Dns leak over a vpn?

*Android 10 Operating System

• 10.5.10 (91.2.0 Release)
  *Standard Security Level

I am new to Tor, and also new to NordVPN.
I have performed a dns leak test using the Tor browser with and without the VPN
and have some surprising results.
I am wondering if the results are normal.
I have attempted to upload the screen shots of the dns leak tests with the VPN off and VPN on.

With the VPN OFF

image1080×2270 95.7 KB

image1080×2270 182 KB

With the VPN ON

image1080×2270 97.2 KB

image1080×2270 162 KB

Thank you.

This site is very useful. Thanks for sharing it. This is how you want tor and browsers to work if you are cautious about your activity.

The less DNS servers that need to be contacted to find where “example.com” is located, the less likely it is that people will track you with DNS queries alone. This is not totally set in stone because like this site says it depends on the policy of the servers that do these DNS requests but generally its better if I need to talk to less people to find an address. (but if the one or two people you ask are spies where a super villain hide out is, then this idea goes down the drain)

The only thing I find a bit odd between your an my result is that your tor exit node needs to contact 2 dns servers while my exit node does not seem to be contacting anyone?

So while I probably do not have to worry about DNS queries too much on my tor browser. I should kind of worry about my normal browser and my ISP sending all these DNS requests to google because we know that google will store DNS queries for roughly 24 hours and they do indeed need to respond to law enforcement if and when they are requested to co-operate to find out “how many times did Joe go to amazon.com today?” (or amazon themselves could tell them that as well too)

but I did look into the DNS organization that came up with your dns query test and you should be fine. digital freedom & rights association seems to be an org that hosts tor nodes.

Tor (desktop output)

2021-11-22-211742_993x502_scrot993×502 31.8 KB

Normal browser (MS Edge)

2021-11-22-211802_1443x993_scrot1443×993 81.2 KB

Stop using regular mode and use the DNS leak detector on browserleaks.com/dns

In your VPN ON test, it appears that you are connecting through tor to your VPN endpoint, which is using those Netherlands DNS servers. Instead of connecting You → VPN → Tor → Tor Exit Node, you are connecting You → Tor → VPN Endpoint.
This illustrates one of the reasons why combining a VPN with Tor is not recommended for new users- you need to carefully configure the connection order and have a plan for what use-case you are specifically trying to accomplish. Otherwise, you can end up with unexpected behavior that potentially decreases your privacy, as you discovered in your experiment.
You can read more about VPNs and Tor on the wiki: TorPlusVPN · Wiki · Legacy / Trac · GitLab