GrapheneOS (@GrapheneOS@grapheneos.social)
grapheneos.social
Our current approach to DNS leak blocking appears to work well without breaking compatibility. We've made progress towards fixing a related issue for some VPN apps where rare connections are made to VPN DNS outside of the tunnel. We can hopefully ship stricter enforcement soon.

Our latest release with prevention for most VPN app DNS leaks is currently available in our Alpha and Beta channels:

https://grapheneos.social/@GrapheneOS/112896412987587996

We need more feedback from testing VPN apps and services with leak blocking toggled on, which GrapheneOS already enables by default.

This new temporary approach should be compatible with any normal VPN apps and services. Only VPN apps which don’t provide DNS and depend on sending all DNS requests to the local network will be incompatible but it doesn’t really make much sense to support leak blocking for those.

We still want to ship our previous stricter approach, but it causes issues establishing the initial VPN connection with Proton VPN for certain users. This is either an app bug or an OS bug triggered by certain apps. We want to resolve that to ship our stricter approach from May.

The best place to give feedback on releases that are still in the Alpha and Beta channels is our Alpha/Beta testing chat room. You can choose between Discord, Telegram or Matrix and can talk with the users in the room on other platforms from each of them:

https://grapheneos.org/contact#community-chat

Our current approach to DNS leak blocking appears to work well without breaking compatibility.

We’ve made progress towards fixing a related issue for some VPN apps where rare connections are made to VPN DNS outside of the tunnel.

We can hopefully ship stricter enforcement soon.