Getting multiple servers from extended test on dnsleaktest.com while using VPN. This occurs regardless of method connecting to VPN. On Ubuntu 22.04 LTS

Thanks for reading. I’m relatively new to Linux and brand new to Ubuntu.

I have Ubuntu installed on an old iMac as well as an old Lenovo laptop. Whether using ProtonVPN’s application in Ubuntu or connecting to a GL-iNet router with a ProtonVPN connection, dnsleaktest.com lists multiple IP addresses in the results of an extended test, none of which seems to be related to Proton. This occurs on both machines whether I’m using OpenVPN or Wireguard.

When I run the same test on my mobile phone, tablet, or MacBook, regardless of the method of connecting to ProtonVPN, I get one server listed and all is well.

I’m wondering what is happening and why, and if any of my true information is leaking. Seems like a DNS leak and my privacy is not intact.

Thanks again for reading.

Edit: /u/D0_stack set me on the right path with his tip. I was using a program called Portmaster for the network monitoring feature but I wasn’t aware that it overrode my VPN DNS to use Cloudfare. I just wanted it to monitor network activity. Learned a lot about this stuff today. Thanks again.

Edit 2: If anyone has an application of that type, such as LuLu and LittleSnitch on macOS, but for Linux, please let me know. I hear OpenSnitch isn’t maintained and not great. I thought Portmaster was a viable alternative.

Portmaster is amazing, you can use whatever DNS you want, it comes default with cloudfare, probably for best compatibility for new users. It will block any DNS bypass attempts.

You have very granular controls, and can tweak things on a system level or application level.

Also their SPN (onion routing, multiple pathways simultaneously applied to apps) works with ProtonVPN, just open proton first then start the SPN.

Do you have some examples servers you connect to and results the page shows?

I figured it out thanks to your tip. Thanks a ton!

Another little thing that will trip you up is if DNS was configured into your wifi setting. Check your wifi settings and make sure that the access point DNS settings are set to “automatic”.

Another useful debugging comand is sudo resolvectl status which will show you what DNS servers are in use by each interface.

Thanks for the info. So I can use Portmaster for monitoring and disable everything else? I had already disabled the SPN.

Can you edit your post and add what was the problem? For future users with similar problems.

Thanks, very appreciated!