Business Magazine

DNS Leak: Causes, Detection and Solution

Posted on the 26 March 2020 by Gaurav Kumar @vhowtodo

DNS leaks are a VPN user's worst nightmare. Why? Because your IP address won't be hidden at all, making a VPN completely pointless.

Don't worry, though.

Other people are reading: How to Use the Comparium Tool: Internet Explorer for Mac and Windows

Here's all you need to know about what causes DNS leaks, and how to fix and detect them.

In a hurry?

Here's how to check for a DNS leak real fast right now.

Just be sure to come back to read this article if you find out your VPN has DNS leaks.

DNS Leaks - Quick Definition

A DNS leak is when your DNS queries leak outside the VPN tunnel.

That happens because they get routed through your ISP's DNS server instead of your VPN provider's DNS server.

If you're not sure what "DNS queries" are, they're basically the connection requests you send to websites.

So that pretty much means your ISP can see what you browse online,even if you're using a VPN.

What Causes a DNS Leak and Solutions:

DNS Leak: Causes, Detection and Solution


With that out of the way, here are the main reasons your VPN might experience DNS leaks:

1. Poorly Configured Networks

Normally, when you run a VPN connection, you should use the VPN's DNS server.

However, to use a VPN, you first need to connect to the Internet via a network that will assign a DNS server to you.

Sometimes, the DHCP settings that handle that can go awry and keep your ISP's DNS server assigned to you instead of letting you use the VPN's server.

The Solution

First of all, check your VPN client's settings.

There's a chance there is an option there to force the VPN to only use the provider's DNS server.

If your VPN doesn't offer that feature, you can change the DNS settings manually.

Either ask your provider for their DNS server addressees, or use independent DNS options like:

  • Google Public DNS - 8.8.8.8 and 8.8.4.4

  • OpenDNS - 208.67.222.222 and 208.67.220.220

2. Transparent DNS Proxies

Some ISPs don't like that users change their DNS settings, so they use a transparent DNS proxy to force them to use their own DNS server.
Basically, a transparent DNS proxy is a server that intercepts your connection requests, and redirects them to your ISP's DNS server.

The Solution

Once again, check your VPN client to see if there is an option to force the use of your VPN's DNS servers.

If there isn't, or if you already turned on that option and it doesn't work, there's something else you can do.

Use the OpenVPN open-source app to connect to the VPN provider's servers.

That way, you'll get access to their .conf or .ovpn files. Open them with a text editor, and copy-paste the following command:

3. SMHNR on Windows 8 and 10

SMHNR stands for Smart Multi-Homed Name Resolution.

It's a Windows feature in Windows 8 and 10 that is supposed to speed up web browsing.

It does that by sending out DNS requests to all available DNS servers, making your computer accept a response from the fastest DNS server.

That means there's a good chance your VPN provider's DNS server will be bypassed if it's too slow to respond, causing a DNS leak.

The Solution

Obviously, you need to get rid of that feature.

It's easier said than done since SMHNR is built into the operating system.

Luckily, there is a step-by-step guide that makes the whole process a less bit tedious.

Alternatively, if you use the OpenVPN app, you can use this patch to solve the problem.

4. Teredo

This is another Windows feature.

Its purpose was to allow IPv4 and IPv6 address schemes to work alongside each other without any problems.

Unfortunately, Teredo is also a tunneling protocol,so it can sometimes take precedence over the VPN tunnel, causing DNS leaks.

The Solution

Unlike SMHNR, Teredo is easier to disable.

Just follow the steps in this guide.

You might encounter some problems when you connect to certain websites once you do this, though.

Still, it's a decent trade-off since you get to keep your privacy intact once more.

5. IPv6 Leaks

IPv6 is the successor to IPv4. It's basically a new type of IP address that has a more complex format.

Unfortunately, not a lot of VPN providers support IPv6. If yours doesn't, and also doesn't take any precautions (like blocking IPv6 traffic), you'll deal with DNS leaks.

Simply put, all your DNS queries that go through IPv6 will just leak outside the VPN tunnel.

The Solution

The first thing you can try is disabling IPv6. It's not very hard to do. In fact, here are some helpful guides for different platforms:
If that sounds like too much hassle, just use a VPN that blocks IPv6 like NordVPN, ExpressVPN, or Ivacy.

Though, keep in mind that disabling IPv6 means you'll no longer be able to browse websites that exclusively use IPv6.

If you don't want to disable IPv6, you need to use a VPN that supports it. Perfect Privacy and HIDE me do that through dual stack configuration.

How Do You Know Your VPN Has DNS Leaks?

There are no signs that make it obvious you're dealing with them.

But, luckily, there are online tools that let you quickly test your VPN connection for leaks.

Here's how to check for a DNS leak with ProPrivacy's tool:

  • Open the tool in an Icognito or Private browser tab.

  • Hit "Continue."

  • Disconnect from your VPN, and then hit "Continue."

  • Pick your country from the drop-down menu, and click "Continue."

  • Connect to a VPN server in a different country. Now, click "I've connected to a VPN."

  • Wait about 20-30 seconds, and you'll get your results.

DNS Leak: Causes, Detection and Solution


The tool will tell you if you're dealing with any DNS leaks. Also, it will check for IPv4, IPv6, and Web RTC leaks too.

If you detect any problems, ProPrivacy has a link to a useful guide on the tool's web page.

The Bottom Line

DNS leaks defeat the purpose of using a VPN.

Luckily, you can easily detect them, and there are things you can do to fix them.

Do you know of any other VPN leaks we need to be aware of?

Let us all know in the comments below and please offer prevention tips as well if possible.

If you find this article interesting, don't forget to share it with your friends and family.

Sharing is Caring!

Don't forget to like us FB and join the eAskme newsletter to stay tuned with us.


Back to Featured Articles on Logo Paperblog