The most common way for your VPN to leak your IP address is through DNS requests. Here’s what you need to know.
For the most part, a top-class VPN with built-in leak protection will help you avoid all the problems discussed below. If you’re not sure that your software has these protections in place, this simple to use VPN leak tool will tell you all you need to know in under a minute.
What Is a DNS Leak?
When you type a domain name into your browser (for example, youtube.com), a Domain Name System (DNS) request is sent to your ISP’s DNS servers. This request results in that domain name being translated into an IP address, so your device can access that website.
The problem with your DNS requests going through your ISP is that they will know what websites you access, even if your IP is hidden by a VPN. Now, telecom companies are known to sell your browsing and location data (among other things); so you can see how that wouldn’t benefit you.
VPN providers mitigate this issue by having DNS requests run through their own servers, maintaining your anonymity. However, certain OS features will force those requests to go through your ISP under certain conditions, nullifying VPN protection in the process. Windows is the usual culprit, though Mac and Linux users shouldn’t rest easy.
Smart Multi-Homed Name Resolution
SMHNR for short, this mouthful of a Windows feature is tasked with speeding up the DNS request process. How does it do that? By sending out requests to all available DNS servers and selecting the one that responds the fastest. If your VPN’s DNS servers don’t respond quickly enough, your requests could end up going through to your ISP.
It’s possible to turn off the feature in Windows 8/ 8.1 and Windows 10 by following this guide. Keep in mind that Windows 10 Home users can’t access the Group Policy Editor without installing Policy Plus first. This free, open-source program adds Group Policy functionality to all Windows versions that lack it.
VPNs work by routing your network traffic through an encrypted “tunnel.” This makes the encrypted data look like gibberish to outsiders trying to snoop on your online activity. Yes, that applies to your ISP, government surveillance agencies, and cybercriminals alike.
Teredo tunneling was created to keep up compatibility between IPv4 and IPv6 networks while ISPs, websites, and enterprises slowly transition to IPv6.
Now, the problem with this slow transition has made it so VPN providers have no incentive to fully adopt the new IP address standard. If your VPN doesn’t have leak protection, or you haven’t manually disabled IPv6 through your network adapter, your system could make IPv6 DNS requests through Teredo, resulting in a DNS leak.
Luckily, the solution is as simple as disabling the feature altogether. Here’s what you need to do:
- Press the Windows key + R, this will open up a “Run” window.
- Type “cmd” and press Enter to open a Command prompt.
- Type the following in the prompt, exactly as written: netsh interface teredo set state disabled
- Press Enter and you’re done!
DNS Leak on Ubuntu
While Windows seems to put spokes in the wheels of privacy-minded people, Linux users shouldn’t rest on their laurels. A DNS leak could occur on your system if you use OpenVPN without a proper configuration.
DNS Leak on Mac
Preventing DNS leaks on Mac OS X is as simple as switching your DNS settings to a trusty provider such as OpenDNS. Luckily, they have multiple guides on their website, going back to OS X Leopard. The guides themselves aren’t complicated, just changing a couple of numbers in your network settings.
On the other hand, there may be extra steps depending on your OS version, such as flushing your DNS resolver cache and web browser caches. Don’t worry; OpenDNS have included a handy guide on how to do that whenever it’s relevant.
Any Other Leaks I Should Worry About?
While not necessarily tied to your OS, there are two other VPN leaks you should definitely patch up. We’ve already mentioned IPv6 leaks and how disabling IPv6 completely resolves the issue, so no use getting into the gritty details.
The other browser-related leak is due to a feature called Web Real-Time Communication (WebRTC), which lets you use your browser for audio and video calls. While it’s neat that you can do that without needing to install Skype or other apps, WebRTC is also a security vulnerability that allows websites to detect your real IP address. Yes, even with an active VPN.
There are several easy solutions to the problem:
- Disable WebRTC in your
- Install a browser add-on like WebRTC Control that lets you turn the feature on and off at the click of a button.
- If you don’t mind the learning curve, get a script-blocker such as NoScript or uMatrix. They will block WebRTC requests along with a host of other privacy-invasive tracking
With these out of the way, all that’s left is to re-test your VPN with the leak tool from the beginning; just to make sure your changes were successful. It’s a good idea to repeat the test at least once a week, in case any Windows update messes with your settings and as a privacy best practice.