I am predominantly asking to both check my understanding and expand my knowledge. My question is ultimatley about DNS lookups at different levels (OS, VPN, Browser) and trying to understand the risk.
A VPN provides a tunnel. Your ISP sees only the tunnel (IP address) and not the traffic itself. The VPN server connects to the destination website and feeds the data back through itself, to you the user. This is how, generally, VPNs, obscure your internet usage from third party observers.
I recognise there are more advanced techniques that can still map traffic to a specific individual, and of course, this does not prevent browser fingerprinting or other types of tracking (cookies, etc.)
The DNS lookup is the first step to initiate connection. I know there was historically concern that the DNS lookup could leak outside the VPN tunnel, and whilst this wasn't a catastrophic failure to a privacy-model, it certainly is sub-optimal. There are now a number of solutions:
- Use a masking DNS solution to anonymise the lookup (e.g. Rethink DNS)
- Force all traffic through the VPN, i.e. 'Always On'; therefore the DNS query is routed through the VPN
- Have the VPN service itself conduct the DNS lookup (which is a special case of #1 and #2)
Modern VPNs like Proton include the DNS lookup as part of the VPN service to aid in your obfuscation. This is probably preferred for most people as the look-up and main-line traffic come from the same location. However GrapheneOS has its own DNS look-up and if you use a Chromium Brower, including Brave, this also has its own DNS lookup.
https://grapheneos.org/faq#default-dns
This user discusses a similar topic
And here GrapheneOS (circa late 2024) recommends setting Private DNS to 'OFF' vice automatic
My question is, what is happening if I leave it at automatic? My (non-technical) understanding is that since the VPN application probably has the most control, the VPN is conducting the DNS requests - and that is exactly what Proton claims. When I conduct DNS leak tests, it gives me the indication that the VPN is conducting the DNS lookup. I kind of have the following conclusions/queries:
'Automatic' means the VPN, if capable, conducts the DNS lookup
- However if 'Automatic' is set and the DNS lookup fails through the VPN, there's the potential for a DNS-leak as the system either defaults to the OS solution or Browser solution
- A DNS leak shouldn't necessarily mean a VPN leak (although this is possible), but an 'Always On' VPN (in theory) should strangle any connections outside the VPN, so an OS/Browser DNS query should still appear to come from the VPN server?
'Off' means the VPN either succeeds in executing the DNS query or the query fails and the user is not connected
- 'Off' should mean the DNS lookup won't occur via the OS-based method. I suspect that a Browser-enabled method may still conduct the DNS query though
In either circumtance, of 'Off' or 'Automatic' I get the sense that for a regular privacy-minded user that their privacy is not ultimately compromised as long as the VPN is doing its job and not leaking
- I recognise that alternate threat models will see the potential issues as more or less problematic, and certainly, there is a genuine risk here in de-anonymising a user
I apologise for the long post, but it is hard to find a good answer where these complex problems are explained or answer the whole way through. I also understand there is a lot of specific issues in that the way VPNs and specific OSes are both designed and interact creates issues in and of itself.
I appreciate any responses. I don't mind being told I'm wrong about things, I just want to learn.