What Is a DNS?
The Domain Name System (DNS) is an internet protocol that translates website addresses into code so they can be read by computers. This is crucial to helping internet users visit their favorite websites, access search engines, use social media, and watch streaming services.
The DNS translates a web address into an Internet Protocol (IP) address, which enables computers to recognize the location a user wants to access and helps devices communicate with each other. Web browsers use DNS servers to discover the IP address that users search for and enable people to get a more user-friendly experience on the internet.
Users’ DNS requests go to servers that are operated by their internet service provider (ISP), which records user data in logs. This can be a privacy concern because that data can be subpoenaed by law enforcement agencies to track user activity, or in some countries, sold to advertisers and other third parties without the user’s permission. However, users can avoid this by using a virtual private network (VPN) to keep their browsing activity encrypted, private, and secure.
What Is a DNS Leak?
A DNS leak is a security flaw that occurs when requests are sent to an ISP's DNS servers even when a VPN is being used to protect users. A VPN is designed to encrypt a user’s internet connection, which keeps their traffic in a private tunnel that hides all of their browsing activity. That means all the user’s internet searches and website visits are hidden from everyone except for their VPN provider.
However, a DNS leak occurs when the user’s DNS requests move outside the encrypted tunnel and become visible to their ISP. As a result, all their browsing activity, including their IP address, location, and web searches, goes through the ISP in the same way it would if they were not using a VPN.
How Can a DNS Leak Happen?
There are several situations that can result in a DNS leak occurring, including:
- An improperly configured VPN: A DNS leak is most likely to occur when a VPN is configured improperly and assigns a DNS server belonging to the user’s ISP. VPNs require a user to connect to their ISP before they log in to the VPN, so this is likely to occur when users regularly use multiple networks.
- An ineffective VPN service: A VPN service that does not have its own DNS servers will result in DNS leaks occurring and will fail to provide effective protection from DNS leaks.
- No Internet Protocol version 6 (IPv6) support: IP addresses were originally 32-bit Internet Protocol version 4 (IPv4) addresses with four sets of three digits. But 128-bit IPv6 addresses have been created to extend the pool of IP addresses and accommodate more devices. The internet is still transitioning, and some VPNs may not support IPv6, which may push a user’s DNS request outside of the encrypted tunnel.
- Transparent DNS proxies: Some ISPs have started forcing customers to use their DNS servers even when they change their settings to a third-party VPN. If the ISP detects DNS setting changes, it uses a transparent proxy that forces a DNS leak by redirecting the user’s web activity to its own DNS servers.
- Windows smart features: Microsoft introduced a feature known as Smart Multi-Homed Name Resolution (SMHNR) in devices using operating systems from Windows 8 onwards. The feature submits DNS requests to available servers and accepts whichever DNS server responds first. This can cause a DNS leak and leave users open to spoofing attacks.
- Windows Teredo: Windows operating systems include a built-in feature called Teredo that aims to ease the transition from IPv4 to IPv6. It helps the two IP systems coexist more easily but creates a huge security issue for VPN users. That is because Teredo is also a tunneling protocol that can take precedence over a user’s encrypted VPN tunnel.
Is a DNS Leak Bad?
A DNS leak can be serious because it contravenes the reasons why a user deploys a VPN service. It can result in users’ private information, such as browsing activity, IP address, and location, unknowingly being leaked to their ISP, third-party organizations, and malicious actors monitoring network activity.
Is My DNS Leaking?
Internet users can check whether their DNS is leaking by testing their VPN connection. Many VPN suppliers and vendors provide tests that show the DNS server the user is connected to and supply additional information about their browsing session.
How Does a DNS Leak Test Work?
A DNS leak test provides users with information about their VPN connection, including the active IP address and location. This can be compared against their real IP address and location for a DNS leak check. Users can also run a DNS status check, which displays whether they are using DNS servers that belong to their ISP or their VPN. The tests also provide advice on DNS leak protection as well as how to fix an issue.
Are DNS Leak Tests Safe?
Reputable VPN providers provide DNS leak tests that are safe and secure. Users should avoid DNS leak tests from untrusted providers.
How Do I Fix a DNS Leak?
A standard DNS leak can be fixed by configuring a VPN to only connect to its own DNS servers. This will force a computer to only use the VPN’s DNS servers and not connect to the user’s ISP.
In the case of the Windows SMHNR issue, this can be more tricky because it is built into the operating system. Some VPN providers enable Windows 8 and Windows 10 VPN users to install a free plugin that resolves the issue, while other users will need to contact their VPN for support.
How Fortinet Can Help
The Fortinet FortiTester solution enables users to test for DNS leaks. It checks the latency of a user’s network connection or DNS server. FortiTester enables organizations to future-proof and secure their infrastructure by assessing the people, processes, and technologies accessing their network.
What is a the DNS?
The Domain Name System (DNS) is an internet protocol that translates website addresses into computer language. This helps internet users visit websites and enables devices and websites to talk to each other.
What is a DNS leak?
A DNS leak occurs when virtual private network (VPN) users’ browsing activity is exposed outside of their encrypted connection.
Is a DNS leak bad?
A DNS leak can be bad because it makes private browsing data available to internet service providers (ISPs), third-party organizations, and hackers.
Is my DNS leaking?
VPN vendors provide DNS leak tests that enable users to check the status of their connection, Internet Protocol (IP) address, and DNS server.