DNS Leaks Explainedjames seibel
When using an anonymous VPN to hide your online identity (IP address), a mistake in how you configure your computer to use the Domain Name System (DNS) can cause your true IP address to be revealed. This post explains what DNS leaks are and how to avoid them to maintain safety online.
What is a DNS Leak?
Browsing the internet is a series of requests to servers. When you access google.com, the first thing your computer does is convert the name “google.com” into an IP address. Every computer on the internet has an IP address, whether it’s a client (you) or Google’s web server. The Domain Name System is a service that converts domain names (like google.com) to IP addresses. Once you get an IP address, that is when your computer actually fetches the data from the server.
Therefore, every internet request can really be thought of as two requests: one to fetch the IP address of the website from a DNS server, then another to the website’s server to get the data (there are many techniques such as caching that prevent your computer from doing this on every request, but let’s keep things simple).
If all of your traffic is going over the anonymous VPN network, except for your DNS queries, then you are greatly compromising the security of your system. DNS queries are typically over plain-text HTTP (not HTTPS), meaning they are not encrypted. At any point in the route between your computer and the DNS server, any eavesdropper can track what webpages and servers you are accessing.
Even more diabolical, if an attacker is capable, they can change the IP address of the response to send you a different page to conduct a phishing attack. This is difficult and unlikely for webpages served over HTTPS, but it remains a possibility depending on the strength of your attacker.
Stopping DNS Leaks
The first thing you should do is go to the dnsleaktest website and do the “extended test” both when your VPN is enabled and disabled. VPN applications provided from companies will try to stop DNS leaks, but they are not always effective. I have personally seen an anonymous VPN application on Windows fail to stop DNS leaks.
If servers not owned by your VPN provider are revealed, it is absolutely essential that you change your DNS servers to fix this issue.
Google provides a guide for how to do this on many different operating systems. Follow this guide for your operating system to change your DNS settings.
Next, you need a new DNS server. Do not use the DNS servers recommended in the Google guide. The guide is just to learn how to change the setting. If you have a good anonymous VPN provider, they should be running their own DNS servers that also destroy logs and keep your identity safe.
For instance, Private Internet Access’ DNS servers are 126.96.36.199 and 188.8.131.52 (listed here in the “DNS Leak Protection” accordion at the bottom of the page).
Once you set the DNS settings properly, restart your network connection and try the extended DNS leak test again.
You can also change the DNS servers inside your router hardware. Our own Easy VPN Routers have DNS leak protection built into them, regardless of the client connected to them.
DNS leaks are a very real threat to your privacy and safety online. If you have DNS leaks, you are sacrificing the benefits of an anonymous VPN and putting your security at risk. Be sure to check regularly for DNS leaks, especially after upgrading your VPN software or switching to a different computer.