Generally, people never care about their online privacy, maybe they think that they are safe and no one spy on them. I bet most of you don’t know that your privacy and personal data are at stake. DNS (Domain Name System) and WebRTC (Website Real-Time Communication) are the two common term, which serves the website when you type anything in your browsers.
Have you ever thought about them? Are they benefiting us or harvesting our data for hackers, government, and Internet Service Providers. Well DNS and WebRTC will not harm you until a leak occurs.
DNS Leak and WebRTC Leak are two dangerous threat which causes your privacy to go out of your control. Here, I am talking about your IP address, browsing data, the website you visit, and other logs.
VPN users make sure that your server doesn’t have a DNS leak problem. Check out the features with the official site of your VPN providers. Here I will discuss in detail DNS leak and different ways to fix it. You can check my other article for WebRTC leak fix.
What is DNS and How it Works?
Domain Name System is the primary key to access any devices, websites, and services over the internet. Internet users interact with the website by typing its name into browsers. Here the browsers talk to the web servers using the Internet Protocol address.
Thanks to DNS for giving us a character name of any websites instead of long number strings. You are able to remember Google.com, Facebook.com, and TechnologyCatch.com website names because of DNS.
In a general word, every website has its unique synonyms name in the form of a number as “Internet Protocol”.
As soon as you type your favorite website (www.TechnologyCatch.com) name in the browser, your ISP’s DNS server translates it into an IP address form like “XX.XXX.XXX.XXX” where X is a numerical number.
Now it starts searching for the pre-translated value of that website in the internet directory. All it happens in the blink of an eye. As a result, you are able to see the website page in your browsers.
How DNS Works? | PC – Wikimedia
How Others can Track You Using DNS?
When you search for any website on the internet, your browser sends a request to the DNS server to search for the IP address. By default, all the devices use the ISP-owned DNS server.
The real problems occur here, your all internet traffic passes through that DNS server only, unless you customize your devices to use Virtual Private Network DNS or different DNS.
Your ISP has full control over your all internet traffic. The log files include the IP address of the website you visited, session time, dates, and other pieces of information. This piece of information can endanger your privacy and enough to track down your online activity.
In many countries, ISPs sell these data to advertisers as well as to third-party like Five & Nine Eyes Alliance. The United States is an example where advertisers are looking for your personal data for their ads improvement. The European Union countries share individual private data with other countries and the government has full control to process and analyze it.
What is a DNS Leak?
Privacy should be an individual’s first priority. We torrent and download contents from it and we will never want anyone to spy or steal our data. That’s why people use VPN to protect themself against such acts. With an increase in technology and security, other harmful software and technology also emerge.
Normally wrong DNS configuration or software issues triggers DNS leak in your server. This leak gives a hand to your ISP to able to track and store your privacy-related data.
Operating System’s defaulting setting is also a reason for DNS leak, as it allows you to travel your traffic through your ISP’s DNS server instead of a VPN encrypted tunnel.
Choosing a VPN in this era is also a tricky thing. In reality, many VPN claims they have the best and perfect server, but only a few VPN is truly great and respect your privacy. When you connect to a VPN server, your internet traffic data goes through an encrypted (256-AES encryption technology) tunnel and hides all your online activity. However, it does not happen until you have a VPN server with DNS installed on it.
How to Test DNS Leak with Default Settings of OS?
Though there is a number of website on the internet which provides DNS leak test platform. If you have a good VPN subscription, then you should visit the provider’s official site as they provide the facility to test it for a VPN connection. Visit here to test your devices for the leak.
ExpressVPN’s Test Platform
I performed the DNS leak test using “dnsleaktest.com” without any VPN connection and with the default setting of my operating system. I prefer this testing platform as it provides an easy, clean, and understandable interface.
You can see the result below. My device has a DNS leak problem and “dnsleaktest.com” can see the DNS servers my ISP provider uses.
How to Test DNS Leak with VPN Connection?
I’m using Windscribe VPN for the DNS leak test, you can use any of your choices. Now connect to the VPN server or let it choose servers for you. I will use “dnsleaktest.com” again and you know the reason very well.
Windscribe is doing a pretty good job by preventing DNS leaks. As of now, my connection seems to be in Germany, but my actual location is in India. So my VPN is providing a secures connection and none of my DNS information is leaking outside the road.
However, If “dnsleaktest.com” detects my original DNS servers even after the VPN connection, it indicates that my VPN connection has a DNS leak problem.
How to Perform a DNS Leak Test in Command Window?
If you don’t want to give your DNS information to the testing website, no problem, it’s Ok. Windows operating system has another method for the DNS leak test in its command panel. Follow the below step.
- Open the command window from the Windows search bar.
- Now type “nslookup whoami.akamai.net” in the command window and hit enter.
- You should get the server name and IP address of your ISP.
DNS Leak – Causes & Solutions
Once you have found out the DNS leak, look for the causes and don’t rush towards your VPN providers’ help-desk window. I have rounded some common causes of it. Be patient, a possible solution is here.
Problem 1 – Improper DNS Network Settings
People are so greedy for the internet, they usually connect to any network they have got. This is not for one day, it’s their habit. They do it on regular basis. From coffee shops to airports everywhere they look for a Wi-Fi network.
This case is the same for office professionals and they experience it a bit more than the normal internet user. This whole process of switching networks constantly results in the improper network configuration of the device. In the end, they lose their privacy.
What more your device DHCP’s (Dynamic Host Configuration Protocol) automatically assigns you a new DNS address. This newly assigned DNS address may belong to your ISP or other network providers.
Basically, when you connect to a VPN server, your DNS requests will pass through the newly assigned DNS address and not from your VPN’s encrypted tunnel. This makes your DNS leak visible to your ISP or others and you will not want that.
Solution for Improper DNS Network Settings
DNS leak fix is not an easy job, improper or poor settings result in security flaws as we have discusses earlier. The possible solution is to use a trusted DNS server. If you are using a VPN, then look for a DNS setting and force it to use VPN’s DNS only. Contact your service provider if you are unable to put in place it by yourself.
I will suggest you use ProtonVPN, with DNS leak protection inbuilt in the app, your privacy will always remain safe. It will take care of you by turning this feature to on mode, so don’t worry.
ProtonVPN also has custom DNS settings and you can put any DNS server you want. Thanks to ProtonVPN for offering such features without any cost, you can get it in a free version also.
Problem 2 – No IPv6 Support
The Internet world is in transition mode now and will take much time to grow completely. For the people who don’t know what is this. The explanation is here, till now we have known Internet Protocol Version 4(IPv4) and with recent innovation in technology, IPv4 is not sufficient to identify the devices across the internet.
Instead of sticking at IPv4, devices are made in such a way that they will have IPv6 addresses. The whole problem occurs from the transition of IPv4 to IPv6 as it takes much cost, specifically to VPN providers.
There are many websites that use both IPv4 and IPv6, some use IPv4, and some even IPv6. For now, many VPN provider doesn’t have IPv6 support and their customer also don’t require it.
The people who are accessing the website containing IPv6 and have a VPN connection with no IPv6 support can fall in danger. Because the request made from their system will not go through the encrypted tunnel, thus causes a DNS leak problem.
Solution for IPv6
Check with your VPN provider, if they are providing full support for IPv6. At least they should have a feature to block IPv6 requests. If they don’t have any of the options, simply switch VPN providers for your own shake.
The market has really a great VPN. For example, ExpressVPN and NordVPN, just block any IPv6 requests to keep you safe. ProtonVPN also has taken steps to ensure users must remain safe and block all IPv6 traffic by default. In simple words, all IPv6 traffic goes through the VPN server and never leaves it.
Problem 3 – Smart Multi-Homed Name Resolution
Smart Multi-Homed Name Resolution came into the pictures in the Windows 8 operating system. With the aim to increase web browsing speed, it sends out DNS requests to all available network adapters and accepts responses from one available DNS server instead of the one which you have selected.
Now you can imagine, how it trumpet your DNS request to all available places. This causes DNS leaks at all available network adapter. What more, even if your VPN is sending the request through the encrypted tunnel to secure DNS servers, don’t just relax. Smart Multi-Homed Name Resolution is very clever, it tries to send DNS requests to your ISP’s DNS as well.
In windows 10, Smart Multi-Homed Name Resolution features have gone to the highest level. Here this feature does not behave in the same way as it used to work in Windows 8. In Windows 10, it uses the first response received.
Solution for Smart Multi-Homed Name Resolution
SMHNR in a short word is not only a headache for Windows 8, but also for Windows 10. There is no complete solution for this, still, you can turn it off in windows 8. To disable it for Windows 10, you have to go through installing a free Plugin.
If you don’t want to play with the Windows registry and don’t want to ruin it, simply use a VPN like ProtonVPN which provides DNS leak protection. Playing with the registry will not guarantee a DNS leak, so a preferable solution is just to install the OpenVPN plugin.
Problem 4 – Tredo Technology
Like Smart Multi-Homed Name Resolution, Microsoft introduced the Tredo feature for IPv6. It was brought into the picture at the time of Windows Vista because of the slow transition of IPv4 to IPv6. It allows the traveling of IPv6 traffic inside IPv4.
While Tredo is a good attempt by Microsoft, but they also have opened a big security risk hole for your data traffic. VPN users may feel a little disappointed as Teredo is also a tunneling protocol. Being protocol is not a real threat, its functionality seems a threat to VPN. Sometimes it can take down your VPN’s secured tunnel. It usually doesn’t do this, but when it does, it causes a DNS leak only.
Solution for Tredo
A simple solution for Tredo is to just turn it off. You must have administrator permission to do so. All processes complete in the command window only and nothing more, make sure you have the right command-line query otherwise you may break something.
After disabling it, you may experience problems while opening some websites. I will show you how.
- Open Search Bar and type “CMD” and open it as Administrator.
- Now type “netsh interface teredo set state disabled” and hit enter.
- If everything goes fine, you will see “ok”.
Problem 5 – Proxy Redirection
Sometimes people don’t trust or don’t want to use ISP’s DNS. Rather that they prefer third-party DNS like Google DNS, Open DNS, or VPN’s DNS. You can configure your device to use these DNS and it is totally up to you and no one cares except you.
Because ISPs can not get a hand on you, they don’t like these actions of users. They use transparent proxy to force you to use their DNS servers as it helps them collect your traffic data and the website you visit. They keep it secret from you, so in other words, a DNS leak is happening.
Some territories like the European Union have allowed ISPs to eye on your data. They are free to analyze and process your data and even they can sell to a third party. The United States also made it legal to sell information about your online activities and this information is enough for hackers to blackmail you.
Solution for Proxy Redirection
If you are using a VPN already for the above-listed problem, then you don’t have to worry. Make sure your VPN has its own encrypted DNS server installed on it. Another solution is using OpenVPN client-server. Here’s how you can do.
- Open “C:\Program Files\OpenVPN\config” in your Windows OS.
- Look for the “.ovpn” extension file and edit it as a notepad.
- Add “block-outside-dns” and save.
Different Ways to Prevent DNS Leak in Future
No one wants to have a headache after fixing anything. People expect relief while. So before you go to sleep make everything right for tomorrow. That’s what we will discuss here.
Apart from the above-explained solution, read some more tips below to avoid a DNS leak in the future. If you think your ISP’s DNS is not benefiting you except harming. If your VPN does not have a secured tunnel to protect you, no problem, here are other solutions.
Manually Change DNS Server
Most people don’t want to use a VPN as it costs money or your VPN does not have DNS leak protection. Even you are not interested in ISPs DNS or you feel that it is insecure. Then you should head towards the third-party trusted and reliable DNS servers like Google and OpenDNS.
You can configure your device with two of the Google DNS servers. The most preferable is the first one. Go with the second one if the first one is causing some problems.
> Preferred DNS Server 220.127.116.11
> Alternate DNS Server 18.104.22.168
Use OpenDNS instead of your ISPs DNS, stay protected, and stay safe.
Use ultra fast, secure, and resilient DNS instead of your ISPs slow DNS.
> Preferred DNS Server 22.214.171.124
> Alternate DNS Server 126.96.36.199
DNS Configuration in MAC OS
Now you have got your favorite DNS, it’s time to configure it on our device. Follow the below step.
1. Head towards “System Preferences”.
2. Now, Click on “Network”.
3. Select the first connection in your list and click “Advanced”.
4. Select the “DNS tab” and add your favorite DNS to the list of DNS servers.
5. Finally, Click “.
DNS Configuration in Windows OS
1. Open Control Panel and click on “Network & Sharing Center”.
2. Click on “Change Adapter Setting” and select “Network Interface”.
3. Go to the “Properties” tab.
4. Select “Internet Protocol Version 4 (TCP/IPv4)” and click on “Properties”.
5. Click on “Use the following DNS server address”.
6. Save and close.
DNS Configuration in Router
If you are using a smartphone, Laptop, Android TV, or any device and you want to use a common DNS server for all. The process is very simple and what you need is a router connection. DNS configuration in routers is very simple with respect to OS.
The process is the same for all types of the router but I am using the D-Link router, so I will configure it. Follow the step carefully.
1. Visit the router’s IP address (For D-Link – http://192.168.0.1).
2. Now Enter the router password.
3. Click on the Manual Internet Connection, You can find it at the bottom.
4. Type your preferred DNS Server. I will use the Google DNS server. Primary DNS Server – 188.8.131.52 and Secondary DNS Server – 184.108.40.206.
5. Click the Save and close it.
Now all your devices connected to the router will use the same DNS server. Since the Google DNS server is the most trusted, so you don’t have to worry about DNS leaks anymore.
Give a Hand to Secured & DNS Proof VPN
Technology is racing in the world as fast as it can, so the risk of breaching. To tune with technology, people are also running with it. VPN providers are trying hard to implement new technology in their service. Some became successful in providing tight security with no data leak, while some are still struggling.
If this is the case with your VPN, then you should give a chance to another VPN. NordVPN and ProtonVPN are rare product who offers DNS leak protection. We have discussed ProtonVPN for DNS leak fix earlier in the blog.
NordVPN has its own operated DNS server. As soon as you connect to NordVPN, all your DNS queries go through the encrypted tunnel only. So you don’t have to worry about DNS leaking.
Stop Non-VPN Traffic
Suppose you are browsing private things or opening some personal data with a secured VPN connection but suddenly your VPN lost the connection. Before your VPN comes back, your data might become available to the internet and any eye can catch it. You will not want this to happen again.
The best way to prevent it is to turn on the VPN kill switch. VPN kill switch blocks all the data traffic before your VPN lost the connections, thus saving your data from leaking.
Be Alert and Regularly Check for DNS Leak
Well, all we have done till now is DNS leak prevention. Don’t just relax, follow earlier steps, and perform regular testing of your DNS. Make sure that everything goes fine and no one is hurting your data not even VPN’s DNS. As soon as you find anything related to the data leak, take the necessary actions we discussed.
Try VPN Monitoring Software
This option is for people who really care about their privacy and are ready to spend for it. Though I will not suggest purchasing it if you have a VPN like NordVPN because it will add extra cost to you other than your VPN’s subscription.
Normally when a VPN connection goes down, the VPN monitoring tool prevents your device to make data request. It also helps in preventing suspicious data traffic and measures load.
PRTG Network Monitor is the best as it comes with a 30-day free trial. It also gives you have the option to upgrade to premium or downgrade to a free subscription.
Our Final Thoughts
We have discussed every aspect of DNS leak, its causes, and its prevention. DNS leak, WebRTC leak, and some other threats are really a data security headache. Always remember privacy comes first, rest comes in second. Never let anyone play with your personal data.
Purchase a good VPN with all leak-proof features or look for other trusted DNS servers we have mentioned above. Follow the all necessary precautions and you don’t have to worry again.
Sorry for making it lengthy, but it was necessary to guide you on every step. Lastly, I hope you have found it helpful. Stay Safe!