Are you connected to ExpressVPN when you get these results? Those IP addresses on the public internet are owned by CloudFlare, but they are not the Cloudflare DNS service IPv4 addresses (which are 1.1.1.1 and 1.0.0.1).
If you are connected to ExpressVPN, and since I can't resolve through them via the public internet, my assumption is that those are the addresses used by ExpressVPNs private DNS. Either they are using that public range inside of their VPN, or they host their DNS service behind CloudFlare and then limit who can resolve through those addresses to those who are routing over their VPN service. "When you use ExpressVPN, your DNS requests are handled directly by ExpressVPN, with no exposure to third parties. You don’t need to opt in to use ExpressVPN’s private DNS. The ExpressVPN app protects all DNS requests automatically, with the same encryption and tunneling protocols as all your other online activity." Daniel Hückmann - Security Researcher - Portland, OR -------------------------------------------------------------------------------- @sanitybit <https://twitter.com/sanitybit> - PubKey fingerprint: CE3E D4A9 8D49 4016 <https://keybase.io/sanitybit/key.asc> On Fri, Jan 13, 2023 at 1:16 AM Russell Senior <[email protected]> wrote: > https://support.mozilla.org/en-US/kb/dns-over-https-doh-faqs > > On Fri, Jan 13, 2023 at 1:05 AM Russell Senior <[email protected]> > wrote: > > > Because I don't have the router you have, I am lacking any particular > > insight into what it is doing, so anything I suggest is pure guesswork. > > Vendor firmware on commercial off the shelf routers is quite varied and > > sometimes bordering on arbitrary in how they choose to behave. > > > > One other thing to be aware of, some browsers (including Firefox) are > > doing DNS over HTTPS (or similar) by default these days. You can check > the > > setting in General / Network Settings / Enable DNS over HTTPS, and the > > associated destination. Mine defaults to Cloudflare. I generally don't > use > > other browsers, but others may be doing something similar. You can, of > > course, choose a different DNS over HTTPS provider, or you can turn it > off > > in Firefox's Settings. Further research into this behavior and its > nuances > > might be needed. > > > > -- > > Russell Senior > > [email protected] > > > > On Thu, Jan 12, 2023 at 5:55 PM American Citizen < > > [email protected]> wrote: > > > >> Hello all: > >> > >> I am currently hitting an unusual problem with two DNS addresses which I > >> have set up in both the NetGear C6300v2 cable modem/router which has the > >> option to manually set the DNS addresses (which I did) and with the > >> openSuse Linux Leap 15.4 OS using NetManager, which has the option to > >> set the DNS addresses in the configured connection. (and I did manually > >> configure them too) . > >> > >> I am expecting to see DNS addresses 208.67.220.220 and 208.67.222.222 > >> when landing on either the https://www.dnsleaktest.com/ website or the > >> https://surfshark.com/dns-leak-test website, but to my surprise both > >> sites keep coming up with two Cloudflare DNS addresses > >> > >> IP Hostname ISP Country > >> 108.162.218.150 None Cloudflare Newark, United States > >> 108.162.218.190 None Cloudflare Newark, United States > >> > >> I am concerned about this, as I do NOT want cloudflare doing the DNS > >> lookups, I expected ExpressVPN DNS numbers to show up. > >> > >> Any ideas on how to fix this problem? > >> > >> Randall > >> > >> >
