Confidentiality and integrity of data is our primary concern in cyberspace. With the increasing number of cyber attacks, it is essential to regulate data processing systems to verify security measures for secure browsing. Although browsers these days have built-in security architecture and offer resources like addons and plugins to increase the security, some of the cyber attacks are more powerful including DNS leak, and only a VPN can protect us from such harms. Today, we will be sharing four ways to prevent DNS leak with a VPN; don’t worry if you don’t know what it is? We have got you covered.
What is DNS?
Domain Name Service (DNS) is a mapping of the domain name to an IP address so that we can remember computer address with a domain name instead of IP address. A DNS service is requested automatically when you enter a web address in a web browser so that the server find a website. When you connect to the internet via a router, the router gets an IP address, and DNS server IP addresses via the DHCP.
We all know how Domain Name is used within browsers to fetch the desired web pages, in simple words. Domain name is a collection of strings that easily be read and remembered by us. While we access web pages with the domain name, machines access with the help of an IP address. So basically, to access any websites, it is a prerequisite to convert the human-readable domain name to the machine-readable IP address.
DNS server stores the domain names and the corresponding IP address. Whenever you browse, you will be first directed to the DNS server to match the domain name and to the respective IP address and then forward the request to the computer. For example, you type www.gmail.com, your system sends the request to the DNS server to matches the corresponding IP address for the domain name and then routes the browser to the remote website. Generally, these DNS servers are provided by Internet Service Provider(ISP).
In short, the DNS is used to convert domain names into numerical IP addresses (184.108.40.206), usually performed by ISP, using its DNS servers.
We hope you’re clear about DNS, now let’s explore the DNS leak
What Is DNS Leak?
A VPN establishes a highly encrypted connection between you and the VPN server; that sends your request on to the required website. Provided the VPN is working, all your ISP will see is your VPN connection – not where the VPN connects you to; even internet snoopers (government) cannot see any content because of encryption.
A DNS leak occurs when anything unintended happens, and the VPN server is ignored. In this case, the DNS server (often your ISP) will see you internet movements while you believe he cannot.
This is bad news since it’s breaching the created perception of using a VPN. The content of web traffic is still hidden, but not your anonymity that includes your location and browsing data – ISP most likely logs it.
In layman term, a DNS Leak is when your ISP can track your digital footprints due to software issues; your real IP address is exposed to the public network.
A DNS leak protection is currently a big topic in the online security world. A DNS leak is leaking user's real IP address while connected to a VPN; it’s a situation where your computer is unknowingly started accessing default DNS servers rather than the anonymous DNS servers given by the VPN provider.
Despite high-level of anonymity and data encryption, services from various VPN are prone to DNS leaks because of poor infrastructure. Since DNS leak cause revealing user's real IP address, there are some VPN providers provide integrated DNS leak protection features into their software and prevent leaking identity. It is mainly caused due to several factors; commonly it is when malicious websites adopt the response-delaying policy thus resulting in the browser switching to an unsecured DNS. Currently, the newer Windows OS has an inbuilt features to increase its susceptibility to DNS leaks.
How to Take DNS Leak Test?
It is very easy to take a DNS Leak test. The good news is that checking whether the VPN is leaking your DNS is easy, quick, and simple; and the bad news is that without checking, you never know about the leak.
There are multiple in-browser tools to test whether the VPN has a DNS or other form of leak. Don’t know what to do? Simply go to ipleak.net while your VPN to be operational. This site will do a quick DNS leak Test (and, incidentally, provides other information as well).
Now, prevent a DNS leak while using one of the best VPN. Before going into further details, let's check out the 3 best VPN providers that offers DNS leak protection.
Ways To Prevent A DNS Leak When Using A VPN
1. Change Settings to a Trusted yet Independent DNS Server
Your router or adapter has a way to change TCP/IP settings, where you can specify trusted DNS servers via their IP addresses. Many VPN providers including ExpressVPN have their own DNS servers, and using that VPN will automatically connect you to these; check the VPN’s support for it.
If your VPN doesn’t have proprietary servers, alternatively use an open, third-party DNS server like Google Open DNS. To change DNS settings in Windows 10, follow these steps;
- Launch Control panel
- Go to “Network and Internet” > Network and Sharing Center”
- Click “Change Adapter Settings”.
- Right-click on the network icon and select “Properties”
- Locate “Internet Protocol Version 4”; click it to click on “Properties”
- Hover to “Use the following DNS server addresses”
- Now enter a preferred and alternative address for DNS servers; any server you wish, but for Google Open DNS, use 220.127.116.11, and for alternative DNS server, use 18.104.22.168.
2. Use VPN Monitoring Software
Some VPN monitoring software also supports for fixing DNS leaks. The pro version of VPNCheck can do this for you if you’re using OpenVPN.
The options for fixing a leak are only with premium software, this likely not the go-to strategy for many unless you’re already using VPN monitoring software to ensure your VPN connection is secure.
Some software that monitors VPNs also support in the event of a DNS leak. Only a limited number of VPN does include a monitoring option to show there concerned about a DNS leak or online hacking.
3. Block Non-VPN Traffic
Either use IP Binding or configure the firewall to block all non-VPN traffic, ensuring your real internet connection and ISPs DNS servers are not being used.
Some VPN clients automatically block traffic not going through the VPN – look for an ‘IP Binding’ option. Alternatively, configure your firewall to allow traffic in and out via your VPN. Windows Firewall settings include:
- Make sure you’re connected to a VPN.
- Open Network and Sharing Center and make sure you are exposed to both your ISP connection and your VPN.
- “Network” should be a Home, while your VPN should be a Public. If either of them is different, click on them and set to the appropriate network type.
- Make sure you’re logged in as Administrator and open the Windows Firewall settings.
- Click on “Advanced Settings”
- Locate “Inbound Rules” and click it.
- Under Actions, find “New Rule…” and click.
- In the new window, choose “Program” and click Next.
- Select “Block the Connection” and click Next.
- Tick “Domain” and “Private” but not “Public” is not ticked.
- Click Next.
- You are back in the Advanced Settings menu; locate “Outbound Rules” and repeat steps 7 to 11.
4. Disable Teredo
Teredo is a Windows-based technology, allows communication across two IP protocols: IPv4 and IPv6. Both are present on the Internet; sometimes you need to use something like Teredo to enable them to communicate. However, Teredo cause DNS leaks, so you may disable it.
To disable Teredo;
- open the command line.
- Type the following command:
netsh interface teredo set state disabled
Want to re-enable Teredo, use this command:
netsh interface teredo set state type=default.
Want More Tips To Plug DNS Leaks?
As promised, we have shared the four preventive measures to avoid DNS leaks while using a VPN; to facilitate you further, our experts are suggesting to perform DNS leak often and change your VPN if your VPN does not check these boxes.
- Built-in DNS leak protection,
- IPv6 compatibility,
- Support the latest versions of OpenVPN,
- Protocol of your choice, and
- Functional enough to counteract transparent DNS proxies.
You should now be able to test DNS leak and DNS leak protection. If you've any feedback on this how-to, feel free to share in the comments.