Virtual private networks are one of the best online privacy tools there is. However, even VPN users need to be aware that their privacy may not always be as protected as they would like to believe. Not all VPNs are built alike, and some are susceptible to vulnerabilities that could compromise your privacy.
DNS leaks are one such vulnerability that can reveal the websites you visit to your internet service provider (ISP). If you are using a VPN for privacy reasons, this could negate the point entirely, leaving your web history in the hands of marketers, surveillance agencies and even cyber criminals if your ISP’s databases are compromised.
While DNS leaks are a serious privacy threat, diagnosing them and fixing the issue is fortunately not hard. In this article, we will look at how to know if you are suffering from DNS leaks, what causes this type of leak, and finally how to resolve the issue and protect your online privacy going forward.
What are DNS leaks?
In order to know where to find a website such as Google.com, your browser asks a domain name server or DNS. The DNS replies with the IP address that it has saved for that website, allowing your browser to show the page you were looking for.
When you use a VPN, all your web traffic is supposed to go through an encrypted tunnel straight from your computer to the VPN provider’s servers. However, in some cases, DNS requests from your browser may go outside this encrypted tunnel and direct to the domain name server. This is a DNS leak.
Why do DNS leaks matter?
If you are suffering from a DNS leak, your DNS requests are most likely going to your ISP’s DNS, as this is generally a computer’s default setting. This means that your ISP will be able to see all the websites and web pages that you visit. This information can then be shared with advertising agencies or authorities, and in the worst-case scenario, it could even be stolen in a cyber attack.
Am I suffering from a DNS leak?
The easiest way to find out if you are suffering from a DNS leak is to use one of the free tools available online. HMA!’s free DNS leak test lets you see if you are vulnerable to DNS leaks in a matter of seconds.
If you are suffering from DNS leaks, read on to discover the three most common causes of DNS leaks and how to fix them to secure your online privacy.
Cause 1: Improperly configured network
The most common cause of DNS leaks is an improperly configured network. This means that your Local Area Network (LAN) or computer settings are for some reason configured to send DNS requests direct to an unencrypted server rather than routing them through your VPN tunnel.
The easiest way to fix this type of leak is to force your VPN to send DNS requests directly to the VPN’s servers. However, not all VPN clients offer this option, or indeed have their own secure DNS.
If you don’t see an option to force DNS in your VPN itself, you should change the configuration in your computer to use your preferred DNS. Popular choices are OpenDNS and Google DNS, whose servers may not be as secure as those offered by VPN providers, but may be preferable to leaking your DNS requests to your ISP.
You can find a guide to switching your DNS configuration on Windows and MacOS on OpenDNS’s website.
Cause 2: Transparent DNS proxies
Some ISPs have a frustrating policy of forcing their customers to use their own DNS, in what are known as transparent DNS proxies. Here, the ISP essentially intercepts DNS calls and routes them through their own servers, effectively acting as a ‘proxy’.
Fortunately, fixing leaks caused by transparent DNS proxies is easy on the most recent version of OpenVPN, the technology used by most major VPN providers. You will need to locate your OpenVPN config file – where this is will depend on your VPN provider and your file system setup – and open it in a text editor. You will then simply need to add this line to the document:
On Windows computers the OpenVPN config file is often located at C:\Program Files\OpenVPN\config but if you can’t locate it you should get in touch with your VPN provider for assistance.
Cause 3: Microsoft Teredo
The third common cause of DNS leaks is Microsoft’s Teredo technology. As the web moved from the old IPv4 protocol to the newer IPv6 protocol, Microsoft created Teredo to assist in this move by enabling compatibility between the older and the newer protocol. While Teredo can be useful in some edge cases, it is also a security risk that will ignore your VPN tunnel completely. This can cause your DNS requests to leak.
While Teredo comes built-in with Windows, it is fortunately easy to disable. Disabling the technology is not likely to cause you any problems, but if it does, it is also easy to enable again.
To do so, you will need to open your Windows Command Prompt (by pressing the Windows Key + R, typing in cmd and then pressing Enter) and entering these commands:
To disable Teredo, type in: netsh interface teredo set state disabled
To re-enable Teredo, type in: netsh interface teredo set state type=default
Keeping your browsing private
After you have performed any or all of the solutions above, it is good to test for DNS leaks again. If you have followed the instructions, you should now be protected from leaks.
While using a VPN goes a long way towards keeping your online activity private, it is important to keep in mind that there is no single fix for online privacy – and that not all VPNs are alike.