Hi, On Tue, Feb 16, 2016 at 4:53 AM, Lev Stipakov <lstipa...@gmail.com> wrote:
> Hi James, > > > Has anyone seen issues with --block-outside-dns speed? Because this > > approach drops certain DNS packets, I'm wondering if apps will > > experience lag time while waiting for dropped DNS requests to time out. > > Yes, I have experienced issues with that patch. > > On only machine I was able to reproduce DNS leak, this patch causes > _all_ DNS requests to take 10 seconds to execute. According to > Wireshark, Windows sends DNS requests to all adapters, got fast response > from "right one", but nevertheless waits for about 10 seconds before > giving up. > On the contrary, on the only win10 machine I had tested this, there was no apparent delay in resolution. Unlike Lev, I see DNS requests to all interfaces on wireshark only when --block-outside-dns is _not_ used. When blocked, the only DNS traffic seen on wireshark was through the TAP interface. That looked right as the packets are dropped before they reach the wireshark hooks, I suppose.. Anyway, the dns client service may still expect replies to those lost packets, but no apparent name resolution delay in applications was seen. However, I did not test programs that directly connect to the dns servers (e.g., nslookup) instead of using the dns client service. Selva
