A DNS leak is a flaw with the network configuration that outcomes in the loss of security by sending DNS queries over unsecured connections as opposed of using the VPN association.

The weakness permits an ISP, and eavesdroppers, to perceive what sites a user might visit. This is predictable since the browser's DNS requests are sent to the ISP DNS server straightforwardly, and not through the VPN.

How To Prevent DNS Leak - 5 Methods:

Here are the best practices that you could implement to prevent DND leak on your devices.

1- Change DNS Servers Via Settings

Mostly the DNS is set up to the ISP server which could be easily switched to any third party server such as free centralized servers, Google DNS or OpenDNS including the paid one. With these third-party servers you could get numerous benefits other than the protection from ISP snooping and hiding internet browsing activities;

  • These DNS servers allow you to enforce parental controls on various websites or content which you think is inappropriate for your child and he/she might not access it.
  • Some of the DNS servers give an access to the restricted content which is normally unavailable for at a specific location or is blocked due to other reasons.
  • Third-party servers such as OpenDNS servers could defend you against the phishing attacks by filtering phishing sites.
  • These servers have improved security features as compared to the ISP servers. Such as, the Google DNS server supports DNSSEC to assure that the entire process of signing DNS requests is secure and accurate.
  • Sometimes a third-party server provides you a faster speed than the ISP DNS server.
  • The DNS level restriction for content or website from your ISP could be evaded through connecting a third-party server instead of using the ISP DNS server.

How to Change DNS Server settings

If your default DNS server is one that was appointed by your ISP, one of the simplest approaches to shield them from seeing what you're doing on the internet is to change your DNS server. Regardless of whether you aren't stressed over DNS leak, changing your default DNS server may be a smart thought, as it may bring about quicker Internet speeds.

For selecting a custom DNS server other than ISP’s DNS server, you could choose from the many common ones such as openDNS and Google DNS. You may also select lesser known but general ones such as Norton DNS, Comodo Secure DNS and others.

Here are the IPs for DNS servers so that you could easily enter these sets while changing settings of your browser, devices or operating systems.

ServiceOpenDNSGoogle Public DNSNorton ConnectSafeComodo Secure DNS
Primary IP 208.67.222.222 8.8.8.8 199.85.126.10 8.26.56.26
Secondary IP 208.67.220.220 8.8.4.4 199.85.127.10 8.20.247.20

DNS Leak Protection In Browsers

Chrome – An extension, free of cost is available for installation. It will fix the issues you are facing.

Firefox – A bit of work needs to be done here but it is worth the security you need. On the address bar in Firefox, type: “about: config”. A page will appear where you will have to enter “media.peerconnection.enabled” onto the search bar. When it will appear, set the entry to ‘false’. It’s done.

Opera – DNS leak can be assured in Opera by blocking WebRTC. Follow the steps listed:-

  1. Go to the extensions gallery.
  2. Enter “WebRTC control”, the plugin name in the search box.
  3. Click on the plugin.
  4. Click on Add to Opera.
  5. Enable the plugin which will turn from blue to black.

DNS Leak Protection In Operating Systems

Windows

  1. Go to your system control panel.
  2. From ‘Network and Internet’, select “View network status and tasks”.
  3. Click on “Network and Sharing Center”, and then select “Change adapter settings”.
  4. A window listing all your network adapters will appear. There, select yourmain network adapter , right-click and then click on “Properties”.
  5. In the properties of your network adapter, select onInternet Protocol Version 4 (TCP/IPv4 and click on “Properties”.
  6. You’re now viewing the advanced properties of the TCP/IPv4 settings. Don’t alter anything in the upper field related to IP, Subnet or Gateway.
  7. Select “Use the following DNS server addresses:” and enter 2 DNS servers of your choice. If you’re using HMA Pro VPN, it’s recommended to use OpenDNS.
  • OpenDNS: 208.67.222.222 + 208.67.220.220
  • GoogleDNS: 8.8.4.4 + 8.8.8.8
  • Select on “Ok”. It’s done, it’s over.

MacOS -  Macintosh 

  1. On your desktop, click the Mac Apple, and select“System Preferences”.
  2. System Preferences window will appear. Select “Network”.

For WiFi:

  1. Choose“WiFi” from the left-hand side. Select “Advanced” . Choose “DNS” tab and click on the “+” to add new DNS servers.
  2. After doing that, click on theOK button and click on “Apply” for the DNS changes to affect. That’s all that needs to be done.

For Ethernet:

  1. You’ll view the Network center. Select your Ethernet adapter in the left and click“Advanced...”
  2. Click on the “DNS” tab and add DNS servers by clicking on the “+” button.
  3. Add the desired DNS servers:
  • OpenDNS: 208.67.222.222 + 208.67.220.220
  • GoogleDNS: 8.8.4.4 + 8.8.8.8
  1. Click on the OK button.
  2. In the network center, you will see the DNS servers you recently added right next to “DNS server:”
  3. Click on ‘Apply’ at the bottom right to save your tasks.

Linux Operating System

  1. Navigate toNetwork Connections in the top right corner of your desktop screen and click on Edit Connections.
  2. Find your active network connection. After selecting it, click the “Edit” button.
  3. Go to theIPv4 Settings tab and change the method from Automatic (DHCP to Automatic (DHCP addresses only.
  4. Enter the DNS server shown below. After you’re done, click the Save button.
  5. Close the window to confirm the changes done and click on close.
  6. In case, click onEnable Networking option to disable it and select it once again to re-enable it. Thus, all necessary changes can take place.

By following all the steps listed for each of the popular operating systems used on earth, you can assure that your DNS does not get leaked. One thing is common in all of them; that is to change your DNS settings.

DNS Leak Protection In Devices

The change of DNS server in the router would affect the DNS request to all the devices which are connected to it. It is an easy way to change the entire network settings instead of every device’s setting individually. However, it is necessary that your devices are set up for DHCP which means they access router for DNS server information.Your DNS server is usually set up to the ISP’s DNS server and to change this, you need to access your router’s web interface. Every router has their specific way to access it and you could find instructions in your router’s manual. You can always access your router’s company support site to download the manual.Once you are at the router’s web interface, you will probably find the setup or basic settings page into which there are DNS text fields usually in the DNS Address section. Now set up your DNS servers; primary DNS server and secondary DNS server.

On Smartphone Or Tablet

You can change the default DNS server settings into your android phone or tablet but this will apply to a single network only. For instance, if you have changed the settings while connected to your home Wi-Fi than you need to change it again when connected to another network.To change the settings you need to follow certain steps;

  • Open the Wi-Fi network list into the Wi-Fi settings.
  • Now, long press the one you are connected to and then click on ‘modify network’.
  • Press the ‘show advanced options’ and set the ‘IP settings’ to static.
  • Finally, you will be allowed to change the DNS server.

Unfortunately, when you change the IP settings to static, you can’t use DHCP on the network. Yet, you can use the Set DNS app if your phone is rooted. With this app, you can choose a custom DNS for yourself and the app will automatically set this DNS server every time you connect to a new network. Therefore, you don’t need to change manual settings or static IPs.

On IOS ( IPhone, IPod, IPad )

To change the DNS server settings in iOS you need to connect Wi-Fi to your device.

  • First, go to the app’s Wi-Fi settings and press the blue button on the right side of the network you are connected to.
  • Now, press the ‘configure DNS’ button at the bottom of settings.
  • Select the ‘manual’ option there and tap the red button to remove the existing unwanted DNS servers.
  • Finally, enter a custom DNS server into the places.

For iOS manual settings, you will need to change the DNS server setting each time you connect to a new network.

2- Use VPN With DNS Leak Protection Feature

We have previously mentioned that despite a VPN connection, DNS request could be transmitted to your internet provider through the ISP DNS server. This is because of a change in default DNS setting due to any reason or when anyone out of numerous DNS requests leaks to the ISP which is caused when the VPN is overlooking the DNS requests.

Also, the reverse in DNS settings to default ISP DNS is sometimes due to the VPN disconnect which occurs most often.

Witnessing the increase in DNS issues, some popular VPN providers have introduced a feature of DNS leak protection which makes sure that all the DNS requests are going through the encrypted and anonymous VPN servers. Therefore, you must check the VPN features before selecting it for yourself.

3- VPN Monitoring Software

With some VPN monitoring software, the users could get support for fixing DNS leaks. However, you might have to pay for a premium version of the most VPN monitoring software for getting the feature of DNS leak fixing. Therefore, it might not be a consideration for most individuals unless they are keen to know that their VPN connection is totally secure or not.

4- Block Non-VPN Traffic

You could configure your own firewall in order to restrict the DNS requests only to the VPN servers. All you need to do is to check the network interface settings when you are connected to VPN. In Windows, open command and run ifconfig/all command which will open up the display to view the IP address of your VPN DNS server. Whereas, in Linux, the network interface settings could be viewed through ifconfig command.

Finally, set the firewall rule which hinders all the DNS traffic if it’s not routed towards that specific IP address. Such a command will assure that your domain name requests are only resolved if they are going through VPN DNS.

5- Disable Teredo

Teredo is a feature of Windows that enables communication across the two IP protocols, the IPv4 and the IPv6. These protocols are present on the internet and with the help of Teredo, the IPv6 capable hosts that are on IPv4 internet could get the complete IPv6 connectivity when they have no native connection to IPv6 network. Yet, the entire Teredo tunneling process is a bit complicated and you can get detailed information here.

Sometimes, Teredo could be the cause of DNS leaks and therefore, you could prevent DNS leaks by disabling Teredo from the settings. To disable Teredo, open command line, and type "netsh interface teredo set state disabled".

However, if you need to enable Teredo at some point then enter “netsh interface teredo set state type=default” in the command line.