Domain Name Service (DNS) is a mapping of a domain name to an IP address, so that humans can remember computer address by a domain name instead of IP address. A DNS service is requested automatically when someone enters an web address on the web browser, so that the server knows how to find a website. When a user connects to the internet via a home router, the router gets an IP address and DNS server IP addresses via the DHCP it's Internet Service Provider (ISP). You may choose to use public DNS servers instead of the ones provided by your ISP by configuring your Internet connection manually.
What is a DNS Leak?
A DNS leak is currently a major threat to user's online privacy and security since the network that is supposed to be anonymous is actually not, thereby providing a false sense of security to the user. A DNS leak is leaking of user's real IP address while connected to a VPN service. A DNS leak can occur in a situation where user's computer is unknowingly accessing default DNS servers rather than the anonymous DNS servers assigned by the anonymity network such as VPN. This happens when a DNS query fails to be routed through the anonymity network, causing a DNS leak, and thereby user's real IP address is exposed to the public network.
Despite high-level of IP anonymity and data encryption, services from various VPN network are prone to DNS leaks due to several reasons that include poor infrastructure. In simple words, a VPN user who believes to be using an anonymous connection is actually unaware of respective internet activity is outside the secure connection. Since DNS leak can cause revealing user's real IP address, many VPN providers are integrating anti-DNS leak features into their VPN software and prevent leaking of user's identity. Although DNS leak is caused due to several factors, a common scenario is when malicious websites adopt the policy of delaying website response to the user computer thus resulting in the browser switching to an unsecured DNS. Meanwhile, the newer Windows OS has a few in-built features which increase its susceptibility to DNS leaks.
How to Detect DNS Leak?
Some VPN services comprise solutions that monitor DNS requests to ensure that they are routed through VPN network instead of the ISP network. A VPN user who may be concerned about the DNS leak may contact the VPN provider and verify if users are protected with this feature. Further, websites such as www.ipleak.net and www.dnsleaktest.com among others provide free DNS leak tests. If an user is connected to a VPN network and sees test result including ISP's DNS indicates that the user is exposed to a DNS leak.
Ways to Prevent DNS Leak
Considering a serious privacy threat due to DNS leaks, several preventive measures have been identified for Internet users in general and VPN users in particular. Moreover, there are some VPN services which includes built-in anti-DNS leak solutions or fully-controlled DNS resolvers to ensure users' online privacy and security. In this regard, Hide My Ass VPN has come up with the following suggestions to prevent DNS leaks.
- Enforce a good DNS service: In the TCP/IPv4 options within the properties of your network adapters, set OpenDNS or whatever DNS service you prefer for all available network adapters. This ensures that your internet providers DNS servers are never being used, even when the VPN is not connected.
- Disable Teredo: On Windows, open command prompt (run cmd.exe) and run "netsh interface teredo set state disabled". Some file sharing clients like uTorrent also have an option to disable Teredo. Teredo is Microsoft's 6to4 (IPv6->IPv4) solution, similar to 6to4/6in4 features you might find in your routers settings. To prevent DNS requests to go through a non-tunneled IPv6 connection, disable Teredo and IPv6 related options on your router.
- Block non-VPN traffic: Either use IP Binding or configure your firewall to block all non-VPN traffic. This ensures that your real internet connection is not being used and also that your ISPs DNS servers are not being used.
- Install a good firewall.
VPN users are extremely cautious about the privacy and security of their online activity and are more concerned about DNS leaks. Hence, users are advised to verify the traffic originating from their computer is routed through a secure VPN network so that no monitoring entity can track down the user's real IP address. Experts also recommend VPN users to change the computer network settings to use a static IP address to ensure that the new DNS settings are given high priority and not modified without intimation.