VPN connection failures represent a major threat to your privacy, but there are other issues that may affect your privacy, even when you are using a VPN. DNS leaks leave your online activity exposed so your ISP will be able to monitor what you do. The main problem is that DNS leaks can occur even when you think that your VPN is protecting your data. DNS stands for Dynamic Name System and it is used to translate domain names into numerical IP addresses. The translation process is usually carried out by your ISP using its own DNS servers. However, when you use a VPN service, the DNS request has to be routed through your VPN provider’s DNS servers instead of those of your ISP.
While DNS leaks mainly affect Windows (and it is not rare that the default settings are used, meaning that the request are sent to the ISP’s DNS server instead than through the VPN tunnel), OS X and Linux may eventually be affected by this issue. When the default settings are applied and the DNS request is sent to the ISP’s servers and not through the VPN, a DNS leak occurs. This will enable your ISP to get access to what you do online, even if a VPN is being used.
It should be noted that Windows 10 users are particularly at risk since this version of the popular OS, by default sends DNS requests in parallel to all available resources at the same time, using the fastest one. If you are using Windows 10 (or Windows 8/8.1) make sure that “Smart Multi-Homed Name Resolution” is disabled. This can be done following the below steps:
Open the Start Menu and typing gpedit.msc in the search bar. Then double click gpedit.msc to open the Local Group Policy Editor.
In Computer Configuration, select Administrative Templates, then Network, DNS Client and Turn off Smart Multi-Homed Name Resolution. Select Enabled to turn off the service and click Apply.
Detecting a DNS leak
You can perform a DNS leak test visiting dnsleaktest.com. After carrying out the test, check the results to confirm if your actual IP address and location are being revealed. If the IP address shows the location and IP of the VPN server you are connecting to, you have no reason to worry as it means that there is not a DNS leak.
How to prevent a DNS leak
If you are looking for a way to prevent DNS leaks or want to fix an existing issue, there are different methods that you can try.
Opt for a VPN client that features DNS leak protection.
This is the easiest way to tackle DNS leaks and nowadays, many providers support this feature.. Some of the providers that offer this option as part of their service include NordVPN, Private Internet Access, TorGuard and Mullvad.
VPNCheck is a practical tool that shuts down the applications that you specify in case your VPN connection fails. While there is a free version, it is advisable to opt for the Pro edition (it costs about $20 at the moment) to prevent DNS leaks.
- After downloading and installing VPNCheck Pro, run the program and click Config on the main screen.
- Make sure that the DNS leak fix box is checked. It is also advisable to take time to select the programs that should be shut down in case the VPN suddenly drops.
- Then go to the main screen and click Cycle IP: Task or Cycle IP: Network
Change DNS servers and get a static IP address
While this is not exactly a fix for a DNS leak, changing DNS servers will allow you to prevent your ISP from monitoring your online activities. Many VPN providers are willing to give you their DNS server details. Alternatively, toy can route your requests through a public DNS servers such as OpenDNS and Comodo Secure DNS. Google Public DNS is another option, but given that the company is likely a close collaborator of the NSA, this is not a recommended option. You can find installation instructions for multiple platforms, but the below steps will allow you to set it up on Windows.
- Open Network and Sharing Centre and select “Change Adulator settings”.
- Right-click on your main connection and then select “Properties”. Go through the list and find “Internet Protocol Version 4 (TCP/IPV4), highlight it and then click on Properties.
- Take note of any existing DNS server addresses for future reference. If you wish to restore the system to its previous settings at some stage, click the “Use the following DNS server addresses” radio button and then enter the addresses. After clicking OK, you can restart the connection.
- If you are using the DNS server of your VPN provider, they will give you the DNS server addresses. If a public server is being used, you can use the below addresses.
Google Public DNS
Preferred DNS server: 126.96.36.199
Alternate DNS server: 188.8.131.52
Preferred DNS server: 184.108.40.206
Alternate DNS server: 220.127.116.11
Comodo Secure DNS
Preferred DNS server: 18.104.22.168
Alternate DNS server: 22.214.171.124
Changing DNS server is more secure since it directs the translation services to a trusted party. Additionally, it improves speed in many cases since some services are faster. A free tool called DNS Benchmark will allow you to find out how fats a DNS server is.
With a static IP, Windows and other platforms will always route your DNS requests to the DNS server of your choice, instead of assigning you a random IP, that could be routed through your ISP’s DNS server. While it is not essential, it is advisable to clear any other DNS servers, with the exception of those that are used by your VPN adapter.