OS (Mac OS 13.2) DNS not honoured (or leaking) in Brave

[nonokh]

Description

System-wide DNS setting (Adguard DoH). DNS leak in Brave browser only. No leaks in Safari.

Steps to Reproduce

1. Go to https://www.dnsleaktest.com/
2. Standard test

Actual result:

1. Result in Brave

2. Result in Safari

Expected result:

No dns leak

Reproduces how often:

Easily reproduced.

Brave version (brave://version info)

Brave | 1.46.153 Chromium: 108.0.5359.128 (Official Build) (arm64)
Revision | 1cd27afdb8e5d057070c0961e04c490d2aca1aa0-refs/branch-heads/5359@{#1185}
OS | macOS Version 13.2 (Build 22D49)

[stephendonner]

Hi @nonokh - thanks for reporting, and sorry you're experiencing this issue. Can you help us reproduce this issue by providing as detailed step-by-step instructions as possible, here? Thanks!

Here's what I've tried, below.

Steps:

1. on macOS, set DNS resolver for my home Wi-Fi to 94.140.14.14
2. installed 1.49.64 Chromium: 110.0.5481.52 (Official Build) nightly (x86_64) on macOS Version 13.2
3. confirmed AdGuard DNS resolver was used at the operating-system level, via nslookup and dig commands
4. inbrave://settings/security I toggled Use Secure DNS to Off
5. opened a new-tab page
6. loaded www.dnsleaktest.com
7. clicked on Standard Test
8. confirmed detected DNS resolver domain was dns.adguard-dns.io., with two servers listed

example	example	example	example	example	example	example	example	example

[nonokh]

Hi @stephendonner - I believe you misunderstood me. To reproduce my situation , you have to use the encrypted DoH (dns over https)config. I downloaded the config from their website here

The one you are using is their plain IPv4 dns server (the wifi section) and not encrypted dns. I am using the encrypted one for my system wide setting instead of the wifi dns way.

After you install the profile , doh will be available at (Settings -> Network -> VPN and filters -> Filters and proxy)

Now Safari uses the system setting and brave doesn't.

edit : fixed spellings

[stephendonner]

@nonokh ok, now using

Brave	1.49.75 Chromium: 110.0.5481.52 (Official Build) nightly (x86_64)
Revision	979113183ded4544a2c443aceb1629c430907e52-refs/branch-heads/5481@{#636}
OS	macOS Version 13.2 (Build 22D49)

still can't reproduce. I always get adGuard.

What are your DNS settings in chrome://settings/security?

example	example	example	example

[frankebobdk]

@nonokh ok, now using

Brave | 1.49.75 Chromium: 110.0.5481.52 (Official Build) nightly (x86_64)

-- | --

Revision | 979113183ded4544a2c443aceb1629c430907e52-refs/branch-heads/5481@{#636}

OS | macOS Version 13.2 (Build 22D49)

still can't reproduce. I always get adGuard.

What are your DNS settings in chrome://settings/security?

example | example | example | example

---------|----------|---------|---------

| | |

Sorry to say, but look at your last picture - you're ain't on AdGuard dns server, but on NextDNS which ain't the same. So you just reproduced the issue yourself 😉

[stephendonner]

Sorry @nonokh and @frankebobdk yes, I can reproduce this now on latest nightly:

[nonokh]

@stephendonner glad you could reproduce.

Just for the heads up, the issue still persist (as of 3 Feb '23) in the latest official build too.

Current Brave version :

Brave	1.47.186 Chromium: 109.0.5414.119 (Official Build) (arm64)
Revision	772095164c7d5d4e73160f858efed3b5e87eca83-refs/branch-heads/5414@{#1458}
OS	macOS Version 13.2 (Build 22D49)

recap tl;dr : Brave doesn't honour system DNS profile setting (which is different from the one in Wifi settings) even after turning Secure DNS off while Safari does.

[neeythann]

looks like this is a chromium issue @stephendonner - not sure if it's reported upstream.

Brave: Version 1.47.186 Chromium: 109.0.5414.119 (Official Build) (arm64)
Chrome: Version 109.0.5414.119 (Official Build) (arm64)
Safari: Version 16.1 (18614.2.9.1.12)

OS: macOS 13.0

[stephendonner]

Yes, thanks @neeythann, this is indeed upstream Chromium issue: https://bugs.chromium.org/p/chromium/issues/detail?id=1378632

example	example	example