How to aviod DNS leak
What is a DNS leak?
DNS leaks are security vulnerability that is specific to Microsoft Windows operating systems. DNS leaks can cause your true IP address (or at least your ISP's address) to leak out into the open without your knowledge, even when using an encrypted VPN. If you just access the internet through your standard connection via your ISP (Internet Service Provider), your computer will be told to use your ISP's DNS servers.
This means that all lookup requests will go through your ISP unless you manually specify otherwise. When connected to a Virtual Private Network, your computer will be told by the VPN to use their secure DNS servers that are different from the ones assigned to you by your ISP. However, due to security flaws inherent in windows OS, your computer can actually mistakenly use the wrong DNS servers, thus exposing your true IP address to the website you are visiting.
What does DNS Mean?
DNS stands for Domain Name Server. Any time you type a web address in your browser bar, a request is sent to a Domain Name Server. This server matches domain names to IP addresses where the website is actually hosted. The DNS then tells your browser which IP address to go to in order to load the website you have requested.
What causes DNS leaks?
DNS leaks can be caused (or induced) by a variety of factors. Something as simple as a website delaying its response to your computer can cause a windows machine to switch to the unsecured DNS servers. This is the technique utilized by many malicious websites to cause DNS leaks and expose private user information.
How to prevent DNS leak?
To prevent DNS leaks is to switch to secure DNS like OpenDNS or Google DNS and disable IPv6 Protocol of the respective adapters (wifi or wired). As long as your real location is not revealed in the DNS tests you are safe.
Step #1: Disable IPv6 Protocol
Step #2: If you are using OpenVPN GUI version 2.3.9 or higher then simply edit the configuration file and add this command "block-outside-dns" and save the configuration file by following the screenshots mentioned below:
a. Run the OpenVPN GUI as "administrator".
b. Right click on the OpenVPN GUI icon in the system tray and hover the pointer to any of your desired location.
c. Now select "edit config".
d. Now simply enter this line "block-outside-dns" below “" and save the file again.
e. You are now done and can proceed to using OpenVPN. However, this OpenVPN configuration will work in cases where you have static DNS bound in your network adaptor (wifi or wired) and you cannot use internet without the static DNS. This command will overwrite priority of static dns over dynamic dns and hence allow connection be established and also prevent dns leaks.
Step #3: Alternate solution is to clear DNS manually via Command Prompt.
a. Open Command prompt and Run as Administrator.
b. In opened window (cmd) type& press enter
netsh interface teredo set state disabled
c. Restart your computer.
If you want to re-enable Teredo in the future, open Command Prompt and type
netsh interface teredo set state type=default
a. Open "Command Prompt": Click on start menu and in the search box type "cmd". In the search result, right-click on "cmd" and select "Run as administrator"
b. To see your connected network, in opened window (cmd) type
netsh interface show interface
and press enter. In this example the connected netword is "ADSL".
c. Connecto to your VPN now.
d. In opened window (cmd) type
and press enter.
e. In opened window (cmd) type
netsh interface ipv4 delete dnsservers "ADSL" all
and press enter. This will remove the DNS settings from your network interface.
f. After disconnecting from your VPN you can renew your previous DNS settings. Type:
netsh interface IPv4 set dnsserver "ADSL" dhcp
and press enter.
g. In the last part, type:
Congratulations you are done now.