What is a DNS Leak (and Why Should I Care?)
For VPN users, especially those who are interested in maintaining their privacy first and foremost, DNS leaks are no joke. Unfortunately, not everyone is aware of this security flaw, and this puts their privacy and data security in danger.
Before we get into how DNS leaks happen, let’s put things into context and see what a DNS actually does.
What Is a DNS Exactly?
The Domain Name System (DNS) is tasked with translating domain names into IP addresses – for example, www.google.com to 126.96.36.199. It also works the other way around. This process is called a DNS request (or query) and allows for easy communication between Internet-connected devices and websites.
Internet Service Providers (ISPs) are usually the ones that provide the DNS servers, though you can change your DNS provider at any time. The reasons to do so vary from improved connection reliability and/or security, to bypassing web censorship or as a parental control option.
What is a DNS Leak?
Using a VPN means your DNS requests should be routed through its encrypted tunnel, often to the VPN provider’s own DNS servers. A DNS leak occurs when those requests are not sent through this tunnel, allowing your ISP to see what websites and online services you’re accessing.
Why is that a problem? Well, besides forfeiting your online anonymity, you might have heard that the FTC has been investigating major ISPs for selling their customers’ browsing history and location data. Not only is that a major breach of privacy, but the advertisers they sell to will most likely use your info to serve you eerily specific targeted advertising.
It’s worth noting that your real IP address can be discovered because of a DNS leak. Your IP can offer revealing information such as:
- The name of your ISP
- The country and city you live in
- Your ZIP code
A crafty cyber criminal can easily use this information in a hacking or identity theft attempt. At the very least, someone could be eavesdropping on what you do online, even if you have a VPN. That is, unless the VPN you use has leak protection included.
DNS Leak Causes
There are several ways your DNS requests could leak – the main one being an improper, manually configured VPN setup. Using the wrong network settings could also lead to a leak. Even your own operating system (mostly Windows) could contribute to this issue through such features as the Smart Multi-homed Name Resolution (SMHNR) found in Windows 8, 8.1 and 10.
Another way you could experience a DNS leak is if your device uses both IPv4 and IPv6 (the two current standards for IP addresses), while running a VPN that does not support hiding IPv6 addresses. In fact, most providers still don’t support IPv6 and prefer to mitigate the issue by completely blocking out IPv6 connections.
The worst situation you could find yourself in is if a cyber criminal has hacked your router. Those responsible could then trick your device into sending DNS traffic outside the VPN. Obviously your VPN isn’t to blame in that situation, but it’s worth noting.
How to Check for DNS Leaks
As mentioned, if your VPN provider has properly implemented leak protection, you won’t have any issues on this front. Prevention is the name of the game here, so you should still check for leaks from time to time – even if your provider is trustworthy.
In any case, the simplest way is to use an online tool that tests your VPN for you. Use this DNS leak test from ProPrivacy and test your VPN client for DNS and other leak types, such as WebRTC and IPv6 leaks. It takes less than a minute, and they were nice enough to provide a thorough guide to patch things up as well.