Published on July 18, 2020 by SatoshiVPN in How To.
58 views

How to detect a DNS leak

Learn how to detect a DNS leak when you're using a VPN or proxy so that you can be sure your connection to your ISP is protected.

How to detect a DNS leak

If you use a VPN, then you most likely know the security and privacy advantages that typically come with them. However, if you have a DNS leak, your security and privacy can become compromised. During a DNS leak, the data regarding your connection to your internet service provider (ISP) is exposed even when you are connected to your VPN.

But what causes a DNS leak? How can a DNS leak affect you? How can you detect it, fix it, and prevent a DNS leak from happening to you? Let’s dive in and explore:


What is DNS?

DNS stands for Domain Name System. The system translates the domain name you enter in your browser into a computer-readable IP.

This is how it works: whenever you want to access a certain site, you key in the site's name into your browser. Your device will then contact a DNS server to ask for the IP address of the site. Once the DNS server provides the IP address, your device connects to the website you want.


What is a DNS leak?

When you connect to a VPN service, all your online traffic is supposed to be routed through the VPN network, DNS requests included. This way, no one can see what you are up to. However, due to security flaws, your DNS requests can leak outside the encrypted tunnel.


How can a DNS leak affect you?

When a DNS leak occurs, your online traffic is no longer secure from prying eyes. Your ISP and DNS provider can see what you do online, the websites you visit, the services you use, and so much more. Your security and privacy are no longer assured.

Besides exposing your online activities, a DNS leak also exposes your real geo-location as well as the location of your ISP. This is information witty hackers can use to get your IP address and infiltrate your system for their own advantages.


How to detect a DNS Leak?

Several sites can help you test your VPN connection for VPN leaks. Popular sites that we recommend include dnsleaktest.com and ipleak.net.

dnsleaktest.com

With dnsleaktest.com, you can either run a Standard test or an Extended test. Running both is the best option.

The Standard test is the faster of the two, but it's for quick checks when running a VPN. The Extended test covers more DNS servers and is great if you have strong anonymity/privacy requirements.

When running the Extended and Standard tests, what you need to look out for are the servers that show up in the results.

If you are using a VPN, and some of the servers in the results don't belong to your VPN provider, you have a DNS leak. If any result shows your real location or that of your ISP, then you have a DNS leak.

ipleak.net

With ipleak.net, the site runs the DNS leak test automatically. You don't have to launch any of the tests like dnsleaktest.com. Once you visit the site, it automatically runs its tests.

You can let the site run its tests without a VPN and then connect to your VPN provider and run it again. The tests done without VPN will show you the DNS servers your ISP provider uses and where your normal ISP-provided connection originates from.

The tests done after you launch your VPN will help you determine whether your VPN is providing a properly protected connection.


Causes of DNS Leaks

There are several causes of DNS leaks. Some of the common ones include:

Improperly configured networks

If you connect to different networks regularly, then an improperly configured network could be the reason behind your DNS Leak issue.

When using a VPN, your computer has to first connect to the internet via a local network before the VPN can start operations.

Constantly switching between networks might result in an improperly configured DHCP (Dynamic Host Configuration Protocol) automatically giving you a new DNS Server to handle your requests, ignoring the VPN settings. The new DNS Server could belong to your ISP.

You can fix this problem by forcing your computer to use the VPN provider's DNS servers. Configure the VPN only to use its own servers. Most VPNs have this option in their settings. If you have one that doesn't provide such an option, you can inquire from customer support.

Transparent DNS proxies

Some ISPs use a transparent proxy (server) to intercept and redirect your web traffic to their DNS Server. Yes, some ISPs are not happy with you using a third-party server. Most detection sites like ipleak.net and dnsleaktest.com will come in handy why looking to detect ISPs’ transparent proxy.

Fixing this problem will depend on your VPN provider and VPN app. If you are using a VPN provider's app, you can look for the option to force the use of the VPN provider's DNS Servers. If you are using the OpenVPN open-source app, you will have to modify its configuration files.

Windows 8 and 10; Smart Multi-Homed Name Resolution Feature

Smart Multi-Homed Name Resolution (SMHNR) Feature made its debut in Windows 8, and now it also in Windows 10. The feature was developed to increase web browsing speed by sending DNS requests to all available DNS servers.

On windows 8, SMHNR falls back to other DNS addresses when your preferred DNS fails to be reached. Windows 10 machines on the other hand will connect to the fastest DNS response by default. This can cause DNS leakage and DNS spoofing.

If you are using Windows 8, you fix the problem by disabling this feature. There is also a plugin for Windows 10 users if you connect to your VPN via OpenVPN app that you can download and install to resolve the issue.


How to prevent DNS leaks in the future

Prevention is better than cure. Here are a few ways to prevent DNS leaks in the future:

Only use a trusted, independent DNS provider

Some of the popular DNS server address options include Google Public DNS, OpenDNS, and Cloudflare.

Set your VPN to block non-VPN traffic

Some VPNs come with a Kill Switch that automatically disconnects your computer from the internet whenever there is a VPN disconnection. And some VPN providers also have an IP Binding feature that blocks any traffic that doesn't go through the VPN.

Regularly perform a DNS leak test

There are sites listed above that can help you perform a DNS leak test regularly.

Consider VPN monitoring software

VPN watcher is a tool that prevents applications from sending data requests when your VPN connection goes down.


Final word

The best way to deal with DNS leaks is to find a reliable VPN provider that guarantees leak-proof VPN connections. With implementation of innovative and the most up-to-date technologies, SatoshiVPN ensures there’s no DNS leak on your device and maintains high standards of privacy.

Hopefully, this guide has been of some help, and you now have an idea of what to do when looking to detect and resolve DNS leaks.



Back