359 views

Main reasons for DNS leaks and how to fix them

DNS, or the Domain Name System, is essential for translating memorable domain names into IP addresses, which are used to load web pages. This translation makes it easier for users to navigate the Internet without having to remember the numeric IP addresses of websites.

DNS enhances user experience by simplifying access to web resources, allowing users to interact with the internet through familiar domain names instead of complex network addresses.

However, DNS leaks can compromise user privacy. These leaks occur when DNS requests are sent outside of a secure connection, potentially allowing Internet Service Providers (ISPs) and third parties to track a user's online activities. This risk is heightened when using services meant to anonymize user activity, as DNS leaks can expose real user information, including browser history. To maintain anonymity online, it is crucial to implement safeguards against DNS leaks.

Causes of DNS leaks

Indirect signs of a DNS leak can include slow internet speeds, unexpected pop-up ads, and accessing websites that should be blocked by a VPN. Let’s delve deeper into the main causes of DNS leaks:

  • Incorrectly configured anonymizers: if a VPN or proxy isn't set up correctly to handle all DNS traffic, requests may bypass the encrypted tunnel and go through the user's ISP instead.
  • IPv4 and IPv6 configuration mismatch: DNS leaks can occur if the DNS servers for IPv6 are not aligned with those set for IPv4. Moreover, some VPN services do not support IPv6 DNS queries, leading to requests being sent directly through the ISP.
  • Data loading before anonymizers activate: sometimes, applications might start communicating with servers before the VPN or proxy is fully activated, resulting in DNS leaks.
  • Flash/JavaScript/WebRTC leaks: these technologies can expose the real IP address, even when using a VPN or proxy, and can cause DNS requests to bypass the secure tunnel.

To mitigate these issues, it’s crucial to use tools specifically designed to detect DNS leaks and ensure that your connection remains secure.

How to check for DNS leaks on your device

There are several types of tools that can be used to check for DNS leaks. These include traffic monitoring programs, WebRTC leak tests, and other technologies that can reveal real user data, as well as online checkers. Let's explore these methods in more detail:

  • Online testing tools: utilizing online tools allows you to analyze which DNS servers your requests go through. Websites such as DNSLeakTest.com, Proxy-Sale.com, or BrowserLeaks.com provide simple tools to determine whether your device is using a secure DNS server or one from a regular provider.
  • WebRTC leak checks: this involves checking whether WebRTC technology is revealing real user data, even when using a VPN or proxy. Online WebRTC leak checkers can be used to test this vulnerability.
  • Network traffic monitoring: using programs like Wireshark allows you to record all incoming and outgoing traffic from your device. This enables you to see to which DNS servers your requests are being sent.

Checking for DNS leaks using online checkers is the fastest and easiest method. You can perform this check using our website:

  1. Navigate to the “DNS Check” tool page on our website.

    5en.png

  2. Upon visiting this page, the status of your IP address will be automatically displayed. If there is a leak, you will receive a corresponding notification.

    6en.png

It is also recommended to use the WebRTC check since the activity of this technology can contribute to DNS leaks. This tool operates on the same principle as the DNS checker and immediately displays the result. If a leak is detected, it is advised to disable the use of WebRTC. You can find step-by-step instructions on how to do this in this article.

How to protect yourself from DNS leaks

There are several effective methods to protect against DNS leaks, including the use of private proxy servers, setting up reliable DNS servers, and activating the DNS over HTTPS option. Below, we will explore how to implement each of these methods.

Configuring a proxy server

Using anonymization tools such as a proxy allows for the encryption of traffic, including DNS, and routes it through a secure tunnel. There are various ways to configure a proxy server:

  • Utilize the PC system settings;
  • Install a browser extension;
  • Use the built-in proxy settings in the browser;
  • Install a “Proxifier” – a program that allows for detailed proxy server settings for the entire system or individual applications.

The most versatile method involves using the “Proxifier” program. By clicking on this link, you can access detailed instructions on how to set it up.

Manual DNS configuration

Manually setting up a specific public DNS server in your system can enhance privacy by avoiding the use of ISP servers for DNS requests. Here’s how to set this up using Windows 11:

  1. Click the “Start” button located in the lower-left corner of the desktop and select “Settings”.

    12en.png

  2. Navigate to the “Network & Internet” section, then click on “Ethernet”.

    13en.png

  3. Find the “DNS server assignment” section and click the “Edit” button. From the drop-down menu, select “Manual”.

    14en.png

    15en.png

  4. Turn on the “IPv4” switch and input the new DNS addresses in the provided fields. For example, you might use Google's public DNS. Optionally, enable the “DNS over HTTPS” feature for an added layer of security, which routes DNS requests through a secure HTTPS connection. Once all the information is entered, click “Save”.

    16en.png

This process completes the DNS setup. If you wish to revert to using your ISP’s DNS settings, simply switch the DNS settings back to automatic.

Using DNS over HTTPS technology through a browser

You can simplify the process of manually setting up DNS by utilizing DNS over HTTPS (DoH) technology in any popular browser. This protocol encrypts DNS requests via HTTPS, enhancing both security and privacy. Here’s how to activate it in the Opera GX browser:

  1. Open the browser and navigate to the settings. Then, go to the “Privacy & Security” section.

    8en.png

  2. Scroll to the “DNS over HTTPS” section. Here, you can choose one of the suggested DNS providers or enter a custom DNS server.

    9en.png

  3. After selecting your preferred DNS server, restart the browser to apply the changes. All DNS requests will now use the specified DNS server instead of the default one provided by your ISP.

For best results, ensure you select only reliable DNS servers from reputable providers.

Top secure DNS services

There is a wide variety of DNS services available on the market today, each offering its own set of features and benefits. Popular options include Google Public DNS, Cloudflare, OpenDNS, and 1.1.1.1. Besides providing the basic functionality of DNS resolution, many of these services also offer additional security features.

Cloudflare

18.png

The service offers its own DNS servers along with access to the DNS-over-HTTPS (DoH) option. This enhances privacy by making it more difficult for providers to access user requests and prevents the collection of user data statistics. Below are the DNS servers of various formats:

IPv4:

  • 1.1.1.1
  • 1.0.0.1

IPv6:

  • 2606:4700:4700::1111
  • 2606:4700:4700::1001

1.1.1.1

10.png

The 1.1.1.1 app from Cloudflare is designed to enhance both the speed and security of your internet connection by utilizing the 1.1.1.1 DNS server. It incorporates technologies such as DNS over HTTPS (DoH) and DNS over TLS (DoT) to encrypt DNS requests, significantly increasing privacy and protecting users from monitoring and censorship.

The application is compatible with iOS, Android, MacOS, Windows, and Linux platforms. Importantly, 1.1.1.1 is available free of charge. It operates in two modes: 1.1.1.1 and 1.1.1.1 with Warp, with key differences in protection level and connection speed:

  • 1.1.1.1: this mode provides access to the Cloudflare DNS server, enhancing internet speed and privacy. It encrypts DNS requests to increase user privacy and protection against interception.
  • 1.1.1.1 with Warp: in addition to the standard features of 1.1.1.1, this mode includes the Warp feature – a VPN service that encrypts not just DNS but all outgoing traffic from the device. Warp also optimizes the internet connection using Cloudflare's technology, which can help reduce latency and packet loss.

To activate the app, simply choose an operating mode and toggle the slider in the main menu.

11.png

Google Public DNS

17.png

This service provides public DNS addresses from Google that users can manually configure on their devices. There are two types of addresses available:

IPv4:

  • 8.8.8.8
  • 8.8.4.4

IPv6:

  • 2001:4860:4860::8888
  • 2001:4860:4860::8844

These IPv6 addresses are for networks operating on IPv6, the latest Internet protocol. IPv6 offers significantly more addresses and enhanced security features compared to previous protocols.

OpenDNS

19.png

It operates similarly to Google Public DNS but includes additional features such as the ability to verify DNS activation post-setup via the official website. If you register on the site, you gain access to enhanced functionalities:

  • Content filtering: you can set up filters by selecting categories of websites that should be blocked.
  • Additional protection: offers settings to guard against phishing and fraud.

OpenDNS also provides various tools for deeper control and analysis of Internet traffic.

22.png

OpenDNS Servers:

  • Primary DNS server: 208.67.222.222;
  • Additional DNS server: 208.67.220.220.

Given the crucial role of DNS in Internet communications, it is advisable to carefully select and configure DNS servers. Google Public DNS and Cloudflare require manual configuration, whereas the 1.1.1.1 app provides a user-friendly interface with selectable connection modes. OpenDNS is ideal for users needing advanced tools to monitor and control Internet traffic. Utilizing these services helps prevent DNS leaks and enhances security, complementing other anonymization methods such as proxies.