Dns leak, need some help please


I will start by saying I’m no tech expert, and will need some layman type answers to help me fix my issue :slight_smile:

I am using a mango router whilst travelling around the world, I’ve been nomadic for a few years now. I am having a problem that my dns leaks. My set up is super simple, mango router connected to whatever WiFi my airbnb/hotel/rented apartment has. Connected to the router are my Android phone and a Roku. I use surfshark as my vpn provider, and have used both OpenVPN and Wireguard as the protocols for the router, get dns leaks from both. I’ve contacted surfshark support, and they’ve provided their dns numbers to insert as custom dns servers on the router. When I add these dns numbers and reboot, I’m then locked out of the admin page of the mango, and unable to connect to the internet.

If anyone is able to help me prevent these dns leaks would be greatly appreciated.

Why do you think your DNS requests are leaked?

A DNS request should go over the VPN. And if the request is leaked ‘behind the Endpoint’, this is not a Mango problem. It could be a security issue, but than just use a trustworthy DNS.
That is the reason why I’m asking what is your source of the statement. It is important to understand the issue.

Hey Lupus, sorry, I don’t understand what you’re asking, as I said, bit of a technical novice. I check the dns is leaking through a website that shows the dns location is different to my ip address.

I don’t think there is ‘a simple answer’. Maybe someone else could show I am wrong about this.

I do not understand, where do you expect your DNS location is?

  1. Your room/appartment/airbnb has a ‘line’ to the Internet.
  2. There is somewhere a router, that is (often) getting a public IP.
  3. This router is providing a Cable or a WLAN for you.
  4. If you’d connect to this router, you’ll get IP information, mostly via DHCP.
  5. This DHCP contains: An IP (and Subnet) for you, a Gateway (mostly the IP of this router) and a DNS.

The DNS could be the router itself, but this would be mostly only an upstream DNS. The ‘real DNS’ will be from the ISP or something like (Google), (Cloudflare) …

What I’m trying to draw as a picture: It is not an issue, if the DNS is at a different Position than your ISP location.

Where is the leak?

A DNS Leak means:

  1. You connect your Mango to the provided Router.
  2. The Mango connect to the Internet and set up a VPN
  3. Now the owner of the router should not be able to see what web addresses you are trying to reach
    → Because everything is inside the VPN, only the VPN provider could see it …
  4. If the owner of the router (or any 3rd party within the subnet of the router) can see your device (or mango) is requesting an IP of an address, than it is a leak.

Okay a little oversimplified. But I hope ‘my DNS is at a different location than my IP’ is not a leak. And ‘a website’ is also not very much to understand if your situation is serious or just a misunderstanding of the concept.

What even is ‘a DNS Location’?

When I open https://www.ipchecktool.com/ it show ‘My location’ nearby my home, even If I’m 126 KM in the south. Because I am using a Slate AX and it is connected via Wireuard to my home network. It is fine.


Hostname: 62.93.xx.xxx
ISP: ennit server GmbH
Provider: Stadtnetze Barmstedt GmbH
Characteristics: Dyn.IP: active Tor: not active Proxy: not active

If I do a specified ‘DNS Leak Test’, it shows I am in Amsterdam … But this is because I’ve setup cloudflare as DNS in my PiHole at home … Everything is fine. https://www.dnsleaktest.com/results.html

Test complete

Query round Progress… Servers found 1 … 5

IP Hostname ISP Country None Cloudflare Amsterdam, Netherlands None Cloudflare Amsterdam, Netherlands None Cloudflare Amsterdam, Netherlands None Cloudflare Amsterdam, Netherlands None Cloudflare Amsterdam, Netherlands

‘My IP Address location’ is different from ‘my DNS’ … No Leak.

You can give more details e.g. screenshot. If you check using the vpn’s own website, they always see you have dns leak if you are not using their DNS service. But that may not be correct.

As long as the dns server does not show your ISP (the network you are currently using) you do not have dns leak.

Appreciate the responses, that has helped me understand a bit more. Basically I need the dns servers to be in the :us: as some of the free streaming services aren’t working on my roku when I’m out of the :us: (cbs, nbc, abc etc). When I set the custom dns with the vpn provided servers (that are :us: based), I’m unable to connect to the internet and need to reset the mango. Any help getting my dns servers to be :us: based would be appreciated.

What location is displayed when you go to the following sites:


If the location is in the U.S. :us:, then you should be okay. Roku checks the location of your Public IP address, not the DNS IP address.

I do not work for and I do not have formal association with GL.iNet

Unfortunately it isn’t Roku doing the checking. A lot of apps work, a lot of apps don’t, so each streaming service does its own checks. For some the ip address is sufficient, for others they are checking the dns server location.

The Surfshark WireGuard config files should already contain DNS IP address(es) that are within the U.S. :us: when you connect to their U.S. :us: servers. If not, the appropriate DNS IP address(es) would be assigned after you connect to their servers.

You should not have to manually set up Custom DNS Server in the GL.iNet router. The DNS IP addresses that Surfshark Support gave you may not work whenever you are not already connected to their servers and, hence, may be stopping you from connecting to the Internet.

Can you post one of their WireGuard config files, with personal information redacted?