What is a DNS Leak and how to fix it?

Intro

A DNS leak is a problem with the network configuration that results in loss of privacy by sending DNS queries over insecure links instead of using the VPN connection.

A DNS query is a request made by an user to translate the name of a server (a hostname, like www.gmail.com) to an IP address. Browsers, email clients, games, and all other types of applications communicate on the Internet by using IP addresses. So the DNS requests are vital for Internet communication.

When you connect to a VPN, it’s important that all your traffic will pass through the tunnel. DNS requests can reveal your activity if they “leak” out of the secure tunnel.

Imagine a crossroad: one way is your encrypted tunnel created over a virtual network adapter, and all traffic gets encrypted through it. The other way is your physical network adapter, where communication is not encrypted. When your DNS leaks, the DNS query containing the name of the website you access, will be sent through the insecure “road” reaching your ISP, disclosing the names of the hosts that you access.

The cause

The reason why DNS leaks occur is due to inappropriate configuration of network settings and VPN connections. In most cases, these issues are OS specific. For example on Windows, that is more affected by DNS leaks than other OS’s, the problem is that the DNS server assigned by the LAN gateway is preferred by the OS over  the DNS server assigned by the VPN service. Usually the DNS server address assigned is the LAN gateway itself, which will forward the DNS queries to the ISP’s DNS service. The worst part of DNS traffic is that it is not encrypted and can be used to disclose your browsing activity.

Are you affected by DNS leaks?

Connect to the VPN and check for DNS leaks using ipx.ac, www.dnsleaktest.com, ipleak.net.

What are the DNS server IPs that they detect? Does any of them look like it belongs to your ISP? if so, you are affected by a DNS leak. If the reported IP addresses are those of your VPN provider, it means that the DNS traffic is secure and you aren’t leaking.

The fix

The DNS leak problem is most frequent on Windows. To fix it, switch from using Automatic to static DNS servers. Set public DNS services like 9.9.9.9, 1.1.1.1, nextdns.io on your network adapters, both for IPv4 and IPv6 or better just disable IPv6. As long as your DNS server is not your own home router/DHCP server, it should fix the DNS leak problem.

Another fix is to use the built-in feature of your VPN software, if the VPN provider has software support for DNS Leaks protection.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.