DNS Leak Test and Recommended Settings for Remote Work
For remote workers using GL.iNet routers, protecting your DNS from leaking is essential—especially when connecting via VPNs like WireGuard or Tailscale. A DNS leak can compromise your privacy by revealing your real location or browsing behavior. If your DNS leak test “fails,” it means DNS queries are escaping outside the VPN tunnel, displaying DNS servers from your client’s local area instead of those configured by the VPN. Although this is rare, certain conditions—like manually disabling the VPN client while Block Non-VPN Traffic is enabled—can trigger leaks. Even though active DNS traffic monitoring isn’t guaranteed, it’s always best to stay cautious and secure.
Why DNS Matters for VPN Security
DNS servers are responsible for translating website names into IP addresses. These servers are spread all over the world, and even if you’re using a VPN, a DNS leak can reveal your true location by sending requests outside your VPN tunnel. The Wireguard protocol uses a full tunnel VPN by default, so this should not happen especially if you have “Block Non-VPN Traffic” enabled on the client router.
DNS Distance: Does It Matter?
Understanding DNS distance: The closest DNS server to you could be hundreds of miles away, but that’s not necessarily a problem as long as it’s still within the same country as your home server. So, don’t be alarmed if you see a DNS server that’s not super close to your server location.
Optimizing DNS Performance: Latency vs. Throughput
No matter what DNS settings you set for your Wireguard client device, the DNS traffic will be tunneled and use the DNS servers closest to your Wireguard server’s location. But, if you set the DNS IP in the config file to your Wireguard server IP as described later, you will use cached responses at your server and avoid two roundtrips to your server. By using your server’s DNS as opposed to the local DNS near the client, you sacrifice a small amount of latency for much better throughput/speed performance.
How to Test for DNS Leaks
A quick and reliable way to verify your DNS setup is through dnsleaktest.com. Follow these steps:
- Clear your browser’s cache (and, if possible, your device’s DNS cache).
- Connect to your VPN.
- Run the DNS leak test on the site to check if any DNS queries are leaking outside the VPN tunnel. If the results show DNS servers near your client router instead of those configured by your VPN server, further adjustments may be needed.
Recommended DNS settings:
WireGuard VPN Configuration
For optimal security and performance, we recommend setting your server router’s DNS as follows:
- DNS Provider: Avoid ISP-provided DNS to protect privacy.
- Cloudflare DNS (1.1.1.1): Known for its fast performance and low latency.
- Backup: Use Google DNS (8.8.8.8) as a secondary option if needed.
Example of server router DNS settings:
Enabling Remote Access LAN
If remote access is required, you need to enable the Remote Access LAN feature on your VPN server:
- Click “Options” under the WireGuard VPN Server
- Enable the Remote Access LAN to allow devices to access the VPN server’s network remotely.
Client Router DNS Configuration for WireGuard
To further enhance DNS performance, modify the WireGuard client configuration to point directly to the VPN server’s IP:
- Go to WireGuard Client on your GL.iNet router.
- Edit the config file and set the DNS = field to your VPN server’s IP (e.g., 10.0.0.1 or 10.1.0.1).
- Set the DNS Mode to “Automatic” to ensure that the VPN server’s DNS cache is used before forwarding queries to external DNS servers.
Example of client router DNS settings:
Tailscale DNS Configuration
Tailscale automatically routes DNS queries through its secure infrastructure, but you can override this with custom DNS settings:
- Open the Tailscale admin console.
- Set the preferred DNS to Cloudflare (1.1.1.1) or Google DNS (8.8.8.8).
- For client routers, switch to Manual Mode and enter the same DNS settings for added consistency.
Example of Tailscale DNS settings:
Conclusion
Using the right DNS settings and verifying your setup ensures a seamless and secure remote work experience. Whether you prefer WireGuard or Tailscale, setting your DNS correctly prevents leaks, enhances privacy, and boosts network performance. Be proactive by running DNS leak tests regularly and fine-tuning your settings for the best results. With GL.iNet routers, managing your VPN and DNS settings becomes easy, empowering you to stay productive and secure—no matter where your work takes you.
About GL.iNet
GL.iNet builds network hardware and software solutions that bring affordable and secure network connectivity to families and businesses all over the world. We work with a wide range of industries, solving everyday internet problems in offices, and providing complex networking solutions such as smart buildings and IoT Networks. At GL.iNet, We believe all successful businesses build upon a strong and secure foundation, which is why our highest priority is perfecting network security and reliability for our partners.