DNS leak prevention question

Hey Nathan, sorry if you mentioned this in the course but I don’t remember hearing this. I was just wondering, if nesting two VPN’s, what is the most logical way to set DNS rules to prevent loss of anonymity (via DNS leaks from VM to Host Machine?)

Would it be: Host Machine DNS set to VPN #1’s provided DNS server/s, and connected VM’s DNS set to VPN #2’s provided DNS server/s, or should BOTH be set to VPN #2’s (so if DNS leaks DO happen from VM, host machine rules kick in and DNS servers are still the same as in VM?). Or does it not matter? I am thinking it does and option 1 would possibly leak my packets to VPN #1 which kinda defeats the purpose of nesting, uh right?

By 1 and 2 I mean, 1 having my real IP info, and 2 going THROUGH 1, only seeing 1 as “me”. Also I’m not sure if you mentioned this, (think I read it on Whonix wiki) do you recommend using DNS servers suggested by JonDonym or Tor? Or just stick with VPN site provided DNS servers?

Thanks

Often the VPN if its a GUI will take care of the DNS for you and assign you to their DNS. This is to prevent leaks. In that case use theirs.

Or use 1.1.1.1 for both.
https://www.stationx.net/1-1-1-1-a-new-privacy-and-security-focused-dns-resolver/

It shouldn’t matter to much as long as the DNS traffic goes through the VPN.

Interesting, thank you for the reply!