DNS Leak on Shadow?

MeWhy · May 22, 2026, 4:14pm

I wish to report a DNS leak on the GL-AR300M16 Shadow router.

I just updated my two routers to Beta version 4.3.30

To reproduce the DNS leak, this is what I did. I configured my router like I do when I’m travelling, that is, connecting in “repeater mode” via WiFi to my ISP modem / Hotel provided AP. Configure VPN with Kill Switch enabled “Block Non-VPN” connections and “Global Proxy.”

The first time I updated the routers I kept the settings. Did my normal testing procedure and checked if the VPN was working properly including making sure the Kill Switch feature worked as well as checking if the DNS was leaking. My VPN IP was resolved normally, visiting “https://www.dnsleaktest.com/” the VPN server was properly identified however proceeding with the test identified the leak. Thinking keeping the settings might be the problem, I proceeded and reinstalled the latest beta version without keeping any settings but the leak is still present.

I have not tried testing for leaks connecting directly via the LAN port.

Thanks for looking into this urgent matter.

Regards,

Me

MeWhy · May 22, 2026, 7:05pm

I wish to add that I just tested this DNS leak on a different Shadow router also running the latest beta version 4.3.30

I can confirm that the DNS leak is also present when using a LAN connection. So this has been confirmed on two separate routers using a clean install on two different VPN servers. Just in case anyone is wondering, this is a well know VPN provider without naming anyone.……

To the DEV team, thanks for looking into this quickly. If you are a Shadow user running this latest beta, don’t trust it !!

admon · May 22, 2026, 7:09pm

Can you confirm that the shown "leaked" IP is the one you would have when there is no VPN active?

MeWhy · May 22, 2026, 7:16pm

Hello admon,

The leak I’m getting when connected in “tethering” mode to my ISP modem seems to be some type of DNS resolver from my ISP. It is not my actual IP however it belongs to my ISP and is named as such.

The leak I’m getting using the “LAN connection only” on the second router is also attached to some type of DNS address from my ISP.

Aashish.007 · May 23, 2026, 3:56am

This dns address from your isp maybe attached to your wan interface and that’s why is being used by dnsmasq to resolve some queries.

You can login to luci and check the settings under Network→ WAN and uncheck the peer provided dns option.

MeWhy · May 23, 2026, 4:10am

I’m happy to report the problems I’m having, the developers can figure out the solution when they get to it . I been using these routers for many years and have had no issues up to now, even version 4.3.29 worked great.

I reverted both my routers to the stable version 4.3.27

I’m happy to report any problems I encounter and I’m sure I am not the only one who will have DNS leaks on version 4.3.30

admon · May 23, 2026, 6:42am

The conclusion is that it's "just" an issue in the beta, right?

@bruce fyi, DNS leak while VPN on Shadow 4.3.30

MeWhy · May 23, 2026, 2:10pm

That is correct, only the beta version 4.3.30 is impacted by this dns leak. Beta version 4.3.29 ran fine for weeks and did NOT have any dns leaks at all. Only beta version 4.3.30 is giving me such issues.

I decided to revert back to 4.3.27 just for peace of mind until a final stable version is released,

MeWhy · May 23, 2026, 3:24pm

Just to be clear, the DNS leak is on beta version 4.3.30 and NOT 4.3.29.

admon · May 23, 2026, 3:35pm

My bad, thanks for the correction!

bruce · May 25, 2026, 2:52am

Hello,

Thanks for your feedback!
We can reproduce this issue and confirm that dns is leaked.

According to the release, 4.3.30 only updates the dnsamsq component compared to 4.3.29. I guess there may be something wrong with the configuration of the dnsmasq component.