How To Fix A DNS Leak When Connected To Your VPN

what-is-a-dns-leak

Using a VPN service these days is increasing in popularity due to people wishing to maintain their anonymity as well as providing a further level of security. This can be especially useful for users who regularly use free public Wi-Fi or for those who wish to access geo-restricted sites like Hulu from outside the US or the BBC iPlayer from outside the UK and governments that either spy on their citizens or attempt to censor what people may do online. Another increasing use of VPN’s over the past few years has been by people who regularly use P2P  in order to access files from other users around the world.

When connecting to the internet normally (no VPN), it is very easy for your ISP or other entities to track everything that you do online, as most ISP’s provide their own DNS servers which allow them to log and track your online activity. The same goes for people who use P2P in order to download films, music or other files (legally or not) as their IP address and the files they were downloading/sharing can be easily harvested. However, even when connected via a VPN you may still be leaking information that could allow people to still track your online activities. However, even when you are connected to an anonymous proxy or VPN service, your computer may still be using your computers default DNS servers issued via your ISP instead of the ones via the VPN/proxy service. This is known as a DNS leak and is a security risk which you should fix.

There are a few way to fix a DNS leak, but for this article I will be showing you how I fixed mine, and will only take a couple of minutes to complete and check.

Firstly, if you want to check to see if you have a DNS leak, then first connect to your VPN of choice and then head over to this page and simply hit the Check for DNS leaks now! button. You will see that the page will show the country that it thinks you are from as well as the IP. If you have a DNS leak then it will show at the bottom of the test results.

Connected to VPN

Here are my test results when I am connected to my VPN:

Showing DNS Leak

Now the VPN service that I use is CactusVPN and the server that I connect to by default is located outside of the UK. However, even though I am connected to the VPN service I am still being exposed due to a DNS leak on my end. You can see this at the bottom of the image above that it shows I am in the UK, my ISP as well as my external IP address. The main thing that I really like about CactusVPN is that should the connection to the VPN service be broken, then it has an inbuilt feature (that takes seconds to configure) that will also immediately terminate your P2P client should you want it to.

Note: You will see that the site knows that I am (my VPN server that I am connected to) is located in The Netherlands, but when running the check it show as Germany. This is due to my DNS servers  belonging to Google (see more below when applying the fix) and when my computer sends its DNS lookup query the closest DNS servers are probably located in Germany, hence it shows as Germany and not The Netherlands. Thank you Jeremy for the explanation.

Now here is another test after fixing the leak when still connected to my VPN. Note that it no longer shows my true location.

No DNS Leak

So, how to fix this. Well to put it simply you just need to change your IP address to a static one (disabling DHCP so when your router reboots your address will remain the same) as well as changing your preferred DNS servers to that of Googles or OpenDNS. I am running Windows 7 so I will show you how to accomplish this using that OS. For other Windows OS’s the procedure is very similar.

First head on over you your Network and Sharing Center which is located on your Control Panel. Alternatively just hit Start and type Network and Sharing. Once there select Local Area Connection.

How to get to network and sharing in windows 7

Once you have selected the Local Area Connection you will see the first of three windows. I have grouped them together to simplify how to get to the main properties window where you are able to change your DNS server settings and set a static IP address. Properties>Internet Protocol Version 4 (TCP/IPv4)>Properties. I would also uncheck the Internet Protocol Version 4 (TCP/IPv6) box.

LAN Properties Change Windows 7

If you have never touched these settings then by default you will have an IP address automatically set for you by your router via DHCP (Dynamic Host Configuration Protocol) and the DNS servers that you will be using are those belonging to your ISP (Internet Service Provider). These are what we are going to change. Here is an example of how it should look when you are finished. Note that the choice of DNS servers that you use are completely up to you, although I prefer to use the Google ones. If you are unsure as to what your IP address is currently, just hit the Windows key+R and type cmd into the Run box and hit enter. You will then get the command prompt window open. Now type ipconfig and hit enter. You will find your current IP address, Subnet Mask and Default Gateway (router address)

Locate ip address via ipconfig

Now you have the information that you need, so just fill in the details.

In the first part of the Properties window select Use the following IP address button. This will now allow you to make the changes. My original IP address was 192.168.1.76 which I changed the last number to 18. The Subnet Mask will automatically be set for you when you click in the first box (in most cases this is 255.255.255.0) The Default Gateway is the address of your router. This can be obtained via the method above (Windows Key+R etc) or it should be on the router itself.

If you find that you get an IP conflict error, simply change the last digit of your IP address to a different one, as another computer or device may be currently using that. This is another reason that I prefer to set static IP addresses on all of my devices where possible

For the DNS server details to be changed, select Use the following DNS server addresses button. I will be using the Goggle DNS servers, but feel free to use the OpenDNS servers if you want.

Google DNS Servers:

  • Preferred DNS server: 8.8.8.8
  • Alternate DNS server: 8.8.4.4

Open DNS Servers:

  • Preferred DNS server: 208.67.222.222
  • Alternate DNS server: 208.67.220.220

set a static IP

Now hit OK>Close>Close.

You can now test to see if you still have any DNS leaks by visiting the DNS Leak Test page (created by Jeremy Campbel). Make sure that you are connected to your VPN and then run the test. You should hopefully not be able to see any information relating to your actual ISP.

All the changes above are completely reversible should you wish to revert back to the original settings.

Note: This is not a be-all-and-end-all fix, but it should make your browsing more secure when combined with your VPN should you have a leak. If someone is really determined to track what you are doing then they still can. Nothing is infallible in the tech world.

  • Pingback: UK High Court Orders ISP's To Block Kickass Torrents, H33T and Fenopy()

  • Pingback: iVPN Review Plus Mobile & Desktop Speed Tests()

  • Pingback: iVPN Review Plus Mobile & Desktop Speed Tests()

  • Pingback: Private Internet Access VPN Review Plus Speed Tests()

  • Pingback: ibVPN Review and Speedtests()

  • Pingback: CactusVPN Review, Speed Test and Free VPN Giveaway()

  • https://www.facebook.com/WheelieUK Mike Kelly

    Hi, thought you might like to know I used the site, in your comments, to check my dns. It passed, with flying colours. However, when I checked against http://ipleak.net/ my isp dns WAS still shown. It seems to me, that http://ipleak.net/ would be the more rigourous of the two tests to pass. In addition, http://ipleak.net/ will show if your TOR is detectable and also the entry and exit node, and what ip you are showing publically, if you are using a torrenting client like utorrent.

    • http://techfleece.com/ thegift73

      Hi @Mike Kelly. I have just tested this on the site that you linked to (ipleak.net) whilst connected to my VPN provider (CactusVPN) and it shows no DNS leakage for where I actually live. (in the UK)

      I connect to NL (Netherlands) and US servers most days and all seems good on my end.

      Here is a screenshot I just took: http://i.imgur.com/tZx4GMM.jpg

      • @WheelieUK

        Hi @thegift73 Thanks for the prompt response. I think you may have misunderstood the point a little. What I was saying was that when *I* checked *your* link, (i.e dnsleaktest.com) my ip was showing as no ip dns leak. HOWEVER, when I checked ipleak.net (In the same session I was cleared by dnsleaktest.com) it reported 2 BT DNS servers on a Netherlands VPN connection (I use PIA and also ExpressVPN for different purposes). I was, therefore, arguing that the first test, was only indicative since it still failed the second test. Conversely, if you succeeded on the 2nd test, the FIRST would ALWAYS be clear. So, I was proposing the more thorough test at ipleak.net for those who absolutely have to gaurantee no dns leak.

  • @WheelieUK

    Hi @thegift73
    I should also have mentioned, the second test only passed, when I first (On a windows 7 32 bit system) cleared when I first issued the cmd line command ipconfig /flushdns. Before doing this, it ALWAYS fails. This was IN ADDITION to your comments above of course.

    • http://techfleece.com/ thegift73

      Hey, thanks for the feedback. What DNS servers are you using by the way? Just trying to get a clearer picture.

      • @WheelieUK

        Hi again
        I used the Google server addresses as shown in the post above. (8.8.8.8 & 8.8.4.4) and set those to the local area connection only (I didnt change the settings in the VPN adaptor settings, since there is a script which sets the dns on that, when connected) Take a look at http://tinyurl.com/mje6225 for a list of the dns servers it says are attached, when it works properly. Before I do the dns flush the top two are always shown as BT dns servers. I have a BT home hub which has the dns server settings disabled at the modem. This might be why I need to do the dnsflush after connecting to the vpn. At that stage, the hub doesnt realise it is still going through BT it seems. (Purely hyperthetical suppersition, but sounds reasonable).

    • http://techfleece.com/ thegift73

      Hi @WheelieUK. I have the BT Home Hub 5 and have set my DNS servers to the Google ones as well as giving my PC a static IP address. Still not sure as to why you are getting the leaks though? I have just checked my router and I also have Dynamic DNS service disabled. Advanced Settings>Broadband>Dynamic DNS.

      http://i.imgur.com/WGc4RQg.png

      In your PC’s Local Area Connection properties windows (where you choose the properties for TCP/IPv4) have you unchecked the TCP/IPv6 box?

      http://i.imgur.com/DoBnBrt.jpg

      • alan_m

        Struggled with this, unchecking the IPv6 Leak Protection solved the leak using the http://ipleak.net/ site. many thanks for the guidance.

%d bloggers like this: