Em 06-12-2013 15:42, Chris Smith escreveu: > The lwtitle.com mx and lwtitle.com txt queries both fail for me here > and I run unbound as a resolver on my firewall and I pass the DNS leak > test. The dns leaktest only detects if the provider is actively redirecting your queries to their caching resolvers. And if even so, who is to say that they are detecting your dnsleaktest attempt and they do not try to resolve it, so your test pass, but when you query another domain they intercept it? I know it does sound too of a conspiracy theory, but these days post snowden, who can assure anything? > The one network of the 4 that I do get a proper answer on has an older > version of OpenBSD on its firewall (4.9) while all the ones that are > failing for me run a fairly current (or even -current) version. > > And if my ISP, and a couple of the others, were doing dns proxy and > that was messing up the results it would surely mess them up for all > of the DNS caches I tested. >
As I said above, this is not necessarily true, they could be messing only some domains, although it is very unlikely. This seems to me a problem with the other end, even when they told you everything is ok with them. Anyway, it won't hurt if you use dnscrypt proxy. -- Giancarlo Razzolini GPG: 4096R/77B981BC
