Virtual Private Networks serve the chief purpose of encrypting a user’s inbound and outbound traffic when they surf the web. Quite often, they are the last line of defense against spying government institutions and snoopy Internet Service Providers (ISPs).
Far from being mere IP address-concealers, though, VPNs are crucial security tools with a number of applications that are particularly useful when it comes to improving internet security for individual users as well as businesses.
Reasons for using a VPN may vary, but for the most part, people tend to use them to circumvent their ISP’s servers, keep their IP address hidden or unblock geographically-locked content. Since VPNs tend to have a variety of servers in different parts of the world, they excel at these specific functions while also working to protect your private data.
But unfortunately, even the most reliable VPN services succumb to network interruptions every now and then. When it happens randomly and quietly, it is all too easy to miss, and this is when DNS leaks occur.
What Is a DNS Leak?
DNS, or Domain Name System, is often referred to as “the phonebook for the internet.” That’s because its main function is to translate domain names into their respective numerical IP address, the same way we use phonebooks to find people’s phone numbers using their names.
When you visit a website using your browser, your computer takes the domain name you provide and uses DNS to match it to its corresponding IP address. Without DNS, it would be impossible to visit any of these websites without providing their IP addresses, which is usually in numerical formats.
Using a VPN ensures that your DNS requests pass through an encrypted tunnel instead of going to your ISP’s server. However, there are several instances when DNS requests erroneously end up in ISP servers anyway, even when a VPN connection is active. This is what is known as a DNS leak.
It is very hard for VPN providers to prevent against DNS leaks because they are often caused by variables beyond their control. The best they can do is to provide DNS leak protection, which is a failsafe that activates when a network interruption is detected and blocks data transfers until the problem is resolved.
There’s much more you can do to prevent your DNS queries from leaking to your ISP, especially since no VPN service is immune to this particular vulnerability.
How to Detect a DNS Leak
The most effective way to find leaks in your system is by using the website dnsleaktest.com. Here, you can run quick and extensive tests to see whether your DNS requests have been going out of the path designated by your VPN service. The quick test is speedy but effective, and the extended test has more hop points to test when performing route checks.
The website also offers IP address checking so you can easily see your computer’s current location. Ideally, when using a VPN, this address should read the same as the VPN provider’s server location before and after performing the tests.
How to Stop DNS Leaks
- Re-Install Your Software
If you’re running VPN software, try uninstalling and re-installing it as a first measure. DNS leaks affect all VPNs equally across the board, and resetting the client software might solve the issue. If not, continue to the next step.
- Manually Switch to Specific DNS Servers
ISPs usually provide DNS servers for their customers, and unless you manually input different ones, these are the ones you’re still using by default. Changing the DNS servers provided by your ISP should be the critical next step to preventing any further DNS leaks.
There is a selection of both the public and private DNS servers you can choose from, such as Open DNS, Comodo Secure DNS or Google Public DNS. Changing DNS servers effectively locks out your ISP from viewing your web activities.
- Avoid Using Gateway Modems
ISPs often provide gateway modems, which are a cross between routers and modems, to help users circumvent the need to buy a proper router to have Wi-Fi.
The problems with these is that they are permanently configured to control not just your DNS queries, but also your DHCP requests. This makes it impossible, or very difficult, to route the network through VPN servers.
The only way around this is to get a standalone router, and not one with both network routing and Wi-Fi capabilities because the other alternative—turning off the network-routing function of gateway modems—is difficult and often impossible since their firmware is restricted.
- Use VPN-Monitoring Tools
VPN monitoring tools aren’t free, but they are worthy investments if you’re serious about your online privacy. These monitor your VPN connection at all times and often come with a list of solutions for almost every VPN data leak scenario.
- Disable Teredo Leak Fault in Windows
The Windows Teredo leak fault is becoming an even bigger cause for concern as IPv6 connectivity evolves into the main protocol used on the web.
The Teredo tool is exclusively in Windows systems, and it serves the main purpose of facilitating communication between IPv6 and the older IPv4 protocols. This tool is known to cause DNS leaks. With IPv6 becoming more common on the web, Windows is finding more reasons to use it, and this increases the chances of leaks occurring. To be safe, the Teredo tool should be disabled to avoid DNS leaks.
- Use VPNs with DNS Leak Protection
VPN providers understand that DNS leaks can lead to some grave situations, which is why most of the top names have taken steps to ensure that none of your data leaks to your ISP, even when network interruptions occur.
DNS leak protection, as we touched on earlier, usually prevents data from leaking by cutting off all data transfers when an interruption is detected. It acts as a kill switch that immediately stops all traffic until the VPN client software is manually rebooted.
As we conclude, it is important to remember that VPN services primarily sell online anonymity, but it is ultimately your duty to ensure that your data is truly safe from unwanted access.
Adopting a mix of the aforementioned methods, such as using a VPN with DNS leak protection and a VPN monitoring tool simultaneously, greatly reduces the risk of facing DNS leaks.
It is important to stay vigilant when it comes to protecting your online identity, especially because it only takes a few seconds of vulnerability to destroy or compromise a lifetime of information.
Sophie is a marketing specialist at Security Gladiators. A writer by day and a reader by night, she is specialized in tech and cybersecurity. When she is not behind the screen, Sophie can be found playing with her dog.