Using a VPN service these days is increasing in popularity due to people wishing to maintain their anonymity as well as providing a further level of security. This can be especially useful for users who regularly use free public Wi-Fi or for those who wish to access geo-restricted sites like Hulu from outside the US or the BBC iPlayer from outside the UK and governments that either spy on their citizens or attempt to censor what people may do online. Another increasing use of VPN’s over the past few years has been by people who regularly use P2P in order to access files from other users around the world.
When connecting to the internet normally (no VPN), it is very easy for your ISP or other entities to track everything that you do online, as most ISP’s provide their own DNS servers which allow them to log and track your online activity. The same goes for people who use P2P in order to download films, music or other files (legally or not) as their IP address and the files they were downloading/sharing can be easily harvested. However, even when connected via a VPN you may still be leaking information that could allow people to still track your online activities. However, even when you are connected to an anonymous proxy or VPN service, your computer may still be using your computers default DNS servers issued via your ISP instead of the ones via the VPN/proxy service. This is known as a DNS leak and is a security risk which you should fix.
There are a few way to fix a DNS leak, but for this article I will be showing you how I fixed mine, and will only take a couple of minutes to complete and check.
Firstly, if you want to check to see if you have a DNS leak, then first connect to your VPN of choice and then head over to this page and simply hit the Check for DNS leaks now! button. You will see that the page will show the country that it thinks you are from as well as the IP. If you have a DNS leak then it will show at the bottom of the test results.
Here are my test results when I am connected to my VPN:
Now the VPN service that I use is CactusVPN and the server that I connect to by default is located outside of the UK. However, even though I am connected to the VPN service I am still being exposed due to a DNS leak on my end. You can see this at the bottom of the image above that it shows I am in the UK, my ISP as well as my external IP address. The main thing that I really like about CactusVPN is that should the connection to the VPN service be broken, then it has an inbuilt feature (that takes seconds to configure) that will also immediately terminate your P2P client should you want it to.
Note: You will see that the site knows that I am (my VPN server that I am connected to) is located in The Netherlands, but when running the check it show as Germany. This is due to my DNS servers belonging to Google (see more below when applying the fix) and when my computer sends its DNS lookup query the closest DNS servers are probably located in Germany, hence it shows as Germany and not The Netherlands. Thank you Jeremy for the explanation.
Now here is another test after fixing the leak when still connected to my VPN. Note that it no longer shows my true location.
So, how to fix this. Well to put it simply you just need to change your IP address to a static one (disabling DHCP so when your router reboots your address will remain the same) as well as changing your preferred DNS servers to that of Googles or OpenDNS. I am running Windows 7 so I will show you how to accomplish this using that OS. For other Windows OS’s the procedure is very similar.
First head on over you your Network and Sharing Center which is located on your Control Panel. Alternatively just hit Start and type Network and Sharing. Once there select Local Area Connection.
Once you have selected the Local Area Connection you will see the first of three windows. I have grouped them together to simplify how to get to the main properties window where you are able to change your DNS server settings and set a static IP address. Properties>Internet Protocol Version 4 (TCP/IPv4)>Properties. I would also uncheck the Internet Protocol Version 4 (TCP/IPv6) box.
If you have never touched these settings then by default you will have an IP address automatically set for you by your router via DHCP (Dynamic Host Configuration Protocol) and the DNS servers that you will be using are those belonging to your ISP (Internet Service Provider). These are what we are going to change. Here is an example of how it should look when you are finished. Note that the choice of DNS servers that you use are completely up to you, although I prefer to use the Google ones. If you are unsure as to what your IP address is currently, just hit the Windows key+R and type cmd into the Run box and hit enter. You will then get the command prompt window open. Now type ipconfig and hit enter. You will find your current IP address, Subnet Mask and Default Gateway (router address)
Now you have the information that you need, so just fill in the details.
In the first part of the Properties window select Use the following IP address button. This will now allow you to make the changes. My original IP address was 192.168.1.76 which I changed the last number to 18. The Subnet Mask will automatically be set for you when you click in the first box (in most cases this is 255.255.255.0) The Default Gateway is the address of your router. This can be obtained via the method above (Windows Key+R etc) or it should be on the router itself.
If you find that you get an IP conflict error, simply change the last digit of your IP address to a different one, as another computer or device may be currently using that. This is another reason that I prefer to set static IP addresses on all of my devices where possible
Google DNS Servers:
- Preferred DNS server: 22.214.171.124
- Alternate DNS server: 126.96.36.199
Open DNS Servers:
- Preferred DNS server: 188.8.131.52
- Alternate DNS server: 184.108.40.206
Now hit OK>Close>Close.
You can now test to see if you still have any DNS leaks by visiting the DNS Leak Test page (created by Jeremy Campbel). Make sure that you are connected to your VPN and then run the test. You should hopefully not be able to see any information relating to your actual ISP.
All the changes above are completely reversible should you wish to revert back to the original settings.
Note: This is not a be-all-and-end-all fix, but it should make your browsing more secure when combined with your VPN should you have a leak. If someone is really determined to track what you are doing then they still can. Nothing is infallible in the tech world.