What is a DNS Leak and how do you fix it?

Introduction

DNS leaks present a serious problem because they result in a loss of privacy by sending DNS queries over insecure links instead of using a secure VPN connection.

DNS servers are an play an essential part of making the internet work. They translate server names (such as www.google.com) to an IP address and vice versa. Browsers, email clients, games and all other types of applications rely on DNS.

It is vital that when you connect to a VPN that information passes through the VPN tunnel. DNS queries could reveal your activities if they “leak” outside the secure VPN tunnel.

Causation

The reason behind DNS leaks is typically a network and VPN misconfiguration. Often, those issues are OS specific. Windows for instance is particularly vulnerable to DNS leaks. The issue is that Microsoft prefers the DNS server assigned by the LAN over the DNS server assigned by the VPN service. Typically the DNS server assinged by the LAN gateway will forward DNS queries to the ISP’s DNS servers. The biggest vulnerability of DNS traffic is that it is not encrypted and can easily be used to disclose your browsing activity.

Are you affected?

One easy way to find out is to connect to your VPN service (if you have one) and visit http://www.dnsleaktest.com and perform both tests on their site.

Check and see what the DNS server IP’s that dnsleaktest.com are able to detect. Do any of them look like they belong to your ISP? If so, you are definately affected by a DNS leak. If on the other end you see snugvpn dns servers you can rest easy and be assured that your DNS traffic is secure and that none of your DNS traffic is leaking.

What is the fix?

Easy. First change your DNS settings from DHCP to static DNS servers. Next, set your DNS servers to x.x.x.x and x.x.x.x which are the snugvpn servers.

If you installed snugvpn’s Windows or Mac app, all of this will have been done for you automatically.