Snoop on my own DNS requests!

Some programs manage to run at a higher level than a desktop VPN app, and so they can see your real IP address and send it to the creator. For example, Microsoft Windows.

Even if you run Linux, since many of these programs are closed source, who knows if they can get this elevated privilege.

Yes, a VPN on an external pfSense router can solve this. But can it also diagnose it?!

In other words, can a pfSense router detect what DNS requests are made directly to it? While the desktop has a VPN app on, so it should be none besides the VPN.

(yes I know NextDNS and Cloudflare DNS offer this ability, but I don’t like/trust them)

Hi @TurbineBeast

In general DNS requests cannot be seen or spoofed by anyone between the VPN client and the VPN endpoint… If they got routed properly through the VPN tunnel. But your VPN provider can of course see them. And yes, applications can include hardcoded DoT or DoH servers. But this shouldn’t be an issue either, when all the traffic is properly routed through the VPN tunnel.

But maybe you should describe what your actual goal is and then the forum users could provide you with tips on how you could achieve this goal. There is no “one fits them all, press this button and your invisble to everyone” solution. You have to be more specific in order to receive meaningful answers. Or in simple terms: From whom are you trying to hide? :wink:

At the end of the day it’s all about trust. You don’t trust Windows? Don’t use it! You don’t trust a specific app? Don’t use it! You don’t trust your ISP? use another ISP or a VPN! You don’t trust your VPN provider? Use another VPN provider? You don’t trust the app of your VPN provider? Don’t use it! Don’t trust anyone? Pull the plug! :wink:

What you are saying is only applicable if the traffic is routed through the VPN tunnel to begin with. If software has a higher level privilege than the VPN desktop app, it never goes in the tunnel to begin with.

I’m asking how to evaluate this. I know for a fact that NextDNS can do this for me on a router. But that would require an account with them. I’m asking if pfSense can give me this functionality of seeing all DNS requests. Forget about the VPN

If the DNS requests are sent unencrypted via port 53 or via DoT (Dns over TLS) on port 853 you can see the requests and even block them. If an app uses DoH (DNS over HTTPS) you can see the requests too, but you wouldn’t necessarily know that these requests are DNS requests.