In an age of massive amounts of online governmental snooping, identity theft, and hacking, protecting your wireless network is not just a luxury; it’s a necessity, and a VPN is a surefire way to keep all of your sensitive online information out of the wrong hands.
But even if you’ve gotten your VPN subscription all set up, it’s important to maintain vigilance. VPN services can let you down in a number of ways if you’re not careful, and there are some bigger issues that VPN users need to be aware of.
What is a DNS Leak?
It’s called a DNS leak, and it can most definitely happen to you.
DNS, or the Dynamic Name System, translates domain names into IP addresses, represented by a series of numbers. For example, one of Yahoo’s IP addresses is 220.127.116.11, and when you type in “www.yahoo.com” to your address bar and arrive at Yahoo, that’s because your ISP (Internet Service Provider), with the help of their DNS servers, have translated that domain name from that numerical IP address.
Ideally, when you’re using a VPN, it’s your VPN’s DNS servers translating these IP addresses into domain names, rather than your original ISP. But sometimes, Windows defaults to its original settings and translates those IP addresses through your ISP’s DNS servers, rather than your VPN.
That, my friends, is called a DNS leak, and if the government can snoop on your ISP’s servers, then they can now see what you’re doing online. And if it can happen to Google (as the picture up top references), it can happen to you. This is why it is important to learn how to prevent a DNS leak.
How Can I Detect or Prevent a DNS Leak?
Detecting a DNS leak is the simple part. For that, we recommend going to dnsleaktest.com.
If your results show either your actual location or an IP address from your ISP, then you’ve got yourself a DNS leak.
Preventing a DNS leak altogether is a little trickier. It helps if you’re subscribed to a VPN with DNS leak protection, like PrivateInternetAccess. To quote PIA directly, “We use our own private DNS servers for your DNS queries while on the VPN. After connecting we set your operating system’s DNS servers to 18.104.22.168 and 22.214.171.124. When using a DNS Leak testing site you should expect to see your DNS requests originate from the IP of the VPN gateway you are connected to.
If you change your DNS servers manually or if for some other reason they are changed this does not necessarily mean your DNS is leaking. Even if you use different DNS servers the queries will still be routed through the VPN connection and will be anonymous. ”
IVPN recommends that you install the scripts from DNS Leak Test to implement DNS leak prevention. However, if the VPN connection is dropped for any reason, traffic may leak unencrypted through your default gateway.
How can you fix this on your router? You can manually enter DNS servers to ensure no DNS leak occurs in your network. In Tomato firmware, under the Basic Settings section you can enter Static DNS servers in the corresponding fields- click Save when you are done to lock in the settings. In DD-WRT firmware, (picture below), navigate to the Setup > Basic Setup tab, fill in Static DNS fields, and then click Apply Settings to lock in the changes.
Also, in most cases, if you have a VPN service that pushes DNS routes when connected through their OpenVPN servers then you should automatically be routing traffic through those VPN provider DNS servers. If your VPN service does not offer DNS servers, you can always use Google DNS or OpenDNS servers to avoid leaks to your ISP DNS servers. To access Google DNS enter : 126.96.36.199 and 188.8.131.52. For OpenDNS, enter: 184.108.40.206 and 220.127.116.11
HideMyAss actually has a number of ways to prevent a DNS leak over on their personal Wiki. Among their suggestions is blocking non-VPN traffic by using “IP Binding“, or you configure your firewall to do the same. Doing so “ensures that your real internet connection is not being used, and also that your ISPs DNS servers are not being used.”
Lastly, FlashRouters also recommends checking out VPN Check Pro, which both keeps you safe in the event that your VPN malfunctions and features a DNS leak fix. You’ll need to enable the feature on your own, but at least it’s there, and while this option costs a little, it is definitely cheaper than the alternative of allowing your credit card numbers to be exposed.