What is DNS Leak? How to Prevent It?

Early in this year, I have talked about using Public DNS servers and DNS Hijacking in which I explained everything about them. Today, I am here with another topic related to DNS which is DNS Leak. Yes, today’s topic is DNS Leak in which you will get to know what it is, and how to prevent it using various techniques.

What is a DNS Leak?

When you use a VPN, it makes a connection between your computer and its server, and then the VPN server connects you to the website that you queried for. On the other hand, when you are not using any VPN, and you type a website address in the browser, then hit enter, your IP server directly connects you to that particular website. But with VPN, your connection is filtered through their server and the connection is highly encrypted. This way, your ISP or Government can only see that your computer is connected to a VPN server, but they cannot see where the VPN connects you. That means no one can track which websites you have been browsing. That is what VPN for. But, a situation where the VPN is bypassed is called a DNS Leak. In simple words, if your browsing can be tracked even you are using a VPN; it is called a DNS Leak.

This is a kind of dangerous situation because as a user you don’t even know that your VPN is bypassed, and all the time you keep thinking that you are anonymously surfing the web but the reality is that your logs are being tracked.

You would still be able to unblock the blocked websites in your region since you are using the VPN, but your anonymity is left unprotected which directly means that your location and browsing are being logged by your ISP.

So, the question here is how to be sure that there is no DNS leak in your VPN?

For this, you need to find out how to test if a VPN has DNS leak or not.

How to Perform DNS Leak Test for your VPN?

There is a simple online tool, dnsleaktest.com that has the answer to it. You have to perform the steps below:

First of all, without connecting to the VPN, access dnsleaktest.com. Once it is loaded, you will be able to see your computer’s IP address and location. This is obvious since you are not using a VPN server.

Now, connect to a VPN.

Again, type in your browser dnsleaktest.com, and once it loads, see that there should be another IP address and location. You can click on “Extended Test” to see more details. That means VPN has protected your location and masked the IP address.

As you can see in the above screenshot that now the new location. And, also the different IP address is showing. That means there is no problem.

But, even you are using a VPN, and when you open the dnsleaktest website, and it still shows your actual IP address and location, there is a DNS Leak.

I have used Hola Chrome Extension which offers free VPN, and then tested the DNS leak. When loaded the dnsleaktest website, it showed me the different IP and location, but when I clicked on “Extended test”, it showed me my actual IP, location, and ISP details. That means it does have DNS Leak. It is faking your location and IP, but it doesn’t offer anonymity because your browsing and other things are being tracked by your ISP due to DNS Leak in this VPN.

The same thing, I tried using NordVPN, and it didn’t show my actual detail, that means there is no DNS Leak here. So, if you need or want to use a VPN, go with NordVPN. The same thing, I tried using Shellfire VPN and found it to be good, and no DNS/IP Leak is there. ExpressVPN is also on the list that doesn’t have any DNS leak problem. Moreover, you need to configure it correctly. So, you can choose any of these. Moreover, there might be many other VPNs that don’t have DNS Leak issue, but since I have access to these VPNs, I have tested these only at the moment.

This is how you can find whether your VPN has DNS Leak or Not.

How to Prevent DNS Leak While Using VPN?

1. Change DNS Server

Though this is not a complete fix for DNS Leak but changing DNS server makes sure that your ISP is not tracking your browsing and internet usage. If you are using VPN service, you can ask them their DNS server, and they will happily provide you that which you can update in your internet settings. Moreover, if you don’t get any DNS server from your VPN service, you can use public DNS servers such as Google Public DNS, OpenDNS, etc. If you have got the DNS servers either from your VPN provider or any free public DNS server, but, not sure how to update it, you can read the guide by clicking here to know updating DNS servers.

2. Use VPN that has no DNS Leak

Until you use a VPN server, it is tough to know whether it has DNS leak or not. Therefore, before buying any VPN service, make sure to talk with them, and discuss about the DNS leak. You can also ask for 1-2 days demo so that you can check if the VPN service is good and worth of spending money. Once you are assured, you can go ahead, buy the service.

Mullavad VPN service has a dedicated option that enables you to stop DNS leak which is an added advantage.

You can use these types of VPN services to make sure they are not leaking your DNS. This can be the best solution to prevent DNS Leak.

3. IPv6 Compatibility

IPv4 is used generally, and every VPN has support for it, but it is gradually replaced by IPv6 which is the latest version of IP addresses. Any browsing requests sent to or from your PC over IPv6 will bypass the VPN if it doesn’t support IPv6. And, in that case, DNS leak will happen. If your VPN has the support for IPv6, then this won’t cause any issue. Therefore, while choosing a VPN with IPv6 support is a wise decision. However, there are some VPNs that block IPv6 traffic to save you from DNS Leak, but it’s good to get the one that processes IPv6 traffic without any leaks.

4. ISP Using Transparent DNS Proxies

Some of the ISP uses transparent DNS proxies to force their DNS even if you are using a VPN. If you change the DNS servers, it will be detected, and they will use a transparent DNS proxy that will force your connection to use your ISP’s DNS only. That means, there will be DNS leak even if you are using VPN or changed DNS servers.

This issue is sometimes tough to bypass, but luckily the latest version of OpenVPN offers to bypass this technique of your ISP. When you use OpenVPN, you can go to the C:\Program Files\OpenVPN\config and look for .conf or .ovpn files. Edit them, and add this line there: block-outside-dns

This will not let those transparent proxies get over your secured connection, and thus, no DNS leak now.

Conclusion

DNS Leak is one of the biggest matters of concern because when you are using VPN, you think you are safe, but actually, you aren’t if your VPN has the DNS leak issue. You won’t understand about it until you check using the tool I mentioned in this post. Therefore, for safety measures please take care of the pointers I have shared above. Most importantly, use only that VPN who doesn’t leak DNS.

Hope you like this blog post. Share your thoughts and feedback in the comment section.