpn, and have un proxy (socks or http) activated on my everyday browser (FF)
I had a long time ago protected my browser (FF) against "dns leak" (webrtc bloking), and have make that the dns will be performed by my proxy dns resolver in setting network(.)proxy(.)socks_remote_dns to true.
But some weeks ago, a DnsLeak test revealed not only my proxy Dns resolver IP, but my vpn dns resolver IP, too.
So, using my proxy was no more hiding that I used a vpn behind it. Moreover, both my vpn provider identity and the vpn server in use could be deduced from that data. Bad.
I had a really hard time to find what was wrong: My browser has a lot of addons installed, and moreover the culprits where 2 different addons, each of them leading to the previous dns leak. To make things worse, concerning one of these addons, the culprit was only one of this many options.
These two addons are Port Authority and... uBlock0, and more precisely the option "uncloack canonical name" I have checked months ago.
The dns leak is due to the way FF handles CName.
I could have of course deactivated Port Authority and the CName uncloaking in uBlock, but I wanted the features offered by these addons.
A workaround has been to use the in-browser DoH feature, with the preference network(.)trr(.)mode = 3. Also in that case I had to replace (in my proxy manager) any Proxy url by the corresponding Proxy IP in order a dns resolution could happen.
After testing my configuration, many time on different Dns Leak test site, I saw the problem was solved, in the sense that my vpn dns ip no more appeared in the tests.
Bookmarks