DNSCrypt and VPN on Clients

Hello everyone,

I have DNSCrypt and Adblock installed on my OpenWRT router and everything is working fine. DNSCrypt is set up so that all clients are forced to use the DNS resolver from DNSCrypt.

I connect to a VPN provider on my clients such as Android phone or linux computer but I noticed that once I connect to my VPN provider I only get the IP address of the VPN server I am connected to but when I run dnsleaktest.com The DNS servers that show up in the results are the ones I set up in the config file for DNSCrypt and not the DNS of the VPN provider.

Can someone please tell me:

  1. is it a good or bad thing to be connected to a vpn server but using different DNS resolver other than that from the VPN provider?

  2. Is it possible to make my clients use the VPN provider when I connect to the VPN?


Which DNS servers you get when you have an "inside" client connecting to an "outside" VPN provider will depend on how the device and VPN provider are configured. "The whole point" of a VPN is that intermediate devices no longer can see or control your traffic, which includes your OpenWrt router.

Advantages of using your own DNS is that you know (or could know) how it behaves. Just because some company provides VPN service doesn't mean anything about their security or privacy policies, or if they "make their own decisions" about what to return for a DNS query.

Disadvantages of using your own DNS, not co-located with the VPN end point, is that many large services return the "best" server for a given name, often based on the load and/or "Internet distance" from the end point. For example, the servers I get for google.com in California are probably different than the ones for someone in Europe.

Hello Jeff,

I use perfect-privacy as my vpn provider and I connect using OpenVPN APP on my android.

If I disconnect from my WIFI ( which has DNSCrypt configured on my router) and connect to the mobile data then connect to VPN I would get an IP address and DNS server from perfect-privacy where both IP and DNS are co-located in the same city/country as the vpn server I am connected to and when I run dnsleaktest.com I get one DNS server whcih is the DNS of the vpn provider.

In the VPN profile: I have the option "Override DNS settings by server" disabled which makes sure that I connect to the DNS server provided by the VPN provider but this does not work this way with DNSCrypt.

DNSCrypt forces its own list of DNS servers and I was just wondering if there is a way to allow the VPN connection to bypass DNSCrypt DNS servers and use its own DNS server provided by the VPN provider without disabling DNSCrypt ever time I want to connect to the VPN.