testing for leaks How to fix DNS leaks

[SURbit]

This is for general knowledge and information - will it work for you or your circumstances - if you read it might.

 

What is DNS?

The Domain Name System or ‘DNS’ is used by computers and mobile devices to contact servers associated with web destinations such as websites and email addresses. Behind every internet connection, URL and email stands an IP address belonging to their respective DNS servers. The Domain Name System converts easy-to-use web addresses (i.e. google.com), allowing for communication between your internet service provider’s DNS server and that of the visited website. In effect, the IP address belonging to your ISP and yourself is recorded by the destination’s DNS server as a visitor.

 

What is a DNS leak?

We know that a standard VPN connection is configured to mask your default IP address with a new one, based on the virtual server’s location. The problem is, despite having routed your traffic via a different server, Windows operating systems (and occasionally Mac and Linux) have a tendency to continue contacting websites using your original DNS server and IP address. Unquestionably, this poses a serious risk to your online security, anonymity and, of course, voids much of the usefulness behind your VPN.

 

 

Luckily there are effective solutions for fixing DNS leaks, including VPN services that have already addressed the issue and implemented additional protection against the risk. We’re also taking into account that not everyone with a running VPN subscription will be keen on changing their service for a new one, therefore we’ve also covered alternate ways to protect your VPN connection from leaks, without the need to change your provider.

 

Testing for DNS leaks

One of the best resources for testing your device for DNS leaks is dnsleaktest.com. Simply go to the website and run either the ‘Simple’ or ‘Extended’ test (for our example, we chose ‘Extended’). The test will complete itself within a few seconds, and if the results display the IP and location of your VPN, as our own result shows below, your computer and VPN are functioning properly.

 

 

How to prevent DNS leaks

Method 1 – Using VPN services with built-in protection:

By far the quickest and easiest way to prevent DNS leak is by using a VPN client with built-in DNS protection. Not many providers offer this, however services like Private Internet Access, VPNArea, PureVPN and TorGuard have long featured this function in their app preferences:

 

VPN's with DNS leak protection

 

Method 2 – Third party program

The second option is to use supplementary 3rd party programs like VPNCheck Pro to access and optimise security on your existing VPN. VPNCheck Pro by Guavi works similarly to OpenVPN software, acting as a gateway to your service, letting you log in with your own VPN and adjust additional privacy options. Among them is the automatic DNS leak fix:

http://guavi.com/vpncheck_pro.php

http://www.openvpn.org/

 

Method 3 – Manual DNS enforcement

If you’re happy with your current VPN, another good option is to manually assign a different DNS server directly into your computer’s Networking settings. The process is relatively simple and involves replacing the default DNS provider (i.e. your ISP) with a free, public alternative, such as OpenDNS, Comodo or Google Public DNS. Here is a step-by-step guide on how to do this using OpenDNS servers on Windows 7 OS:

 

Update: Please note that OpenDNS, Google Public DNS and Comodo all retain request data logs. Therefore, from publicly available options that do not keep logs, we recommend to use OpenNIC DNS servers instead.

 

1.Go to Control Panel > Network and Internet > Network Connections

2.Right click > Properties on your active internet connection

3.Highlight ‘Internet Protocol Version 4’ > click Properties

4. Click ‘Use the following DNS server addresses:‘ > type the DNS server addresses recommended by OpenNIC for your locale. In our instance they were 178.79.174.162 and 185.10.203.37 in the Preferred DNS server and Alternate DNS server fields > OK > Close

5. Open Command Prompt > type ipconfig /flushdns > hit Enter

 

6. Open your web browser settings and delete cache

7. Run test on dnsleaktest.com (if the result displays a new IP with “OpenDNS” as the ISP, you’ve successfully enforced a manual DNS server on your computer).

 

Note: manual DNS servers can also be assigned to your router settings, should you need to secure your entire network rather than individual devices.

 

Conclusion

VPN services have helped millions of people obtain much-needed privacy on the internet, yet certain vulnerabilities like DNS leaks must still be checked and taken care of. This is why we recommend the above-mentioned precautions to anyone who takes their anonymity seriously and wishes to keep their true online location confidential.

 

If you already possess a VPN and are without DNS leak protection as part of it's offering, make sure to try out the manual DNS server configuration (along with your VPN), which could not only improve your browsing speed, but also give you a significant advantage in maintaining privacy.

 

SOURCE: https://www.bestvpnz.com/how-to-fix-dns-leaks/

 

 

[christantoan]

Note that no. 3 method will likely don't work if your ISP is using transparent DNS proxy and no VPN. One of the solution is using DNSCrypt

[Batu69]

Here method for windows 8.1 and windows10 users.

 

 

[SURbit]

19 minutes ago, christantoan said:

Note that no. 3 method will likely don't work if your ISP is using transparent DNS proxy and no VPN. One of the solution is using DNSCrypt

 

4 minutes ago, Batu69 said:

Here method for windows 8.1 and windows10 users.

 

 

 

Transparent DNS proxy = ISP side, right ?  (I never herd of this term) sounds like ISP's has a way to spy more on you.

No VPN = users side, right ?  (so with a VPN on users side then #3 is possible ?)

@ christantoan - I'd be happy for your info. here describing DNSCrypt  in brief to benefits to that of the users.

 

@ Batu69 would DNS resolver work with Softether ?  OpenVPN ? If it's working in Win 10 & 8.1 should it work as well in these?

(yes I'll will read more on it - but for threads knowledge here)

[steven36]

I use method  3  on Linux  and  methods  1 and 3 both on windows . the draw back from method 3  is if the DNS server ever goes offline and if on  you're real isp  you will have to change the dns ip to get  you're real ip to work.

 

I only use DNS servers that dont log  .

[christantoan]

Transparent DNS Proxy is a method used by ISP to monitor (and possibly block) DNS requests through port 53. Even if you configure your devices to use other DNS servers, it will intercept the DNS requests and send back invalid reply to your devices (for example to redirect to the notice website).

More info: https://dnsleaktest.com/what-is-transparent-dns-proxy.html

 

DNSCrypt (https://dnscrypt.org/) is more of a tool for circumventing ISP blockades than for privacy. I mainly use it for everyday browsing when I don't use VPN.

It encrypts DNS requests and tunnel it through other port (usually 5353) which is not monitored by ISP. It has many GUI front-ends but I mainly use this: https://simplednscrypt.org/.

 

Depending on which VPN you use, some VPNs do leak DNS requests to be intercepted by ISP. And the others that don't leak usually force you to use their DNS server.

DNSCrypt can also be used to make sure you still use your preferred DNS server (in case you don't trust your VPN's DNS servers).

[steven36]

12 minutes ago, christantoan said:

Transparent DNS Proxy is a method used by ISP to monitor (and possibly block) DNS requests through port 53. Even if you configure your devices to use other DNS servers, it will intercept the DNS requests and send back invalid reply to your devices (for example to redirect to the notice website).

 

DNSCrypt (https://dnscrypt.org/) is more of a tool for circumventing ISP blockades than for privacy. I mainly use it when I everyday browsing where I don't use VPN.

It encrypts DNS requests and tunnel it through other port (usually 5353) which is not monitored by ISP. It has many GUI front-ends but I mainly use this: https://simplednscrypt.org/.

 

Depending on which VPN you use, some VPNs do leak DNS requests to be intercepted by ISP. And the others that don't leak usually force you to use their DNS server.

DNSCrypt can also be used to make sure you still use your preferred DNS server (in case you don't trust your VPN's DNS servers).

You can run a test  to see if your DNS is leaking here

https://www.dnsleaktest.com/

 

Here explains  about  Transparent DNS proxies and some ways to get around them

https://www.dnsleaktest.com/what-is-transparent-dns-proxy.html

https://www.dnsleaktest.com/how-to-fix-a-dns-leak.html

 

If my dns is leaking  its easy to tell  if i put in a link like yuiiiii.com  that leads no were  my isp's search engine  will appear . If its not leaking it will say server not found. 

[Batu69]

@ SURbit, maybe work with Softether.

You can experiment it.

[SURbit]

20 minutes ago, christantoan said:

Transparent DNS Proxy is a method used by ISP to monitor (and possibly block) DNS requests through port 53. Even if you configure your devices to use other DNS servers, it will intercept the DNS requests and send back invalid reply to your devices (for example to redirect to the notice website).

More info: https://dnsleaktest.com/what-is-transparent-dns-proxy.html

 

 

I don't know if I've experienced the above by my ISP but I'd almost say yes, let me explain 1st I'm on/through Wireless for my internet signal (T-Mobile), (A.) initial signal to phone and then tethered to desktop PC, (B.) sometimes it's straight tether from Rooted phone (USB) and other times I have and use both app/software - phone/desktop PdaNet+.(USB). PdaNet+ set to use Google DNS.

 

I have times I can't load a Webpage at all and others I have to refresh it for it to load. Other information to consider is I maintain 1bar for signal most all the time.

 

@ christantoan Thanks for the information you supplied here.

 

@ steven36 Thanks for the information you supplied too 

 

 

[steven36]

50 minutes ago, christantoan said:

Depending on which VPN you use, some VPNs do leak DNS requests to be intercepted by ISP. And the others that don't leak usually force you to use their DNS server.

DNSCrypt can also be used to make sure you still use your preferred DNS server (in case you don't trust your VPN's DNS servers).

When i use method 3  it works just fine with my isp  using just open vpn . Say if i were using CyberGhost  and didn't  want to use there DNS servers  witch is method 1  i could just switch it off and  it would invoke method 3 .  When i use to use Astrill vpn   all there DNS  protection was they put all zeros in you're manual dns . This is easy done yourself by  just using method 3 .  The VPN  i  have  now  has were I can change the dns to anything i want  in the software and it will stop leaks  but also i  have my dns changed manual method 3  just in case .

[SURbit]

If on an Wireless data signal (no calls- data sim card) web traffic (data) only (like tablet-netbook) but with phone and I don't have ability for IPv6 on phone (maybe phone model- maybe carrier) but using IPv4, anyway my question is it's not possible in no way for my tethered desktop PC to get IPv6 and then leak it[ RIGHT ]

[steven36]

25 minutes ago, SURbit said:

If on an Wireless data signal (no calls- data sim card) web traffic (data) only (like tablet-netbook) but with phone and I don't have ability for IPv6 on phone (maybe phone model- maybe carrier) but using IPv4, anyway my question is it's not possible in no way for my tethered desktop PC to get IPv6 and then leak it[ RIGHT ]

Ipv4 iIPv6  is a totally  different  thing in Linux i had  to edit some files to make sure IPv6 was disabled . In Windows you can just switch them off  at all you're  connection  points. That is  of course you're IP only uses IPv 4 like mine .

[SURbit]

Seen this topic and was wonder why this couldn't be use in someway to help privacy, stop leaks, add anonymity - possible two hops.

 

Surf the Internet securely with your very own portable WiFi VPN/TOR router. You can configure a Raspberry Pi with Linux and some extra software to connect to a VPN server of your choice. The VPN connection encrypts your internet traffic so that hackers and spies can’t figure out what web sites you are visiting, and the web sites you are visiting can’t tell which computer you are surfing from.

 

Browse Anonymously with a DIY Raspberry Pi VPN/TOR Router

http://makezine.com/projects/browse-anonymously-with-a-diy-raspberry-pi-vpntor-router/

 

Use a Raspberry Pi as a Tor/VPN Router for Anonymous Browsing

http://lifehacker.com/use-a-raspberry-pi-as-a-tor-vpn-router-for-anonymous-br-1682296948

 

Turn a Raspberry Pi Into a Wireless Router

http://lifehacker.com/turn-a-raspberry-pi-into-a-wireless-router-1582672426

 

Raspberry Pi and Routing: Turning a Pi into A Router

http://jacobsalmela.com/raspberry-pi-and-routing-turning-a-pi-into-a-router/

 

Using your Raspberry Pi as a Wireless Router and Web Server

http://www.daveconroy.com/using-your-raspberry-pi-as-a-wireless-router-and-web-server/

 

What ya all think and anybody tried any of these methods ?

 

two hops = Pi router and VPN on Desktop

Maybe three if I use one (VPN) on my Phone too.

EX: phone + Pi router + desktop = 3 hop ?  (all a new concept to me - just wondering)