Every morning, I do a multiple DNS Leak test just as a precaution. Today, I did the leak test and all my IPs were different. They were the same IP block, just different. This made me suspicious and I set about trying to track the problem down. Turns out, there was a misconfiguration in the VPS. Worked yesterday, different today. I guess it was ghosts or gremlins in the machinery.
I got to thinking, for you guys who download a lot of Linux ISOs, might be a good idea to check daily. Even though you are setting behind a VPN, it’s still worth the minute it takes to fire off multiple DNS Leak checks just for a sanity check.
I might be misunderstanding, but you’re checking what exactly for DNS leaks?
If the IPs are changing, that’s not uncommon. The HOST changing would be though, like if you swapped from what you expected back to Comcast or something.
You need to get better control of your local network and not have to be paranoid about this. Static reservations for long lived hosts, your router should have a setting to override and prevent internal hosts (like guests) from sending OoB DNS requests, and any sort of VPS stack should as well.
Each different DNS leak test sites (multiple), were different, yet the same IP block. I don’t view it as paranoia. When you fire up your VPN, even though you have specified a certain locale, say Mexico, you still get different IPs each time you start your VPN, at least I do.
Example: 4.4.4.5, 4.4.4.6, 4.4.4.15
Same block, different IPs reported.
Yes, that’s called Round-Robin Load Balancing.
To get more specific, your DNS provider spins up a large number of DNS resolvers out in the world on a CDN network that resolves clients to the most geographically convenient server(s) at any point in time based on the GeoIP info of your public IP.
Once you resolve one set of addresses at any given time, it caches your request, so the next time you ask these DNS servers for something you’ll get a response right back from them as fast as possible.
You constantly checking is just going to show this. It’s quite normal.
I’ll have to accept a higher knowledge base than mine, but I check this every morning, and for years they have been the same across different leakcheck sites.