Skip to content Skip to navigation Skip to footer

What Is a DNS?

The Domain Name System (DNS) is an internet protocol that translates website addresses into code so they can be read by computers. This is crucial to helping internet users visit their favorite websites, access search engines, use social media, and watch streaming services.

The DNS translates a web address into an Internet Protocol (IP) address, which enables computers to recognize the location a user wants to access and helps devices communicate with each other. Web browsers use DNS servers to discover the IP address that users search for and enable people to get a more user-friendly experience on the internet.

Users’ DNS requests go to servers that are operated by their internet service provider (ISP), which records user data in logs. This can be a privacy concern because that data can be subpoenaed by law enforcement agencies to track user activity, or in some countries, sold to advertisers and other third parties without the user’s permission. However, users can avoid this by using a virtual private network (VPN) to keep their browsing activity encrypted, private, and secure.

What Is a DNS Leak?

A DNS leak is a security flaw that occurs when requests are sent to an ISP's DNS servers even when a VPN is being used to protect users. A VPN is designed to encrypt a user’s internet connection, which keeps their traffic in a private tunnel that hides all of their browsing activity. That means all the user’s internet searches and website visits are hidden from everyone except for their VPN provider. 

However, a DNS leak occurs when the user’s DNS requests move outside the encrypted tunnel and become visible to their ISP. As a result, all their browsing activity, including their IP address, location, and web searches, goes through the ISP in the same way it would if they were not using a VPN.

How Can a DNS Leak Happen?

There are several situations that can result in a DNS leak occurring, including:

  1. An improperly configured VPN: A DNS leak is most likely to occur when a VPN is configured improperly and assigns a DNS server belonging to the user’s ISP. VPNs require a user to connect to their ISP before they log in to the VPN, so this is likely to occur when users regularly use multiple networks.
  2. An ineffective VPN service: A VPN service that does not have its own DNS servers will result in DNS leaks occurring and will fail to provide effective protection from DNS leaks.
  3. No Internet Protocol version 6 (IPv6) support: IP addresses were originally 32-bit Internet Protocol version 4 (IPv4) addresses with four sets of three digits. But 128-bit IPv6 addresses have been created to extend the pool of IP addresses and accommodate more devices. The internet is still transitioning, and some VPNs may not support IPv6, which may push a user’s DNS request outside of the encrypted tunnel.
  4. Transparent DNS proxies: Some ISPs have started forcing customers to use their DNS servers even when they change their settings to a third-party VPN. If the ISP detects DNS setting changes, it uses a transparent proxy that forces a DNS leak by redirecting the user’s web activity to its own DNS servers.
  5. Windows smart features: Microsoft introduced a feature known as Smart Multi-Homed Name Resolution (SMHNR) in devices using operating systems from Windows 8 onwards. The feature submits DNS requests to available servers and accepts whichever DNS server responds first. This can cause a DNS leak and leave users open to spoofing attacks.
  6. Windows Teredo: Windows operating systems include a built-in feature called Teredo that aims to ease the transition from IPv4 to IPv6. It helps the two IP systems coexist more easily but creates a huge security issue for VPN users. That is because Teredo is also a tunneling protocol that can take precedence over a user’s encrypted VPN tunnel. 

Is a DNS Leak Bad?

A DNS leak can be serious because it contravenes the reasons why a user deploys a VPN service. It can result in users’ private information, such as browsing activity, IP address, and location, unknowingly being leaked to their ISP, third-party organizations, and malicious actors monitoring network activity.

Is My DNS Leaking?

Internet users can check whether their DNS is leaking by testing their VPN connection. Many VPN suppliers and vendors provide tests that show the DNS server the user is connected to and supply additional information about their browsing session.

How Does a DNS Leak Test Work?

A DNS leak test provides users with information about their VPN connection, including the active IP address and location. This can be compared against their real IP address and location for a DNS leak check. Users can also run a DNS status check, which displays whether they are using DNS servers that belong to their ISP or their VPN. The tests also provide advice on DNS leak protection as well as how to fix an issue.

Are DNS Leak Tests Safe?

Reputable VPN providers provide DNS leak tests that are safe and secure. Users should avoid DNS leak tests from untrusted providers.

How Do I Fix a DNS Leak?

A standard DNS leak can be fixed by configuring a VPN to only connect to its own DNS servers. This will force a computer to only use the VPN’s DNS servers and not connect to the user’s ISP.  

In the case of the Windows SMHNR issue, this can be more tricky because it is built into the operating system. Some VPN providers enable Windows 8 and Windows 10 VPN users to install a free plugin that resolves the issue, while other users will need to contact their VPN for support.

How Can I Prevent a DNS Leak?

Understanding what is DNS leak is the first step toward ensuring it does not happen. Because a DNS leak involves your information getting leaked outside the confines of your VPN, one way to prevent it is to properly configure your VPN server. In this way, you can still use the internet anonymously without revealing your IP address. Also, make sure your VPN has features that protect you from DNS leaks.

Set Up Your Own VPN in a Different Country

You can also reduce the probability of DNS leaks by setting up your own private VPN in a different country whose internet service providers are less likely to leak your information. While this does not guarantee that no leaks will occur, it can make them less frequent.

Use an Anonymous Web Browser

Using an anonymous web browser is another technique that can prevent DNS leaks. For example, you can use a browser like Tor, which does not require any DNS configuration on the operating system end. This gives you total anonymity while browsing.

Use a Firewall

Another DNS leak fix is to use a firewall. Firewalls can be set up to prevent data from leaving your computer, including information involved in DNS requests. This can be effective because a firewall can disable the DNS process, which prevents your information from exiting your computer.

Set-up a Nonexistent DNS

You may also configure your DNS server to one that does not really exist, such as 0.0.0.0 or 127.0.0.1. This can be done using a UNIX/Linux terminal or a graphical user interface (GUI), but you may have to figure out another way to resolve your domain names while using the internet. One method is to use a proxy. A proxy is positioned in front of your browser, and it handles requests on your behalf. It has its own IP address and uses this during the DNS process so your computer's IP address stays private.

Check Here for Free DNS Leak Test Tools

Tools designed for DNS leak checks help you know whether you are susceptible to DNS leaks. They work by checking which servers are used to resolve domain names when you enter the address of a website. After the test, you see which servers are getting access to your information. If any of the servers that appear are not the ones you expect, then you have a DNS leak.

Here are some free DNS leak tools you can use:

How Fortinet Can Help?

The Fortinet FortiTester solution enables users to test for DNS leaks. It checks the latency of a user’s network connection or DNS server. FortiTester enables organizations to future-proof and secure their infrastructure by assessing the people, processes, and technologies accessing their network.

FAQs

What is DNS?

The Domain Name System (DNS) is an internet protocol that translates website addresses into computer language. This helps internet users visit websites and enables devices and websites to talk to each other.

What is a DNS leak?

A DNS leak occurs when virtual private network (VPN) users’ browsing activity is exposed outside of their encrypted connection.

Is a DNS leak bad?

A DNS leak can be bad because it makes private browsing data available to internet service providers (ISPs), third-party organizations, and hackers.

Is my DNS leaking?

VPN vendors provide DNS leak tests that enable users to check the status of their connection, Internet Protocol (IP) address, and DNS server.

Is my DNS leak protection necessary?

DNS leak protection is necessary, particularly if you do not want your computer’s private information exposed online. If you are experiencing DNS leaks, someone could gain access to your browsing history and try to use it to orchestrate an attack.