DNS Leak Test and Recommended Settings for Remote Work

For remote workers using GL.iNet routers, protecting your DNS from leaking is essential—especially when connecting via VPNs like WireGuard or Tailscale. A DNS leak can compromise your privacy by revealing your real location or browsing behavior. If your DNS leak test “fails,” it means DNS queries are escaping outside the VPN tunnel, displaying DNS servers from your client’s local area instead of those configured by the VPN. Even though active DNS traffic monitoring isn’t guaranteed, it’s always best to stay cautious and secure.

Why DNS Matters for VPN Security

DNS servers are responsible for translating website names into IP addresses. These servers are spread all over the world, and even if you’re using a VPN, a DNS leak can reveal your true location by sending requests outside your VPN tunnel. The Wireguard protocol uses a full tunnel VPN by default, so this should not happen especially if you have “Block Non-VPN Traffic” enabled on the client router.

DNS Distance: Does It Matter?

Understanding DNS distance: The closest DNS server to you could be hundreds of miles away, but that’s not necessarily a problem as long as it’s still within the same country as your home server. So, don’t be alarmed if you see a DNS server that’s not super close to your server location.

Optimizing DNS Performance: Latency vs. Throughput

No matter what DNS settings you set for your Wireguard client device, the DNS traffic will be tunneled and use the DNS servers closest to your Wireguard server’s location. But, if you set the DNS IP in the config file to your Wireguard server IP as described later, you will use cached responses at your server and avoid two roundtrips to your server. By using your server’s DNS as opposed to the local DNS near the client, you sacrifice a small amount of latency for much better throughput/speed performance.

How to Test for DNS Leaks

A quick and reliable way to verify your DNS setup is through dnsleaktest.com. Follow these steps:

1. Clear your browser’s cache (and, if possible, your device’s DNS cache).
2. Connect to your VPN.
3. Run the DNS leak test on the site to check if any DNS queries are leaking outside the VPN tunnel. If the results show DNS servers near your client router instead of those configured by your VPN server, further adjustments may be needed.

Recommended DNS settings:

WireGuard VPN Configuration

For optimal security and performance, we recommend setting your server router’s DNS as follows:

• DNS Provider: Avoid ISP-provided DNS to protect privacy.
• Cloudflare DNS (1.1.1.1): Known for its fast performance and low latency.
• Backup: Use Google DNS (8.8.8.8) as a secondary option if needed.

Enabling Remote Access LAN

If remote access is required, you need to enable the Remote Access LAN feature on your VPN server:

1. Click “Options” under the WireGuard VPN Server
   

2. Enable the Remote Access LAN to allow devices to access the VPN server’s network remotely.
   

Client Router DNS Configuration for WireGuard

To further enhance DNS performance, modify the WireGuard client configuration to point directly to the VPN server’s IP:

1. Go to WireGuard Client on your GL.iNet router.
2. Edit the config file and set the DNS = field to your VPN server’s IP (e.g., 10.0.0.1 or 10.1.0.1).
3. Set the DNS Mode to “Automatic” to ensure that the VPN server’s DNS cache is used before forwarding queries to external DNS servers.

Example of client router DNS settings:

Tailscale DNS Configuration

Tailscale automatically routes DNS queries through its secure infrastructure, but you can override this with custom DNS settings:

1. Open the Tailscale admin console.
2. Set the preferred DNS to Cloudflare (1.1.1.1) or Google DNS (8.8.8.8).
3. For client routers, switch to Manual Mode and enter the same DNS settings for added consistency.

Example of Tailscale DNS settings:

Conclusion

Using the right DNS settings and verifying your setup ensures a seamless and secure remote work experience. Whether you prefer WireGuard or Tailscale, setting your DNS correctly prevents leaks, enhances privacy, and boosts network performance. Be proactive by running DNS leak tests regularly and fine-tuning your settings for the best results. With GL.iNet routers, managing your VPN and DNS settings becomes easy, empowering you to stay productive and secure—no matter where your work takes you.

About The Author

Adam, a Virginia native with a passion for international travel, holds an Electrical Engineering degree from Virginia Tech. He is a Community Specialist at GL.iNet, creator of The Wired Nomad—a resource for digital nomads—and works full-time for the world’s largest satellite operator. Connect with him on his website.