If you think you are always protected while using a VPN, you may be wrong. There are several issues one can face with a VPN and that can compromise your identity and make you vulnerable to online threats.
No, I am not talking about those VPNs that fail to protect users’ identity, there could be other threats that are lurking to threaten your anonymity, the most-happened one is a DNS leak.
A DNS leak is just like your best friend who has shared all the dark secrets with your father – I mean your ISPs will start viewing and monitoring your web activity, even when you are secured with a VPN shield and assuming your IP is hidden.
To better understand the DNS leak protection phenomenon, we need to see how it works.
Table of Contents
How DNS Works?
For example, you type VPN into a website address bar, it sent in data packets to the DNS (Dynamic Name System) server. The domain name is then transformed into an address just like 220.127.116.11.0. And, as the domain name is matched with the IP address, the requested content is forwarded to you.
Why I am mentioning VPN again and again because there’s a huge relationship between them.
VPN and DNS Leak – A Complicated Relation
VPNs are designed to protect our anonymity online, but unfortunately, not all of them always work perfectly. Sometimes it gives rise to DNS and other security leaks. In certain conditions, the DNS data intentionally leaked and retained to the ISPs into the purview of governments surveillance and marketing agencies.
In the following post, we will discuss what a DNS is, how does a DNS leak take place, how can you fix it, and how can you prevent it in the future.
What is DNS?
A DNS (Dynamic Name System) is used to translate a domain name into a numerical IP. The ISP’s DNS servers perform the translation of the service.
What is a DNS leak & why is my DNS leaking?
A DNS leak occurs when your ISP is able to track your digital movements regardless of the fact that you are using the VPN. In case of DNS-protected VPNs, the DNS request sends your IP address toward the VPN provider’s DNS server instead of those of your internet service provider.
DNS leak is quite common these days especially for Windows users, where the default settings send the requests to the ISP’s DNS server rather than going through the VPN tunnel. If you’re a long-term subscriber of a VPN provider, you should keep a check on their DNS capabilities on and off.
Let’s see whether your VPN provider is leaking your data or not!
How do I know If I have a DNS Leak?
To perform a best DNS leak check, simply go to dnsleaktest.com and check the result. If the website shows you real IP and location, then this means that you have an IP DNS leak.
These results are all ok for us, and we rest assured that there is no DNS leak for us.
What if the results are odd?
You, no I mean your VPN provider supposed to fix it, but that doesn’t mean you’re helpless.
Still, the control is in your hand.
How to Prevent a DNS Leak?
Considering DNS leak a serious threat to privacy, several preventive measures are identified for internet users in general, especially the one using a VPN. There are some VPN providers like ExpressVPN which offers anti-DNS leak solution which ensures online privacy and security.
If you want to fix a DNS leak and you want to prevent it in future then here are the numbers of approach you should consider;
1. Use a VPN client with an Inbuilt DNS Leak Protection Feature
It is by far the simplest way. However, it is unfortunate that only a few VPN offer this option.
Some of the best yet DNS-friendly VPNs are;
You can thank our experts later.
NordVPN has explained about DNS leaks in a video which you can watch here:
2. Change DNS Server to Stop DNS Leak
Although it is not a fix but changing the DNS server will make sure that your ISP will not snoop on you.
Here is a rundown on how you can do it on Windows 7.
- Go to the Control panel
- Click open network and sharing center
- Click adapter settings
- Right-click and select properties
- Look through the list and find TCP/IPv4.
Note: The existing DNS server addresses in case you wish to restore your system any time in future.
Click on “Use the following DNS server addresses” button and enter the relevant addresses.
Click “Ok” and restart the connection.
If you are using a VPN and have a DNS server address then you are good to go, however, if you are using a public server, then you might find these addresses useful.
3. ClearCloud DNS Servers – The old school DNS leak fix (discontinued)
A DNS server translates the readable web addresses into numeric. Like google.com will be turned into a numerical IP address like 18.104.22.168. Similarly, Sunbelt software, which is a popular Vipre Antivirus software, has started ClearCloud, which is a new DNS server offering free public DNS server for everyone. CC claims that their VPN servers will ensure the safest web browsing experience.
ClearCloud DNS service prevents you from accessing the malicious websites, especially sites which are known to download malicious files. It also prevents your computer to access malicious websites without you even knowing it.
Update: ClearCloud DNS is no longer providing support to its clients and various alternatives are already there in the market that does the job well.
Here are some other preventive measures that can help you in this regard; thanks to HideMyAss VPN for suggesting these measures.
Some other ways to fix a DNS leak problem
4. Install a good firewall to fix DNS leak
Block all non-vpn traffic; either you should use a VPN with IP binding or configure your firewall to block all the VPN traffic. This ensures that the internet connection and DNS server will not be used that your ISP is providing.
5. Disable teredo can help fix a DNS leakage
On Windows open a command prompt and run “netsh interface teredo set state disabled.” Teredo is Microsoft’s solution to IPv6 to IPv4. In order to stop your DNS traffic from flowing outside the IPv6, disable teredo and other IPv6 options on your router.
6. Enforce a good DNS Service – OpenVPN DNS
Within the properties of your network adapter set OpenDNS or any other DNS service you prefer for all the network adapters. This will ensure that the DNS servers of your ISP will never be used even when the VPN is disconnected.
How to Stop a DNS Leak?
Since ensuring anonymity is the main reason as to why most people use a VPN, it makes no sense if that privacy-savior leaks up your data. It is also worth remembering that that DNS leaks usually occur in Windows, but that doesn’t make Linux and OSX immune to the threat. So it is a good idea to follow the steps mentioned above.
Red alert: Following Google’s complicity in the recent NSA spying incident, we now advise our readers not to use any Google Public DNS servers.
A new feature in Windows 10 attempts to improve the web performance by sending a DNS request just parallel to the available resource and then use the fastest one available. Windows 10 users should specifically disable the “Smart Multi-Homed Name Resolution,” or remain at a big risk.
What Can Cause a VPN Leak the DNS Information?
DNS leaks can be caused for many reasons, here are just a few;
- When an attacker controls your router; like a malicious WiFi operator at a coffee shop. That attacker might trick your device to send the DNS traffic outside the VPN tunnel.
- Manual DNS Setup: If you specifically told the operating systems not to use the DNS servers than you might be at risk for a DNS leak.
- If your VPN is Manually Configured: If you are manually configuring a VPN connection, then the risk of a DNS leak increases. This, at times, depends on the operating systems you use and the configuration you set while setting up the VPN manually.
DNS Leak Protection Conclusion
VPN users are extremely cautious about online privacy and security but rather ignore DNS leaks. Hence users are advised to verify if the traffic originating from their device is being routed through a secure VPN network so that no monitoring can be made possible to track down the real IP of the user.
Experts recommend using a quality VPN like CyberGhost VPN to set the DNS settings at highest priority and then carry out a DNS leak test and stay protected from all the legal and illegal snoopers out there.
If you’ve any feedback, then you are most welcome to share it in the comments section below.