What is a DNS leak, and how can you stop it?

Your browsing history says a lot about you, from your favourite TV shows to the shopping outlets you visit most. So it may come as no surprise to learn that this information is valuable and can be sold by your Internet Service Provider (ISP) to advertisers.

Many people are unaware of this snooping and think that their internet history is deleted when they clear it from their browser. Unfortunately, this simply isn’t true, and you’re probably already being targeted by marketing campaigns on the basis of your previous activity online.

These invasions of privacy have led many to start using paid VPNs (Virtual Private Networks), because they redirect your data away from DNS servers assigned by ISPs. Using a VPN doesn’t guarantee that you’re protected against eavesdropping though, so we’re going to explain how ISPs track you online and how you can safeguard against this practice.

IP addresses and DNS

Every time you enter a domain name into the address bar of your browser, your computer completes a series of queries using the Domain Name System (DNS) to translate the URL (Uniform Resource Locator) into an IP address. Computers rely on IP addresses to distinguish between websites and devices rather than URLs, so it’s an essential part of finding the correct website.

These DNS requests are how internet service providers are able to log which websites you visit, as they can scour the DNS servers for queries attached to your IP address. It’s also the reason for so many internet users migrating to virtual private networks.

VPN

A VPN is a service that you can use to encrypt your data between endpoints and access the internet via a collection of privately-owned servers, effectively masking your identity and online activity from third-parties.

This is called ‘tunnelling’ and affords the user plenty of benefits, from concealing your IP address to evading geo-restrictions on websites like Netflix. It also means your ISP can’t work out your location or record which websites you visit.

There are limits to VPN security, however, and one of the most common is accidental exposure during a DNS leak.

DNS leaks

A DNS leak occurs when your device accidently routes a DNS request to a server associated with an ISP rather than one on your VPN network. This can occur for two reasons. The first is due to your ISP using a technology called ‘Transparent DNS proxy’, which is designed to force your device into using an ISP’s DNS server for its queries. The second can be caused by your device switching unexpectedly to a default DNS server.

Either of these situations can put your privacy at risk and allow your true IP address to become visible, which could result in your ISP gaining access to your web history, so it’s important to make sure it doesn’t happen.

DNS leak checker

Before you can prevent a DNS leak, you need to be able to detect it. And fortunately, there are a couple of ways that you can do this.

Some VPN clients include a programme that monitors DNS requests to make sure your data is routed via your VPN network rather than your ISP, while others include a kill switch. Kill switches can be a privacy saver in the event of a DNS leak, as they sever your internet connection the moment an issue with your VPN connection is detected. This prevents your data from being transmitted without encryption.

If your VPN doesn’t come with either of these security measures, you can use tools like HMA!’s DNS leak checker. These work by determining the IP address of the server you’re using to connect to the internet. Each works differently and shows different information, but all of them should display the IP address of the DNS server you’re using to perform DNS queries.

Using this information, you can verify which server you’re using and whether it’s located on your VPN network – and if it isn’t, then you could have a DNS leak on your hands.

Preventing DNS leaks

Protecting yourself from prying ISPs is often just a matter of being proactive, and there are several avenues that you can take:

  • Select the TCPIP4 options in your network adapters’ properties or set OpenDNS – this can ensure that the DNS servers provided by your ISP will never be used, even in the event of your VPN connection failing
  • Install a good firewall
  • Block non-VPN traffic – by configuring your firewall to block all non-VPN traffic, you can make sure you never connect to the internet via a DNS server supplied by your ISP

Protecting your privacy online can be a hazardous game and is more complicated than merely deleting your browser history. Luckily, there are a number of technologies that you can use to protect your personal information from being mined by money-hungry ISPs.

Using a good VPN client is perhaps the most straightforward of these strategies and is your first defence against your DNS queries being recorded. What’s more, if you pair these networks with tools like IP and DNS leak checkers you can make them even more impenetrable.

2 thoughts on “What is a DNS leak, and how can you stop it?”

  1. I’ve chosen NordVPN and using it for just about everything. It perfectly fits my needs, is secure, unblocks international content no matter my location, so I am happy about my choice. What is also great, I am not afraid to use public wifi anymore.

    Reply

Leave a Comment