DEV Community: DenysShchur

How we built a real-time DNS and VPN leak detection engine (architecture and methodology)

DenysShchur — Sun, 22 Feb 2026 23:02:14 +0000

How we built a real-time DNS and VPN leak detection engine

Most VPN users assume that once connected, their IP address and DNS requests are fully protected.

In practice, this is not always the case.

DNS leaks,WebRTC exposure, and IPv6 misconfigurations can reveal the user's real network identity even when a VPN tunnel is active.

This article explains the architecture and methodology behind a real-time leak detection engine designed to identify these failures.

The core problem

VPN tunnels encrypt traffic between the user's device and the VPN server.

However,several components of the network stack may bypass this tunnel:

• DNS resolvers

• WebRTC STUN requests

• IPv6 routing

• OS-level fallback mechanisms

If any of these expose the original network interface, privacy is compromised.

Leak detection must therefore validate actual network behavior not just connection status.

System architecture overview

The leak detection engine is built using a layered validation model:

Detection layer

Verification layer

Classification layer

Each layer performs independent analysis.

Detection layer

This layer identifies all externally observable network parameters.

It collects:

• public IPv4 address

• IPv6 presence

• DNS resolver identity

• WebRTC STUN responses

This is performed using server-side request analysis combined with client-side execution.

The key principle is direct observation rather than client-reported state.

Verification layer

This layer determines whether the detected network endpoints correspond to:

• VPN tunnel endpoints

• data center infrastructure

•residential ISP networks

If a residential ISP endpoint is observed while a VPN tunnel is expected, the system flags potential exposure.

Classification layer

The engine classifies connection integrity into categories:

Secure

DNS leak detected

WebRTC leak detected

IPv6 exposure detected

Tunnel integrity failure

This allows clear identification of privacy risks.

Real-time analysis approach

Leak detection must operate in real time.

The engine performs analysis during active network requests, rather than relying on cached or historical data.

This ensures accurate representation of current network state.

Privacy model

The system is designed to operate without storing personal identifiers.

It does not require:

• user accounts

• persistent identifiers

• tracking cookies

Only temporary technical network parameters are analyzed.

Implementation context

The leak detection engine powers a live privacy testing tool available here:

https://smartadvisoronline.com/tools/leak-test.html

Technical documentation of the detection logic is available here:

https://github.com/Dloran1/smartadvisor-leak-test-engine

Why leak detection matters

VPN software may appear connected while still exposing critical network information.

Independent validation is necessary to confirm tunnel integrity.

Leak detection engines provide objective verification of network privacy.

Final thoughts

Network privacy cannot rely on assumptions.

It requires direct validation of observable network behavior.

Leak detection systems provide a critical layer of transparency for users relying on encrypted tunnels.

I built a live VPN streaming monitor using WireGuard pools

DenysShchur — Mon, 16 Feb 2026 14:49:11 +0000

I built a live VPN streaming monitor using WireGuard pools (real HTTP checks, not marketing claims)
Most VPN review sites say things like:
“Works with Netflix”
“Unblocks Hulu”
“Supports BBC iPlayer”

But almost none of them show real-time data.

As someone working deeply with VPN infrastructure, I wanted to answer a simple question:
Does a streaming service actually load right now through a real VPN tunnel?
Not based on marketing. Not based on assumptions. Based on real HTTP responses.
So I built a live monitoring system.
The core idea Instead of testing once and writing an article, the system continuously checks streaming services using real VPN tunnels.
It connects through multiple WireGuard configurations and tests services like:
-Netflix
-Hulu
-Disney+
-BBC iPlayer
Each test is performed from real VPN exit nodes.
The system records:
-exit IP
-HTTP response code
-reachability status
-timestamp
-region

This allows building a live status view instead of static claims.
Architecture overview
The system runs on a Linux VPS and uses WireGuard pools.
Each region has multiple configs:
/etc/wireguard/proton/pool/us/
/etc/wireguard/proton/pool/uk/
/etc/wireguard/proton/pool/fr/
/etc/wireguard/proton/pool/es/
/etc/wireguard/proton/pool/ca/
A monitor script:
-connects to each config
-tests streaming endpoints
-records HTTP responses
-selects best working exit IP
-stores results as JSON
Example data structure:
/var/lib/saomonitor/regions/us.last.json
/var/lib/saomonitor/regions/uk.last.json

Then everything is aggregated into a public live JSON feed.
Why HTTP tests instead of DNS or ping?
Because streaming services don’t block DNS.

They block HTTP access.
The only real test is:

Can the streaming website actually load over VPN?
So the monitor uses real HTTP requests.
Example:
curl --interface wg-proton-us https://www.netflix.com/
This confirms whether the service loads through that exit IP.
Live public JSON feed
The monitor generates a live JSON feed that powers the status page.
It includes:
-multiple countries
-exit IPs
-HTTP response status
-last check timestamps
Live data example is publicly visible here:

https://smartadvisoronline.com/status/

This page shows real-time reachability based on automated checks.
Not assumptions.
Actual responses.
Why multiple regions matter
Streaming availability depends heavily on exit IP reputation.

Some IPs work.
Some get blocked.
Some work temporarily.

Testing multiple regions allows understanding patterns like:
-which regions work best
-how often exit IPs change
-how stable connectivity is

This is much more useful than static VPN reviews.
Automation and reliabilityThe system runs automatically using cron.
It continuously:
-probes regions
-updates JSON
-publishes live data
-rotates configs when needed
It also tracks exit IP changes and service availability over time.
What I learned building this
A few key observations:
-exit IP stability matters more than provider brand
-streaming services frequently rotate blocks
-different regions behave very differently
-real monitoring gives much clearer insights than one-time tests
Why I made this public
Transparency matters.
Instead of telling users what should work”, it’s better to show what works right now.This helps users understand real behavior, not marketing claims.
If you’re working with VPN infrastructure, automation, or network monitoring, I’d be curious how you approach streaming reachability testing. There’s a lot happening behind the scenes most users never see.

I started building a small VPN Knowledge Base (and why GitHub docs actually help SEO + trust)

DenysShchur — Sat, 31 Jan 2026 07:13:17 +0000

Hey everyone 👋

Over the last few weeks I’ve been working on two small privacy projects:
• VPN World (GitHub Pages, multilingual)
• SmartAdvisorOnline (practical VPN/security guides)

And I realized something:

Most VPN blogs are just endless “best VPN” lists…
but almost nobody builds real documentation behind them.

So I started a simple experiment:

⸻

🧠 A Knowledge Base as a trust layer

Instead of keeping everything as separate articles, I created a central hub where I collect:
• short VPN reference docs
• leak test explanations
• streaming troubleshooting
• glossary + checklists
• practical “how to fix it” notes

The idea is simple:

If you treat VPN content like an ecosystem (not isolated posts), it becomes much more useful — for users and for Google.

⸻

🔗 Why GitHub documentation is underrated

I’m hosting the reference docs directly on GitHub.

Not because it’s trendy, but because:
• it’s transparent
• version-controlled
• easy to expand over time
• and honestly… it builds more credibility than another generic blog page

It feels closer to how real tech products work.

⸻

🚀 The hub is here

I’m slowly building it piece by piece:

👉 Knowledge Base Hub:
https://dloran1.github.io/knowledge-base.html

Still early, but the foundation is there.

⸻

Small question for the community

Do you personally trust projects more when they have:
• open documentation
• public methodology
• GitHub references

Or do most readers never care?

Curious what you think — your feedback will help me decide where to go deeper next.

Thanks 🙌
Denys

Working remotely? A few VPN things I learned the hard way

DenysShchur — Mon, 12 Jan 2026 12:09:18 +0000

Working remotely? A few VPN things I learned the hard way

Remote work sounds simple: laptop, Wi-Fi, coffee ☕
In reality, it’s a mix of public networks, random ISPs, blocked services, and security risks most people don’t think about until something breaks.

I’ve been working remotely for a while, and here are a few practical things I wish I understood earlier.

Public Wi-Fi is not your friend

Cafés, coworking spaces, hotels — convenient, but risky.

Most public networks:

don’t encrypt traffic properly

can be monitored by other users

are easy targets for man-in-the-middle attacks

Even basic things like logging into email or GitHub can be exposed if you’re not careful.

This is one of the main reasons I stopped working on public Wi-Fi without a VPN.

ISPs do mess with your connection

This surprised me at first.

On some networks I noticed:

random slowdowns during video calls

throttling when uploading files

certain work tools loading inconsistently

A VPN doesn’t magically make the internet faster, but it can prevent ISP-level throttling and weird routing issues — especially when you rely on stable connections for work.

Location still matters (even in 2026)

Remote doesn’t always mean “location-free”.

Some tools:

work differently depending on country

restrict access based on IP

show different pricing or features

A VPN helps keep your setup consistent when you move between countries or work while traveling.

The real benefit: fewer surprises

The biggest win for me wasn’t “privacy” as a concept — it was predictability.

Same tools
Same access
Same behavior
No matter where I connect from

If you rely on your laptop to make money, fewer surprises = less stress.

A practical breakdown (no fluff)

I recently put together a short, practical guide about using VPNs specifically for remote work — not marketing, just real scenarios and trade-offs:

👉 VPN for Remote Work: Practical Security & Stability Guide
https://smartadvisoronline.com/blog/vpn-for-remote-work.html

It covers:

when a VPN actually helps (and when it doesn’t)

common mistakes remote workers make

security vs performance trade-offs

simple setups that don’t break your workflow

Final thought

A VPN isn’t magic.
But for remote work, it’s one of those tools you only appreciate after you’ve had a bad experience without it.

If you work remotely — especially on public or foreign networks — it’s worth understanding how it fits into your setup.

Stay safe out there 👋

Hey. Writing Here Feels Harder Than It Should

DenysShchur — Sat, 03 Jan 2026 04:54:02 +0000

Hey.

I’m starting to notice something — getting a post seen or even acknowledged here takes more effort than I expected.

And yes, I get it.
I don’t have friends here.
I’m not part of a circle.
I’m not reposting memes or chasing trends.

But I’m also not a bot.

I’m sharing real experience.
Real work.
Real mistakes.
Real thoughts about SEO, privacy, infrastructure, and how things actually behave outside of polished blog posts.

Sometimes it feels like if you don’t already belong to a group, your words just fall into silence.

Still, I write.

Not because of likes.
Not because of reach.
Not because of algorithms.

I write because I’ve spent years building things, breaking them, fixing them again — and I know there are people out there going through the same process, even if they don’t comment.

I don’t claim to have universal answers.
I’m not here to “teach everyone”.
I’m here to share what I’ve learned the hard way.

If even one person reads something here and thinks
“ok, I’m not the only one dealing with this” — that’s enough.

So yeah — this is not a growth hack.
Not a tutorial.
Not a viral post.

Just a reminder that behind the posts, there are people.
And some of us are still trying to find our place in the noise.

If you’re reading this — thanks.
It means more than you think.

SEO Has a Structure (Even If We Pretend It Doesn’t)

DenysShchur — Fri, 19 Dec 2025 08:24:09 +0000

I think everyone who has worked with SEO — or is still working with it — has, at some point, thought about its structure.
Not tactics. Not hacks.
The structure.

At some stage, most SEOs realize that rankings are not built by isolated actions. They are the result of a system. And like any system, SEO has a foundation — and a layer of things you customize based on your project, niche, and risk tolerance.

The foundation is surprisingly stable.

No matter the year, algorithm update, or buzzword, the base always comes down to a few core elements:
• crawlability and indexation
• clear information architecture
• internal linking logic
• content relevance and intent matching
• trust signals (technical, topical, and brand-related)

If these are weak or inconsistent, nothing on top really holds.

Where things get interesting is the second layer — the individual layer.

This is where SEO stops being a checklist and starts becoming engineering:
• how deep your site structure goes
• how you handle multilingual or multi-regional setups
• how you distribute internal authority
• how often you update vs. expand
• how you balance experimentation with stability

Two sites can follow the same “best practices” and still behave completely differently in search, simply because their internal structure — both technical and conceptual — is different.

One mistake I see often is treating structure as something you “set once and forget.”
In reality, structure evolves. As content grows, as topics expand, as authority accumulates, the structure either adapts — or starts working against you.

Good SEO structure does two things at the same time:
1. It helps search engines understand what your site is about.
2. It helps them understand what matters most.

When those two align, growth becomes predictable.
When they don’t, SEO turns into constant firefighting.

For me, thinking in terms of structure changed how I approach SEO completely.
Less chasing updates.
More building systems that survive them.

How AI Is Rapidly Reshaping Coding and SEO (Faster Than Anyone Expected)

DenysShchur — Fri, 05 Dec 2025 04:04:11 +0000

It’s funny how quietly this shift happened.
One day AI was generating simple snippets… and suddenly it became a core part of how developers write code and how SEO specialists build entire strategies.

Not by replacing people — but by changing what “being skilled” actually means.

⸻

🔹 AI in Coding: Not a Shortcut, but a Multiplier

People like to say “AI writes the code for you now.”
Not really.

AI can generate pieces, patterns, boilerplate, and tests — sure.
But the real value is:
• understanding architecture
• catching logical issues
• knowing what “good code” should look like
• guiding AI with proper instructions
• refactoring with intent
• building scalable structures

AI gives speed, but the developer provides direction.

The devs who grow fastest today aren’t typing quicker —
they simply know how to communicate with AI better.

⸻

🔹 AI in SEO: From Keywords to Entities

SEO also shifted in a way many people still don’t fully understand.

Old ranking factors:
• keywords
• backlinks
• content length

still matter — but now Google evaluates:
• author authority
• entity relationships
• topical depth
• writing consistency across platforms
• semantic structure
• usefulness and clarity

SEO is slowly merging with data science and information architecture.
And AI fits into that perfectly.

We now use AI for:
• topical clustering
• content gap analysis
• semantic refinement
• entity mapping
• internal linking patterns
• competitive analysis based on meaning, not keywords

SEO didn’t die — it evolved.

⸻

🔹 Speed Is No Longer the Limit

The bottleneck is no longer execution.
AI can produce 10 variations of something in seconds.

The new bottleneck is:
• choosing the right angle
• defining long-term structure
• designing systems
• knowing what NOT to publish
• keeping everything consistent

AI accelerates — but humans still make the strategic calls.

⸻

🔹 A Quiet Shift:

The professionals who embrace AI are quietly pulling ahead — fast.

Not because AI replaces expertise,
but because AI amplifies the expertise they already have.

Before, people needed years to internalize certain patterns.
Now AI can surface them in minutes.

This doesn’t make the work easier —
it raises the expectations for what “good work” looks like.

⸻

🔹 What’s Next?

AI won’t replace developers or SEO specialists.
But it will replace people who refuse to integrate it into their workflow.

The baseline is rising.
Speed is no longer rare — everyone has it.

Direction is the new currency.

Managing Consistency Across Seven Locales: Notes From Building a Large VPN Knowledge Base

DenysShchur — Thu, 04 Dec 2025 18:26:12 +0000

Localization becomes complex not because of language — but because of consistency.

When you maintain the same technical article across seven locales, even a tiny change in the source language means updating:
• titles
• meta descriptions
• internal links
• screenshots
• structured data
• hreflang relations

To keep everything synchronized, I use a layered approach:

1️⃣ English (EN-GB) as the source of truth

No change is made in another language unless it exists in EN-GB first.

2️⃣ A mirrored folder structure across all locales

This removes 90% of routing mistakes.

3️⃣ A slug-matching workflow

If an article exists in EN-GB, it must exist in all six additional locales.

Here’s an example article from the EN-GB branch:

👉 https://dloran1.github.io/en-gb/blog/vpn-dedicated-ip-uk.html

4️⃣ Git version control as the safety net

Every change is tracked.
Every update is documented.
Rollback is one click.

This predictable structure is what keeps the project scalable as it grows.

I’ll be writing more about automation — especially tools that compare slugs, map metadata and detect drift between locales.

Designing a Scalable Multi-Locale Structure for Technical Content: A Practical Case Study

DenysShchur — Thu, 04 Dec 2025 18:24:09 +0000

When people think about multilingual documentation, they imagine huge CMS systems, translation plugins, or enterprise tooling.

But sometimes the most scalable solution is also the simplest one:
a well-designed GitHub repository with a strict folder architecture.

For my VPN World documentation project, I designed a structure where:
• each locale mirrors the English layout
• all slugs remain synchronized
• assets are shared globally
• translations follow a consistent file map
• commits show exactly what changed and where

🗂 Repository overview

Every locale is separated under its own path, but the logic stays identical.
This makes both maintenance and automation significantly easier.

If you’re curious how the structure looks in practice, the full repository is public:

👉 https://github.com/dloran1

It’s a clean example of how to avoid CMS overhead while keeping total control over SEO and documentation consistency.

🔍 Why this matters
• easier automation
• predictable routing
• stable internal linking
• clean hreflang relationships
• minimizes human error

Sometimes the best tool for scaling documentation is the one developers already know: Git.

How I Maintain a 7-Language Open-Source VPN Knowledge Base Using GitHub Pages

DenysShchur — Thu, 04 Dec 2025 18:21:59 +0000

Building technical knowledge bases is easy.
Maintaining them across seven languages is not.

During the last year, I’ve been working on a public VPN documentation project that spans EN-GB, EN-US, PL, DE, ES, FR and NL-BE. The goal is simple: keep all locales synchronized, readable and consistent — without relying on heavy CMS systems.

🔧 Why I chose GitHub Pages
• clean folder structure
• no database
• instant publishing
• Markdown-first workflow
• version control for every change
• perfect for open documentation

🏗️ How the project is structured

Each locale has its own mirrored folder and its own URL namespace.
Hreflang relations are handled manually to keep full control.

The EN-GB version is the “canonical” source, and all other languages map directly onto it.

You can view the English version here:

👉 https://dloran1.github.io/en-gb/

📦 Advantages of this approach
• consistent multi-locale SEO
• transparent change history
• Git-level collaboration
• extremely fast page serving
• no vendor lock-in

This setup has been surprisingly stable even as the project grew to dozens of articles per locale.

More details about internal tools will come soon — especially around orchestrating updates across languages.

Router-Level VPN Setup: Worth It or Overkill?

DenysShchur — Thu, 04 Dec 2025 12:03:29 +0000

A lot of people install VPN apps on each device…
But router-level VPN is slowly becoming the default for anyone who works from home or has a smart-home setup.

🔧 Pros
• protects every device automatically
• stops IoT leaks
• no need to install apps on TVs
• better consistency for streaming

⚠️ Cons
• potential speed loss
• not ideal for gaming latency
• cheap routers choke on encryption
• device-level split tunneling becomes tricky

✔ Ideal setup

Use a router with:
• WireGuard support,
• AES-NI or ARMv8 crypto acceleration,
• separate SSIDs for IoT,
• fallback DNS (Quad9 / Cloudflare).

If you’re deciding whether to do it or not — this article gives a very clean explanation with pros/cons and examples for AsusWRT, OpenWrt, DD-WRT and GL.iNet:

👉 https://smartadvisoronline.com/blog/vpn-on-router.html

Public Wi-Fi Is Still a Trap — Here’s the Modern Way to Stay Safe

DenysShchur — Thu, 04 Dec 2025 12:01:02 +0000

Public Wi-Fi hasn’t become safer over the years — attackers just became quieter.

Most people still think a VPN is only for “hiding your IP,” but on open networks, a VPN solves three much bigger problems:

🔐 1. Prevents local snooping

Anyone on the same café network can scan devices, attempt ARP spoofing, or harvest unencrypted traffic.

🚫 2. Stops rogue Wi-Fi clones

Attackers create networks like “Starbucks_Free_WiFi” and wait for devices to auto-connect.

🧭 3. Protects app traffic

People assume apps = safe.
Wrong. Many apps still leak metadata, DNS queries, or unencrypted API calls.

⚡ 4. Best practice today

Use:
• a VPN with modern protocols (WireGuard / NordLynx),
• DNS over HTTPS,
• automatic kill switch,
• MFA on key accounts.
https://smartadvisoronline.com/blog/vpn-for-public-wifi.html