Virtual private networks are designed to protect your identity and one of the main methods of this process is by swapping your original IP address to a new one. Unfortunately, however, a fundamental flaw in Windows operating systems has left the gate open for a common vulnerability referred to as a ‘DNS leak’, essentially jeopardising the user’s IP location and thus – anonymity. Although the initial fault does not lie with the VPN providers, the vulnerability still requires extra precautionary measures to be taken in order to maintain an expected level of online privacy.
What is DNS?
The Domain Name System or ‘DNS’ is used by computers and mobile devices to contact servers associated with web destinations such as websites and email addresses. Behind every internet connection, URL and email stands an IP address belonging to their respective DNS servers. The Domain Name System converts easy-to-use web addresses (i.e. www.bestvpnz.com), allowing for communication between your internet service provider’s DNS server and that of the visited website. In effect, the IP address belonging to your ISP and yourself is recorded by the destination’s DNS server as a visitor.
What is a DNS leak?
We know that a standard VPN connection is configured to mask your default IP address with a new one, based on the virtual server’s location. The problem is, despite having routed your traffic via a different server, Windows operating systems (and occasionally Mac and Linux) have a tendency to continue contacting websites using your original DNS server and IP address. Unquestionably, this poses a serious risk to your online security, anonymity and, of course, voids much of the usefulness behind your VPN.
Luckily there are effective solutions for fixing DNS leaks, including VPN services that have already addressed the issue and implemented additional protection against the risk. We’re also taking into account that not everyone with a running VPN subscription will be keen on changing their service for a new one, therefore we’ve also covered alternate ways to protect your VPN connection from leaks, without the need to change your provider.
Testing for DNS leaks
One of the best resources for testing your device for DNS leaks is dnsleaktest.com. Simply go to the website and run either the ‘Simple’ or ‘Extended’ test (for our example, we chose ‘Extended’). The test will complete itself within a few seconds, and if the results display the IP and location of your VPN, as our own result shows below, your computer and VPN are functioning properly.
How to prevent DNS leaks
Method 1 – Using VPN services with built-in protection:
By far the quickest and easiest way to prevent DNS leak is by using a VPN client with built-in DNS protection. Not many providers offer this, however services like Private Internet Access, VPNArea, PureVPN and TorGuard have long featured this function in their app preferences:
VPNs with DNS leak protection
|Private Internet Access||Read Review
Method 2 – Third party program
The second option is to use supplementary 3rd party programs like VPNCheck Pro to access and optimise security on your existing VPN. VPNCheck Pro by Guavi works similarly to OpenVPN software, acting as a gateway to your service, letting you log in with your own VPN and adjust additional privacy options. Among them is the automatic DNS leak fix:
Method 3 – Manual DNS enforcement
If you’re happy with your current VPN, another good option is to manually assign a different DNS server directly into your computer’s Networking settings. The process is relatively simple and involves replacing the default DNS provider (i.e. your ISP) with a free, public alternative, such as OpenDNS, Comodo or Google Public DNS. Here is a step-by-step guide on how to do this using OpenDNS servers on Windows 7 OS:
Update: Please note that OpenDNS, Google Public DNS and Comodo all retain request data logs. Therefore, from publicly available options that do not keep logs, we recommend to use OpenNIC DNS servers instead.
- Go to Control Panel > Network and Internet > Network Connections
- Right click > Properties on your active internet connection
- Highlight ‘Internet Protocol Version 4’ > click Properties
4. Click ‘Use the following DNS server addresses:‘ > type the DNS server addresses recommended by OpenNIC for your locale. In our instance they were 188.8.131.52 and 184.108.40.206 in the Preferred DNS server and Alternate DNS server fields > OK > Close
5. Open Command Prompt > type ipconfig /flushdns > hit Enter
6. Open your web browser settings and delete cache
7. Run test on dnsleaktest.com (if the result displays a new IP with “OpenDNS” as the ISP, you’ve successfully enforced a manual DNS server on your computer).
Note: manual DNS servers can also be assigned to your router settings, should you need to secure your entire network rather than individual devices.
VPN services have helped millions of people obtain much-needed privacy on the internet, yet certain vulnerabilities like DNS leaks must still be checked and taken care of. This is why we recommend the above-mentioned precautions to anyone who takes their anonymity seriously and wishes to keep their true online location confidential.
If you’ve yet to acquire a VPN account, we recommend to choose one of the services listed above, as each of them feature DNS leak protection within their own custom clients. However, if you already possess a VPN and are reluctant to part with your current provider, make sure to try out the manual DNS server configuration (along with your VPN), which could not only improve your browsing speed, but also give you a significant advantage in maintaining privacy.