Confidentiality and integrity of data is the major concern in cyberspace.With the increase in cyber attacks, it is important to regulate and test data processing systems to verify security measures for secure web browsing. The browsers are built with special security architecture and offer specific resources like add-ons and plugins to increase web security. In this article, we discuss DNS leaks which happen to be the major problem with the network configuration and find ways to fix and prevent the DNS leaks problem in Windows 11/10.
Before we begin, let’s have a quick abstract about the role of DNS.
What is DNS
As we all know, Domain Name is used in browsers to find web pages on the internet. In simple words, a Domain name is a collection of strings that can be easily read and remembered by humans. While humans access web pages with the domain name, machines access the web pages with the help of an IP address. So basically, in order to access any website, it is necessary to convert the human-readable domain name to a machine-readable IP address.
The DNS server stores all the domain names and the corresponding IP address. Whenever you browse to a URL, you will be first directed to the DNS server to match the domain name to the respective IP address and then forward the request to the required computer. For example, if you type the URL, say www.gmail.com, your system sends the request to the DNS server. The server then matches the corresponding IP address for the domain name and routes the browser to the remote website. Generally, these DNS servers are provided by your Internet Service Provider(ISP).
In summary, DNS Server is the repository of the domain names and the corresponding Internet Protocol address.
Read: What is a DNS Hijacking.
What is DNS Leak?
On the Internet, there are numerous provisions to encrypt the data transferred between your system and the remote website.Well, Encrypting content alone is not enough. Like content encryption, there is no way to encrypt the sender’s address as well as the address of the remote website. For strange reasons, DNS traffic cannot be encrypted, which eventually can expose all your online activity to anyone having access to the DNS server.
That is, every website visited by the user will be known by simply gaining access to the DNS logs.This way, the user loses all the privacy over browsing on the internet and there is a high probability of leaking the DNS data to your Internet Service Provider. In a nutshell, like the ISP, anyone who has access to DNS servers in a legal or illegal way can keep track of all your online activity.
In order to mitigate this problem and protect the privacy of the user, Virtual Private Network (VPN) technology is employed that creates a safe and virtual connection over a network. Adding and connecting your system to VPN means that all your DNS requests and the data are passed to a secure VPN tunnel. If the DNS requests leak out of the secure tunnel, the DNS query enclosing the information like the recipient address and sender address is sent over an unsecured path. This will result in serious consequences where all your information is routed to your Internet service provider, eventually revealing the address of all the website hosts you access.
Read: What is DNS Cache Poisoning?
What causes DNS Leaks in Windows 11/10
The most common cause of DNS leaks is the improper configuration of the network settings.Your system should first be connected to a local network and then establish a connection to a VPN tunnel. For those who often switch the internet from hotspot, WiFi, and router, your system is most vulnerable to DNS leaks. The reason is when you connect to the new network, the Windows OS prefers a DNS server hosted by the LAN gateway instead of the DNS server hosted by the VPN service. Eventually, the DNS server hosted by the LAN gateway will send all the addresses to the Internet service providers disclosing your online activity.
Also, another major cause of DNS leak is the lack of IPv6 addresses support in VPN. As you are aware that IP4 addresses are gradually being replaced with IPv6 and the world wide web is still in the changeover phase from IPv4 to IPv6. If your VPN doesn’t support IPv6 address, then any request for the IPv6 address is sent to the channel initially to convert from IPv4 to IPv6. This conversion of addresses will eventually bypass the VPN secure tunnel disclosing all the online activity leading to DNS leaks.
How to check if you are affected by DNS Leaks
Checking for DNS leaks is quite a simple task. The following steps will guide you to make a simple DNS leak test using a free online service test.
To begin with, connect your computer to the VPN.
Next, visit the dnsleaktest.com website.
Click on Standard test and wait for the result.
Your system is leaking DNS if you see the server information related to your ISP. Also, your system is affected by DNS leaks if you see any lists that are not directed under the VPN service.
Some other sites to check DNS leak are browserleaks.com/dns and dnsleak.com.
How to fix the DNS Leak
Windows system are vulnerable to DNS leaks, and whenever you connect to the internet, the DHCP settings automatically considers the DNS servers that may belong to Internet Service Provider.
To fix this problem, instead of using DHCP settings, try to use static DNS server or public DNS services or anything recommended by the Open NIC Project. Third-party DNS servers like Comodo Secure DNS, OpenDNS, Cloudflare DNS, etc, are recommended if your VPN software doesn’t have any proprietary servers.
To change DNS settings open Control panel and go to Network and Sharing Center. Navigate to Change Adapter Settings on the left-hand panel and locate your network and Right click on the network icon. Select Properties from the drop-down menu.
Locate and search Internet Protocol Version 4 in the window and then click on it and then go to Properties.
Click on the radio button Use the following DNS server addresses.
Enter the Preferred and Alternate address for DNS servers you wish to use.
If you want to use Google Public DNS server, follow these steps
- Locate the preferred DNS server and type 8.8.8.8
- Locate an alternate DNS server and type 8.8.4.4.
Click on OK to save the changes.
On a related note, it is advised to use monitoring software for VPN; although it may top up your expenses, it certainly would ameliorate the users’ privacy. Also, it is worth mentioning that performing regular DNS leak tests would pass muster as a precautionary measure.
