¶ The issues with leak tests
Leaks test are always built for a specific service. If a leak test says you are “leaking”, it means that your device is not configured exactly as they expect. If you are using Portmaster, this is most probably the case.
¶ How to verify test results
The easiest thing you can do is to take the IP addresses the leak test says you are leaking and enter them on this page: https://bgpview.io/
This will tell you who the IP address belongs to. As long as this is not your ISP, all is good.
Sometimes you can even try to just enter the IP address in your browser and see where it leads to. Many services have small web pages set up so interested network administrators can check what the IP address is used for.
¶ 2 Portmaster settings you should check
In global settings check the "Servers" section, there should be 2 settings in there, if not switch to "Advanced Interface"
Miss-configuring this area can lead to your system using your ISPs DNS. This is because Portmaster falls back to System / Network DNS (typically your ISP) if it can't resolve the domain.
Reasons this could happen are:
- leaving the DNS servers empty
- putting invalid information into the servers field
- all configured DNS servers are not reachable
To Prevent the fallback you can enable "Ignore System/Network Servers" keep in mind that this can break other things as well, so do that with caution.
Also if you want to use an exotic DNS resolver which would be super slow in your location we found that Portmaster does fall back to the system configured DNS more often, so please make sure you put a fast DNS into that list bellow your favorite alternative.
Note: We also have seen in the past that Quad9 sometimes has issues, we recommend using Cloudflare as the “backup” dns option
¶ What to do if you are still concerned
If you are confident that you are experiencing a real leak of any kind, please report it and include the following information:
- The software or website you used for the test
- Any leaked IP addresses (that are not yours)
- Any leaked domain names / dns queries