Jump to content

Public DNS Resolvers - safe to use with VPN?


AZwaffelForAWaff

Recommended Posts

AZwaffelForAWaff

Is it better to use VPN provider's plain-text DNS servers that do not support DoH (DNS-over-HTTPS) or Public DNS Resolvers like Cloudflare that do support DoH? In either case, there is no ISP DNS leak, but it is unknown to me whether it is more private and/or more secure to VPN DNS.

Link to comment
Share on other sites


  • Replies 5
  • Views 2k
  • Created
  • Last Reply
8 minutes ago, AZwaffelForAWaff said:

Still curious about it...

Always better a different DNS Resolver than the one provided by your ISP or the VPN providers.

Link to comment
Share on other sites


  • 2 weeks later...
Cyric Bhaal

To be honest if you use a VPN where all your traffic goes by, i dont see why using their DNS will be a privacy problem;  just pick a reputed  privacy/security VPN like IVPN or Mullvad who own their own servers (BareMetal servers), unlike most of those advertised everywhere who offers virtual servers (Nord, Cyberghost, etc...)

 

Link to comment
Share on other sites


AZwaffelForAWaff

I am very new to the world of network privacy and security and my research leads me to believe that ISP's can see when you connect to a VPN if you use VPN DNS for original connection, but if you use a DNS-over-HTTPS resolver from the beginning, then ISP's see less information. I think most VPN's do use DNS-over-HTTPS once your data starts jumping between their servers, but initial DNS resolution is plain-text. There is no DNS-over-HTTPS address for NordVPN or Mullvad. I do know that NordVPN uses a specific resolver for its WireGuard protocol.

 

As far as server ownership goes, both Mullvad and NordVPN utilize a mix of owned and rented servers. Mullvad is more transparent about it and shows you which servers are owned and which ones are rented, but your data is going to jump from one to another anyway - https://mullvad.net/en/servers/#/ .

Link to comment
Share on other sites


  • 2 months later...
On 7/6/2020 at 5:23 AM, AZwaffelForAWaff said:

Is it better to use VPN provider's plain-text DNS servers that do not support DoH (DNS-over-HTTPS) or Public DNS Resolvers like Cloudflare that do support DoH? In either case, there is no ISP DNS leak, but it is unknown to me whether it is more private and/or more secure to VPN DNS.

 

Beware of Cloudflare as it is American-owned with HQ in the US.

 

On 7/11/2020 at 9:30 PM, duddy said:

Always better a different DNS Resolver than the one provided by your ISP or the VPN providers.

 

That I agree.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...