9

As discussed here, a DNS leak is where DNS lookups ignore your current routing (in the example of a VPN connection) and still end up going out over your normal internet connection.

This can obviously lead to the anonymity provided by the VPN (in this example) being undermined and thus tools like DNS Leak Test and IP Leak still report your approximate location in addition to which ISP you use, etc.

How can I protect myself against DNS leaks?

kalina
  • 3,354
  • 5
  • 20
  • 36
  • The website you linked has a guide to preventing DNS leaks. https://www.dnsleaktest.com/how-to-fix-a-dns-leak.html – AlexH Feb 20 '15 at 12:02
  • If you're using a SOCKS proxy (not VPN), you can most often just configure your browser to resolve DNS through it. See [here](http://superuser.com/questions/103593/how-to-do-dns-through-a-proxy-in-firefox) for a FireFox example. – Mints97 Feb 20 '15 at 14:07

2 Answers2

4

You can solve the problem in 2 ways:

  1. DNS Resolver on VPN

    You can install a DNS forwarder on your VPN server (if you have control of the server where it runs), set it to only forward queries coming from the VPN interface and configure your computer to use it.

  2. Forwarding gateway

    You must use two systems: one will act as the router, and route every single connection through the VPN, and the second will use the first as the default gateway.

    This is the way Whonix Linux works, so even if the remote site uses WebRTC to find your local address, it will only get the useless local network address (192.168.0.x).

The first method is easier to implement and easier to maintain. The second one is more secure, as it routes everything using the VPN connection.

ThoriumBR
  • 50,648
  • 13
  • 127
  • 142
0

If the IP packets are able to go outside the VPN tunnel we face a network configuration issue. DNS leak is the situation when you use your ISP DNS servers (or other not trusted DNS) rather than DNS servers from VPN (or other trusted DNS). The problem is that the operating system uses its DNS servers in random order. If you have several network interfaces (WiFI, Network Card, etc) and different DNS server on them then you have no guarantee which DNS server will be used by the operating system. you should use test to be confident https://bash.ws/dnsleak and replace the DNS settings on every interface. The tests you mentioned doesn't test your traffic routes. They shows DNS servers you use. Some people are in panic when they see google DNS in the result of dns leak test, but some people are ok with it.

vadim_hr
  • 101
  • 1