undefined | Better HN

0 pointskrageon4y ago0 comments

> Is this not the case for any VPN or proxying service?

No, it's not.

> In fact, it could even be a security flaw if your internal domains were accessible on external VPN style endpoints?

It would be, but then this is not something that happens on a network configured in the way you describe.

0 comments

"No, it's not"

The root's observation is that it doesn't use the machine configured DNS. The overwhelming majority of VPNs also don't use the machine configured DNS. Maybe not "any", but if you're using a VPN you're generally going to want your DNS going over it as well.

But it is worth noting if you're on a corporate network, or if you use a DNS solution like NextDNS -- when you turn on PR those no longer play a part, at least to Safari traffic.

yunohn4y ago

I use NordVPN. It specifically has an opt-in setting to use locally discovered DNS in favor of their in-network DNS. This is crucial since out-of-network DNS can leak activity.

I’m not sure what kind of network you believe I described, but would be useful to have a clearer explanation from you.

krferriter4y ago

It is for any VPN client that routes DNS traffic through the VPN as well as HTTP and other web traffic. It's not out of the ordinary for this to happen.

j / k navigate · click thread line to collapse