Got a DNS leak?
For those interested in maintaining their privacy while on the Internet it is extremely important to ensure you do not have a DNS leak.
DNS leak? Great! What is that?
DNS is the acronym used for the domain name system. The domain name system is used by all computers on the Internet to take a URL like SavingFreak.com and translate it into an Internet Protocol address (IP address).
The IP address is simply a bunch of numbers that is used to identify computers and other devices that are attached to a network and or are on the Internet.
This allows all the entities on the Internet to find each other and communicate with each other. So a URL like savingfreak.com translates into 18.104.22.168.
If you want to convert any URL in to its IP address drop it into the search box on this page and hit the find IP button
So when you give your browser an address it will typically reach out to the DNS server maintained or assigned by the local Internet service provider (ISP) to get the IP address.
Most ISPs assign customers a DNS server which they control and use for logging and recording your Internet activities. It is not uncommon for an ISP to be required by law to maintain some logs of their customer’s activities. Search your local laws to see if this is true for the area or country where you live.
Many people interested in maintaining some level of privacy do not appreciate the local ISP controlling, seeing, and or logging every website they visit. Some people also find the DNS service provided to be slow or problematic.
So they simply direct their computer to use another DNS server of their choice. Another common way to avoid spying all together is to use a personal VPN connection service that encrypts the Internet traffic leaving your computer.
Does changing your DNS server or using a VPN prevent your local ISP from logging your DNS activity?
Not Always. You could have a DNS leak and a DNS leak is a major privacy threat. Simply changing your DNS server does not always “change” your DNS server.
Some ISPs are using a technology called Transparent DNS proxy. They intercept all DNS look-up request and proxy the results forcing their customers to use their DNS service whether they want to or not.
So no matter what DNS service you think you are using all your request are getting hijacked, redirected, and logged by your local ISP. Even when using a VPN it can happen that your system for some reason reverts back to your ISPs DNS servers.
This is easily tested. After making changes to your DNS settings or connecting to a VPN do a DNS leak test by clicking here.
How to prevent DNS leaks?
Here are a few things you can do to help prevent DNS leaks:
Change your DNS service: There are many DNS services that are likely faster and more reliable than the one provided by your local ISP.
So change your settings so that your internet providers DNS servers will never be used (unless they are hijacking your requests) even when the VPN is not connected. You can change the setting on your router and or your computer.
Within the properties of your network adapter, in the Internet Protocol Version (TCP/IPv4) options, change the “obtain DNS server address automatically” to “use the following DNS server addresses” and enter the IP address for whatever DNS service you prefer.
Try looking in the control Panel then Network and Internet then Network Connections. You may have to google directions for your particular operating sytem.
Here are some of the available free public DNS servers. If you have a VPN service you can also check and see if they have a DNS server. Some like Torguard VPN provide a no log DNS server to their customers.
- Level3 – primary: 22.214.171.124, secondary: 126.96.36.199 Level3 will automatically route to the nearest DNS server operated by Level3 Communications. This is the company that provides most of the ISPs in the US their access to the Internet backbone.
- Censurfridns.dk – primary: 188.8.131.52, secondary: 184.108.40.206 Servers are uncensored, operated by a privately funded individual, and are physically located in Denmark. IPv6 DNS servers are also available at 2002:d596:2a92:1:71:53:: and 2002:5968:c28e::53.
- Comodo Secure DNS – primary: 220.127.116.11, secondary: 18.104.22.168 Comodo will automatically route to the nearest DNS server.
- DNS.WATCH – primary: 22.214.171.124, secondary: 126.96.36.199 DNS.WATCH also has IPv6 DNS servers at 2001:1608:10:25::1c04:b12f and 2001:1608:10:25::9249:d69b. Both servers are located in Germany.
- Google DNS – primary: 188.8.131.52, secondary: 184.108.40.206 Google will automatically route to the nearest DNS server and also offers IPv6 public DNS servers: 2001:4860:4860::8888 and 2001:4860:4860::8844.
- OpenDNS – primary: 220.127.116.11, secondary: 18.104.22.168 OpenDNS also offers DNS servers that block adult content, called OpenDNS FamilyShield. Those DNS servers are 22.214.171.124 and 126.96.36.199
- Opennic – provides many DNS servers in the US and around the world. See their list of public DNS servers and choose the one closest to your location for better service. Click here for their list.
Disable Teredo: On Windows, open command prompt (run cmd.exe) and there run “netsh interface teredo set state disabled”.
Insure you have a firewall installed and on. There are many good firewalls available and some are free.
Us VPN client software: Many VPN clients will ensure all traffic goes through the VPN, but if you are still seeing leaks configure your firewall to also block all non VPN traffic. Install a good firewall: Comodo Firewall for example is free and reliable.
If you are looking for a VPN provider that includes DNS leak protection check out our review of Private Internet Access (has DNS leak protection in the settings), our review of Torguard VPN (client automatically stops DNS leaks), or you can read more VPN reviews.