What is a DNS leak? How to prevent your IP to leak on Internet?

In this article, we’ll dig a bit deeper into our subject and focus on DNS leaks. But don’t worry, it won’t be one of those articles that only geeks can understand. As usual, I’ll try to explain things clearly and make it accessible for you dear reader. By the end, you’ll know what is a DNS leak and how to fix a DNS leak. Protecting your privacy is one of my priority! Fixing your IP leaks is a step forward a safer Internet. And my mother hoped I’d be a plumber.

Why you should worry about DNS leak protection

First, I must say that it’s not a strategy to convince you to purchase a VPN – even if you should. Indeed, it’s a problem VPN users are facing… There is no leak when you’re not using a VPN: All your data are flowing in the clear anyway! But for people who are protecting their privacy, it’s a real threat. A threat that millions of Internet users are facing. Sometimes without being aware of it. Let me put on a bib overall and brush my mustache. Here we go!

back to menu ↑

DNS 101: Dynamic Name System

If you’re on my website, it’s a good bet that you’ve used the DNS even without realizing it. So what is it? Wikipedia says: The Domain Name System is a hierarchical decentralized naming system for computers, services, or any resource connected to the Internet or a private network. In other words, it’s a system which resolves domain names on the Internet.

You’ll ask me: Why do we need to resolve domain names? Well, every internet connected device, and every internet connection, has a unique IP address that is used to identify it. And websites are hosted on servers, with public IP addresses. But does 212.58.244.26 ring a bell? No, it doesn’t, even if you’ve been visiting the website every day. Because we’re using user-friendly addresses, thanks to the DNS. Therefore, if you want to reach 212.58.244.26, you’ll type the domain name www.bbc.co.uk. Pretty cool huh?

how to fix a dns leak

To make it simple, when you type the name of a website, you send a request for information to DNS servers. In these servers, there are the correspondence tables with domain names and public IP address. And the servers will connect you to the corresponding IP address. It’s like the yellow pages, but without the hassle. This process is the DNS name resolution.

dns name resolution

It often happens that several sites have the same public IP address. Because they are hosted on the same server. In this case, the server decides which website to connect you to, depending on your request.

back to menu ↑

So what’s the problem doc?

This DNS process is usually performed by your Internet Service Provider. But using your ISP’s DNS is the best way to make sure that your provider always knows your online activity. And even if you have nothing to hide, your information is stored for years. Sometimes used for advertising purposes.

When you’re using a VPN, your requests should be handled by your VPN provider. That’s the reason why most VPN offer their own proprietary DNS servers, like VyprVPN or NordVPN. In consequence, all your requests should be transferred through the VPN encrypted tunnel.

Unfortunately, it’s quite common for Operating Systems to use the default settings, instead of the VPN’s. And send your requests to the wrong server. This is where you find a DNS leak. If it happens, then anybody (ISP, government, hacker…) monitoring your traffic will be able to log your activity. DNS leaks are a major privacy threat since your VPN  may be providing a false sense of security while your private data is leaking.

dns leak vpn

back to menu ↑

IPv4 DNS leaks

First, you need to know about Internet Protocols (IP). IPv4 is the fourth version of the Internet Protocol. It uses 32-bit addresses. So what? Well, it means there are about 4.3 billion addresses available. Only. With the rapid development of Internet, IPv4 addresses are running out. But it still routes most Internet traffic today, despite the ongoing deployment of IPv6 – its replacement.

ipv4-address

As I explained previously, your Operating System is not so good at handling DNS requests between your VPN and your ISP (especially Windows). And your traffic is at risk.

back to menu ↑

IPv6 DNS leaks

IPv6 is the most recent version of the Internet Protocol. It uses 128-bit addresses. The main advantage of IPv6 over IPv4 is its larger address space. With IPv6, every new device can get its own unique IP address. The deployment of IPv6 started in 2008, but its adoption has been slow. Nowadays, we use both protocols. However, it might introduce more security threats as hosts could be subject to attacks from both IPv4 and IPv6

ipv6-address

The DNS leak is different with IPv6. Basically, VPN software can’t handle IPv6 requests yet. So, every time you send an IPv6 DNS request, your ISP DNS server answers it. Bummer.

back to menu ↑

How to fix a DNS leak?

Before fixing anything, you should check if you’re suffering from a DNS leak. Some websites offer to test your connection, for free. Visit IPLeak for example. If you can see your real IP address and/or the address of your ISP, you have a DNS leak.

back to menu ↑

DNS leak fix 1: Use a VPN with built-in DNS leak protection

This is the safest solution. If you choose a VPN with a DNS leak protection, there won’t be any leak with Ipv4. And it will automatically deactivate IPv6. You get the best protection: 100% sure.

what is a dns leak

I already explained what is a VPN and what are the VPN protocols. You can also check my VPN reviews. In case you’re wondering which VPN to choose, I made a list of the best VPN with DNS leak protection:

VyprVPN Review and cost

VyprVPN is the VPN of a Swiss company, which promotes privacy, security and access to a free and open Internet. It's ...

9.2
2 Express VPN Review and cost

Express VPN Review and cost

ExpressVPN is one of the oldest and most popular VPN available on the market. And it's one of my favorites. Why? First ...

9.5
3 NordVPN Review and cost (Oct 2017)

NordVPN Review and cost (Oct 2017)

NordVPN has been on the market only a few years. But it's growing fast lately. The VPN is provided by a company in ...

9.4
4 Pure VPN Review and cost

Pure VPN Review and cost

Pure VPN is provided by a company from Hong Kong. It's been on the market for almost 10 years now. And it's one of the ...

8.7
5 VPNArea | Review and cost

VPNArea | Review and cost

Offshore Security is a Bulgarian company that launched VPNArea in 2012. While providing a serious solution focused on ...

8.9

You’re welcome.

For example: Here, I’m using VyprVPN. And I connected to their Japan server. I also activated the DNS Leak Prevention (in Options, DNS Tab).

vyprvpn japan

Let’s make a test. If I go to IPLeak, I get these results for the IP address:

vyprvpn japan IP leak test

And these for the DNS servers (VyprDNS):

vyprvpn japan DNS leak test

I’m all good, no DNS leak at all. My IP is hidden and my traffic is encrypted. Oh yeah!

back to menu ↑

DNS leak fix 2: Change your DNS server and disable IPv6

Second option is to change your DNS server. Either if you don’t use a VPN. Or if your VPN doesn’t provide a proprietary DNS. The DNS always work in pairs, a preferred DNS server and an alternate DNS server. Consequently, when changing the DNS of your device, always change 2 IP addresses. You can also delete the DNS servers you’re not using.

With a new DNS server, you get a more secure service. And you can also get a faster service. The public DNS servers below are reliable options. Sometimes, I use OpenDNS myself.

Public DNS Provider Preferred DNS server Alternate DNS server Website
Comodo DNS 8.26.56.26 8.20.247.20 Visit Now
Google DNS 8.8.8.8 8.8.4.4 Visit Now
OpenDNS 208.67.222.222 208.67.220.220 Visit Now
Neustar DNS 156.154.70.1 156.154.71.1 Visit Now
back to menu ↑

Change DNS tutorial on Windows 10

1. Open Network and Sharing Centre (in the Control Panel or from the Start Menu)

2. Click on the active Internet connection. It’s a blue link in the top right of the window.

change dns tutorial

3. In the new window, click on Properties.

dns change tutorial

4. In the new window, double click on Internet Protocol Version 4 (TCP/IPv4) or select Internet Protocol Version 4 (TCP/IPv4) and click on Properties.

change dns tutorial

5. In the new window, select Use the following DNS server addresses and input the server preferred and alternate addresses. In my case, OpenVPN server. Then click OK. You’re all set!

change dns tutorial

back to menu ↑

Disable IPv6 tutorial on Windows 10

Once you’re done, you can disable IPv6 from the WiFi Properties window. You just need to clear the Internet Protocol Version 6 (TCP/IPv6) check box.

disable ipv6 tutorial

back to menu ↑

DNS leak fix 3: Setup your firewall

This solution is a bit more of a hassle. It’s not just enabling or disabling features. But it’s very efficient. You need to setup your firewall to:

  1. Block all outgoing connections from you device
  2. Allow outgoing connections for
    1. Your DNS server’s IPs
    2. Your VPN software IP

These are the general steps. Each firewall software is different. A little search on Google will help you set yours up.

back to menu ↑

Other potential leaks

back to menu ↑

Teredo: Leaks while torrenting

Wait, what? What is Teredo? Ok, a little explanation: Microsoft uses a protocol called Teredo to allow communication between IPv4 and IPv6.

And some torrent software can access it. But the problem is that when they do, they may send requests outside the VPN tunnel. Therefore, there’s another risk of not being protected while using torrents, even with a VPN.

Fortunately, we can solve it easily by disabling Teredo with Command Prompt:

1. Open Command Prompt with a right click and select Run as administrator.

disable teredo

2. Copy the following command and paste it in the window.

netsh interface teredo set state disabled

If you want to re-enable Teredo, copy and paste the following command in the Command Prompt:

netsh interface teredo set state enabled

back to menu ↑

WebRTC: Leaks from your browser

webrtc leak

Sorry Windows users. But there’s another threat due to the features of your browser. WebRTC is a free, open project that provides browsers and mobile applications with Real-Time Communications (RTC) capabilities. Thanks to WebRTC, you can use voice calling, video chat, and P2P file sharing from your browser. There are 3 supported browsers so far: Chrome, Firefox, and Opera.

But the drawback is that your browser communicates outside of your VPN encrypted tunnel… Therefore sharing your real IP address on the websites you visit.

To solve the problem, you must disable this feature on your browser. There is no other way…

As of today, there are no reliable ways to disable it on Chrome and Opera. You can install an extension. But in some cases, the browser can leak your IP address.

Here is the tutorial for Firefox:

  1. Type about:config into the URL bar.
  2. Click the button I accept the risk! to access the settings
  3. Look for media.peerconnection.enabled
  4. Double click the line to get Value to False. Done

firefox webrtc

back to menu ↑

VPN connection fails: Leaks when your VPN is down

Ok, s*** can happen. You’re connected to your favorite VPN and the connection drops. For whatever reason. So your Operating System takes over and connects your device to the Internet, with the default settings. What gives?You’re back in the clear

Fortunately, VPN providers thought about that. That’s why most of them offer a kill switch feature. With an Internet kill switch, your VPN software monitors your connection. If the connection drops, then the VPN software stops all your Internet traffic. Until it can get the connection back. I enabled Kill Switch on VyprVPN. Here’s what happen if I manually disconnect: I’m not connected to the Internet anymore. Conclusion: No leak at all.

vyprvpn kill switch

This was my guide: What is a DNS leak? How to prevent your IP to leak on Internet? Stay tuned for more articles coming soon.

Privacy is a right, protect it!

If you are genuinely interested in thwarting the tracking efforts of your ISP, your government and other advertisers, you should read the articles below:
We will be happy to hear your thoughts

Leave a reply

The Best VPN for UK