What is DNS Leak and How to Prevent It?

BrowserScanBrowserScan
4 min read

What is DNS

DNS, standing for "Domain Name System," is a distributed database that provides a translation service between hostnames and IP addresses.

On the Internet, every computer has a unique IP address, just like every person has a unique identification number. However, IP addresses are composed of a series of numbers, such as 192.168.1.1, which are not easy for humans to remember. Therefore, there needs to be a method to translate these numbers into more memorable names, which is the primary function of DNS.

For instance, when you type www.google.com into your browser, your computer first sends a request to the DNS server, asking what the IP address corresponding to this website is. The DNS server would respond that the IP address for www.google.com is 64.233.170.113. Then, your computer sends a request to this IP address to retrieve the webpage content.

In summary, a DNS server acts like a phone book for the Internet, helping us find the "phone number" (i.e., IP address) for each website.

Compared to 64.233.170.113, we find it easier to remember "www.google.com"

How does DNS work when changing IP?

When you use a VPN or proxy server, theoretically, all your Internet traffic, including DNS requests (i.e., the names of the websites you visit), are sent through the VPN or proxy server. This typically involves four steps:

  1. Your computer tells the VPN or proxy server that you want to visit google.com.

  2. The VPN or proxy server sends a request to its own DNS server: Give me an IP address for a Google server.

  3. The DNS server returns the IP address for a Google server.

  4. The VPN or proxy server visits Google based on the returned IP address.

Suppose a user in Singapore uses a VPN or proxy server (with a U.S. IP address) to visit BrowserScan. If their VPN or software is configured correctly, the detected result should be: the DNS server's IP address should also be located in the U.S., consistent with the IP region of the VPN or proxy server. If the DNS server is not located in the U.S., for example, in Canada or other regions, there's no need to worry. At least their location (Singapore) has not been leaked.

What is "DNS Leak"?

Even though your Internet traffic is transmitted through a VPN or proxy server, your device may continue to use your ISP's (Internet Service Provider) DNS servers, rather than your VPN or proxy service's DNS servers.

As a result, your IP address and DNS requests (i.e., the names of the websites you visit) may be visible to your ISP. This is what is known as a "DNS leak".

As shown in the figure below, a user in Singapore is using an U.S. proxy IP to visit Google. However, due to incorrect VPN or software configuration, his device requests Google's IP address from a DNS server in Singapore. At this point, the user's ISP knows that he is accessing Google.

When he uses BrowserScan to check if DNS is leaking, the following situation will occur: The region of the DNS server's IP address matches the region of the user's real IP address (both are in Singapore), indicating that this Singapore user has experienced a DNS leak!

Risks of DNS Leaks

If a DNS leak occurs, your DNS requests would be sent to your ISP's DNS servers instead of your VPN's DNS servers. This means your ISP could know your IP address, exposing your actual geolocation.

Secondly, your personal privacy is also leaked. Your ISP might record the websites you visit and could use this information for targeted advertising or sell it to third parties.

Furthermore, some malware or cyber attacks could alter your DNS settings, causing your DNS requests to be sent to an insecure DNS server. Insecure DNS servers could redirect your requests to malicious websites, a tactic known as DNS hijacking. For instance, you might try to access a bank's website but instead get redirected to a counterfeit bank website. This fake website may look identical to your bank's website, but it is actually set up by cyber criminals attempting to steal your username and password.

How to Prevent DNS Leaks

Use Reliable VPN/Proxy Services

Some VPN/proxy service providers offer features to prevent DNS leaks. These VPNs/proxies ensure that all your DNS requests go through their servers, not your ISP's servers. When choosing a VPN/proxy service, you should check if they offer DNS leak protection.

Use Secure Public DNS Servers

You can manually set the DNS server in your device's network settings to use a secure DNS server, such as Google's public DNS (8.8.8.8 and 8.8.4.4, setup guide) or Cloudflare's DNS (1.1.1.1, setup guide). This way, even if your VPN connection is interrupted, your DNS requests won't be sent to your ISP's servers.

Use DNS Leak Detection Tools

Before you access a website using a VPN or proxy server, you can use DNS leak detection tools to check for DNS leaks: https://www.browserscan.net/dns-leak

0
Subscribe to my newsletter

Read articles from BrowserScan directly inside your inbox. Subscribe to the newsletter, and don't miss out.

dns#domainnamesystem

Written by

BrowserScan
BrowserScan

Am I 100% anonymous? Check your browser fingerprints and IP address to find how your online identity looks👉www.browserscan.net