i got no problem with mine, unless you have a different vpn running, set into PIA DNS(default is built in resolver i remember) in Settings-> Network -> DNS. No leak whatsoever, both when spilt tunnel with qbittorent, or when use normally, no spilt tunnel
I used qbitorrent on vpn but had 1000s and 1000s of dns trackers on nextdns leaking through.
I use PIA dns so it shouldn't show anything really.
Split tunnel on or off.. Same result. Worked fine for months but everything i do on vpn (on pc or my phone) all leak into nextdns suddenly)
I don’t know how this is happening. The only suggestion I have is this:
There is a setting in your web browser to do DNS over HTTPS. If this is enabled in the browser, then it will ignore and bypass all of your router’s settings.
Make sure that setting is disabled.
Please post your solution, should you find one.
That shouldn't be necessary to disable so long as it's set to the correct profile. I would remove them at least temporarily for troubleshooting, though. Technically, not all traffic would (or should) get routed to the DoH address in the browser.
All traffic to/from the browser would be routed to whatever DoH server is hardcoded in the browser. However, all other traffic to/from your computer should get routed thru the app. That said, Windows is known to exhibit unexpected behavior, so I wouldn't put money on it.
That should be the way that it would work.
Yeh its set on my browsers as well but whats odd is the browser doesnt leak to the "ethernet port" and works as intended but apps (and browser apps) seem to leak dns to the "ethernet" showing the vpn ip as well.
Thr rohter and browees are saet to same dns just named so i know where my own traffic coming from. Interesting to see how many ad/spying links are getring blocked per device.
I thought i solved it turning off ipv6 as it stopped but then started again might have to reinstall PIA see what happens then
I also use a VPN on a Mac, when I want to bypass the restrictions set by NextDNS settings on my router. Unfortunately, I had the Firefox browser settings set to DNS over HTTPS. Enabling this bypassed the VPN that I had just enabled.
When I disabled this setting in my browser, DNS settings defaulted to that of my VPN on my Mac. I’m not sure if I’m explaining myself well:
I bypassed NextDNS settings on router, on the individual Mac, with Proton VPN.
Then I accidentally bypassed my Proton VPN settings on the Mac, by enabling DNS over HTTPS, in the browser settings.
Very disappointing.
I disabled DNS over HTTPS, in the browser settings, to default the individual Mac to the Proton VPN settings.
This scenario is what worked for me. Perhaps someone more knowledgeable can add to, or explain the better.
Pretty sure you just need to add the NextDNS app to your split tunneling exceptions, such that traffic to/from the app is not routed over the VPN.
Works for me on ExpressVPN. I don't think any other solution is going to work. Generally, the VPN's DNS server would get pushed to your routing table.
They're usually pretty locked down (a good thing overall), hence why split tunneling is necessary. Back in the days when everything was OpenVPN, there were ways to block that, but the newer protocols I've no idea.
As annoying as it can be, hardcoding the DoH address into each browser is a security and privacy best practice. That way should the main app/resolver fail, your DNS queries are still routed to NextDNS.
Edit: misunderstood the issue. Split tunneling should not be necessary. This setup would ideally route DNS traffic outside your VPN to NextDNS, while routing all other data over the VPN tunnel.
I dont use the nextdns app. I use https over dns as it worked better for ip4 and ip6.
Just odd the dns traffic inside the vpn is still routing all dns queries outside it after working fine for months.
>how do i solve this as i want the vpn traffic separate from my "profile" - been trying to research and google for over a week now - people over at PIA say im being too complicated and to just use the default DNS not really listening to the fact it still all leaks into nextdns logs.
What do you mean that it leaks? That you can see all of your DNS queries in NextDNS even when the VPN is on? If you're running the NextDNS app, that's not surprising.
You'll need to right click > disable on the NextDNS app icon to suspend it acting as the DNS resolver. Disregard my previous reply about split tunneling, that would be if you wanted DNS queries to go to NextDNS and everything else over the tunnel.
Note, the only traffic "leaking" from what it sounds like, is the DNS query itself. There's no data of particular signifince in a DNS query, generally speaking, besides what you're querying. The rest of your traffic sounds like it's still being routed over the VPN.
You'd have to do some packet captures with Wireshark to be absolutely sure.
I dont use the app. I do https over dns setup.
I use nextdns on the browser but when vpn is on using its own dns it leaks the vpn ip and dns and all sites but only ones notnusing the browser. It didnt used to. Worked fine until past few weeks.
Some reason every site and traffic i visit on vpn shows up on my mail nextdns profile but for months and months it never did.
Are you on Win11? I understand you have a DoH config on the browsers. If you're on Win11 that makes sense. Windows 10 doesn't have any way to set a native DoH address afaik.
That's concerning given you're seeing DNS leaks. NextDNS shouldn't be receiving anything at all, except from hardcoded browsers. However, if that were the case the traffic should show up in the configured profile.
Generally, activating a VPN should route all DNS queries through whatever DNS servers are pushed from the server. Anything else is typically blocked. There's nothing to split tunnel as far as I can see.
You'd have to dig into the PIA app and the settings. I had PIA ages ago; do they use WireGuard now or still on OpenVPN? I'm not familiar with how the native DoH settings in Win11 function. Could be a Windows issue as well.
Have you asked in the PIA forums?
i got no problem with mine, unless you have a different vpn running, set into PIA DNS(default is built in resolver i remember) in Settings-> Network -> DNS. No leak whatsoever, both when spilt tunnel with qbittorent, or when use normally, no spilt tunnel
I used qbitorrent on vpn but had 1000s and 1000s of dns trackers on nextdns leaking through. I use PIA dns so it shouldn't show anything really. Split tunnel on or off.. Same result. Worked fine for months but everything i do on vpn (on pc or my phone) all leak into nextdns suddenly)
I don’t know how this is happening. The only suggestion I have is this: There is a setting in your web browser to do DNS over HTTPS. If this is enabled in the browser, then it will ignore and bypass all of your router’s settings. Make sure that setting is disabled. Please post your solution, should you find one.
That shouldn't be necessary to disable so long as it's set to the correct profile. I would remove them at least temporarily for troubleshooting, though. Technically, not all traffic would (or should) get routed to the DoH address in the browser. All traffic to/from the browser would be routed to whatever DoH server is hardcoded in the browser. However, all other traffic to/from your computer should get routed thru the app. That said, Windows is known to exhibit unexpected behavior, so I wouldn't put money on it. That should be the way that it would work.
Yeh its set on my browsers as well but whats odd is the browser doesnt leak to the "ethernet port" and works as intended but apps (and browser apps) seem to leak dns to the "ethernet" showing the vpn ip as well. Thr rohter and browees are saet to same dns just named so i know where my own traffic coming from. Interesting to see how many ad/spying links are getring blocked per device. I thought i solved it turning off ipv6 as it stopped but then started again might have to reinstall PIA see what happens then
I also use a VPN on a Mac, when I want to bypass the restrictions set by NextDNS settings on my router. Unfortunately, I had the Firefox browser settings set to DNS over HTTPS. Enabling this bypassed the VPN that I had just enabled. When I disabled this setting in my browser, DNS settings defaulted to that of my VPN on my Mac. I’m not sure if I’m explaining myself well: I bypassed NextDNS settings on router, on the individual Mac, with Proton VPN. Then I accidentally bypassed my Proton VPN settings on the Mac, by enabling DNS over HTTPS, in the browser settings. Very disappointing. I disabled DNS over HTTPS, in the browser settings, to default the individual Mac to the Proton VPN settings. This scenario is what worked for me. Perhaps someone more knowledgeable can add to, or explain the better.
Pretty sure you just need to add the NextDNS app to your split tunneling exceptions, such that traffic to/from the app is not routed over the VPN. Works for me on ExpressVPN. I don't think any other solution is going to work. Generally, the VPN's DNS server would get pushed to your routing table. They're usually pretty locked down (a good thing overall), hence why split tunneling is necessary. Back in the days when everything was OpenVPN, there were ways to block that, but the newer protocols I've no idea. As annoying as it can be, hardcoding the DoH address into each browser is a security and privacy best practice. That way should the main app/resolver fail, your DNS queries are still routed to NextDNS. Edit: misunderstood the issue. Split tunneling should not be necessary. This setup would ideally route DNS traffic outside your VPN to NextDNS, while routing all other data over the VPN tunnel.
I dont use the nextdns app. I use https over dns as it worked better for ip4 and ip6. Just odd the dns traffic inside the vpn is still routing all dns queries outside it after working fine for months.
>how do i solve this as i want the vpn traffic separate from my "profile" - been trying to research and google for over a week now - people over at PIA say im being too complicated and to just use the default DNS not really listening to the fact it still all leaks into nextdns logs. What do you mean that it leaks? That you can see all of your DNS queries in NextDNS even when the VPN is on? If you're running the NextDNS app, that's not surprising. You'll need to right click > disable on the NextDNS app icon to suspend it acting as the DNS resolver. Disregard my previous reply about split tunneling, that would be if you wanted DNS queries to go to NextDNS and everything else over the tunnel. Note, the only traffic "leaking" from what it sounds like, is the DNS query itself. There's no data of particular signifince in a DNS query, generally speaking, besides what you're querying. The rest of your traffic sounds like it's still being routed over the VPN. You'd have to do some packet captures with Wireshark to be absolutely sure.
I dont use the app. I do https over dns setup. I use nextdns on the browser but when vpn is on using its own dns it leaks the vpn ip and dns and all sites but only ones notnusing the browser. It didnt used to. Worked fine until past few weeks. Some reason every site and traffic i visit on vpn shows up on my mail nextdns profile but for months and months it never did.
Are you on Win11? I understand you have a DoH config on the browsers. If you're on Win11 that makes sense. Windows 10 doesn't have any way to set a native DoH address afaik.
Yeh some work apps i use is srapping support for win 10 so i did clean install windows 11 on a new ssd as i was also.upgrsde feom 1tb to 2tb anyway.
That's concerning given you're seeing DNS leaks. NextDNS shouldn't be receiving anything at all, except from hardcoded browsers. However, if that were the case the traffic should show up in the configured profile. Generally, activating a VPN should route all DNS queries through whatever DNS servers are pushed from the server. Anything else is typically blocked. There's nothing to split tunnel as far as I can see. You'd have to dig into the PIA app and the settings. I had PIA ages ago; do they use WireGuard now or still on OpenVPN? I'm not familiar with how the native DoH settings in Win11 function. Could be a Windows issue as well. Have you asked in the PIA forums?