Posted February 16, 2013 by TopDog in Articles

What is a DNS Leak and how it affects VPN Security

How to stop DNS Leaks
How to stop DNS Leaks

One of the little known facts about VPN service is that despite the benefits of a changed IP address and data encryption, personal information can still leak out in the open through something called a DNS leak. Some VPN providers build DNS leak solutions right into their software. For those that don’t, there are manual solutions as well.

What is a DNS Leak?

DNS leaks are security vulnerability that is specific to Microsoft Windows operating systems. All you Mac users out there have another reason to pat yourself on the backs. DNS leaks can cause your true IP address (or at least your ISP’s address) to leak out into the open without your knowledge, even when using an encrypted VPN.

What does DNS Mean?

DNS stands for Domain Name Server. Any time you type a web address into your browser bar, a request is sent to a Domain Name Server. This server matches domain names to IP addresses where the website is actually hosted. The DNS then tells your browser which IP address to go to in order to load the website you have requested.

So what is a DNS leak?

If you just access the internet through your standard connection via your ISP (Internet Service Provider), your computer will be told to use your ISP’s DNS servers. This means that all lookup requests will go through your ISP unless you manually specify otherwise.

When connected to a Virtual Private Network, your computer will be told by the VPN to use their secure DNS servers that are different from the ones assigned to you by your ISP. However, do to security flaws inherent in windows OS, your computer can actually mistakenly use the wrong DNS servers, thus exposing your true IP address to the website you are visiting.

What causes a DNS Leak?

DNS leaks can be caused (or induced) by a variety of factors. Something as simple as a website delaying its response to your computer can cause a windows machine to switch to the unsecured DNS servers. This is the technique utilized by many malicious websites to cause DNS leaks and expose private user information.

How Do You Detect DNS Leakage?

There is an excellent free website, DNSLeaktest.com that can detect DNS leaks in a matter of seconds. They also have helpful information on how to stop leaking DNS information involuntarily. To get the most out of DNS Leak Test, you want to connect to your VPN service before visiting their website, or make sure you refresh your browser once your connection is established.

How can I Prevent DNS Leaks?

There are number manual and automatic solutions to this windows security flaw. It is highly recommended that you set your computer to use a static IP address. This will help make sure your new DNS settings aren’t accidentally ignored. Here’s a guide on how to do it.

Use a VPN with built-in DNS Leak Protection

While most VPN’s do not yet include this feature, there are couple that do. The best part is, they are both extremely affordable and anonymous (they do not keep data or connection logs)

VPN’s that plug DNS Leaks:

Private Internet Access


  • As low as $5/month

HideMyAss VPN

  • As low as $6.50/month

Automatic DNS Leak Fix

DnsLeakTest.com has software that should fix DNS leaks on most windows operating systems automatically. It basically detects a VPN connection and forces your computer to use the secure DNS servers when connected. Click here for the software.

Manual Setup (Really Easy)

Sometimes the simplest method works the best. Before you use the manual option, please make sure your computer has a static network IP instead of one assigned by DCHP, otherwise your efforts could be wasted.

All you need to do is specify a DNS server for your computer or router that doesn’t belong to your ISP. Comodo SecureDNS is a free DNS server that works great. When using the manual option, it’s important to make sure that your ISP doesn’t use Transparent DNS Proxies.

Manual DNS for just your Computer:

  1. Go to the Control Panel->Network Settings->Network Connections
  2. Right click on the network adapter you use for your home network (Most of us use the wireless network adapter)
  3. Click on properties…
  4. Select Internet Protocol Version 4 (TCP/IPV4) from the list and click the properties button
  5. Switch radio button from Obtain DNS Address Automatically to Use the following DNS Server Address
  6. Enter your new secure DNS information
  7. You’re DONE!

Manual DNS for your entire home network:

  • Access your routers settings page
  • Go to the DNS settings
  • Enter your secure DNS IP’s in the Static DNS Server boxes
  • *Note* exact setup method will vary by router manufacturer, but all have the option for manual DNS