SecureMac, Inc.

Computer security news. Just for Macs.

Get the latest computer security news for Macs and be the first to be informed about critical updates. Industry news, security events and all you need right at your fingertips. Malware threats change daily, so keep up to date on the latest developments to help ensure your privacy and protection. You can never be too safe.

What is a DNS leak?

Posted on June 9, 2020

VPNs offer you security and privacy, ensuring that no one (not even your ISP) can see what you’re doing online. But there is a security flaw known as a “DNS leak” that can reveal all of your web activity to your ISP — even if you’re using a VPN!

In this short article, we’ll try to answer some common questions about DNS leaks, explaining what they are, how to check for them, and how to avoid them.

What is DNS?

DNS stands for Domain Name System. It’s the mechanism by which human-readable domain names (like “google.com”) are translated into the numeric IP (Internet Protocol) addresses that computers use.

When you type “google.com” into Safari, Firefox, or some other web browser, the browser first needs to translate that domain name into an IP address so that it can contact the proper server. In the case of Google’s homepage, that IP address is 172.217.31.110. But how does your browser know that?

In order to find the correct IP address for a given domain, the web browser contacts a DNS server — a specialized server that maintains records of which IP address correspond to which domains. The DNS server tells your browser which IP address it should be talking to, and data transfer begins.

What is a DNS leak?

Typically, your browser will contact a DNS server owned by your ISP (Internet Service Provider) in order to look up an IP address. But of course, that means that your ISP will know what website you’re trying to contact — after all, your browser just asked its DNS server to look up the IP address for “google.com”!

When you use a VPN, all of your browser’s DNS lookup requests should be made to a DNS server owned by the VPN company, instead of one belonging to the ISP. This keeps your web activity private — so that it’s just between you and your VPN. 

At least, this is what should happen. However, sometimes something goes wrong. Even though your VPN is enabled, your browser still sends a DNS lookup request to the ISP’s DNS server — which lets your ISP see (and potentially record) your private browsing activity.

Do I have a DNS leak?

If you have a DNS leak, you probably won’t be able to tell right away. Your VPN will appear to be connected to one of its servers, and nothing will seem to be out of the ordinary. But behind the scenes, your browser is making DNS lookup requests to the ISP’s DNS servers — which means that they can see every move you make online.

The good news is that it’s pretty easy to test for DNS leaks. There are many free, web-based services (for example, dnsleaktest.com and ipleak.net) that will tell you if you have a leaky VPN. To run a test, first connect to your VPN and select one of its VPN servers. Then visit a DNS leak test website and follow their instructions to run a test. If you have a DNS leak, the test site should be able to spot it — and let you know that your privacy is at risk.

How to avoid DNS leaks

DNS leaks can be caused by a number of things. Some of the most common of these include:

  • Manually setting up your VPN with improper configurations
  • Substandard VPN providers that don’t operate their own DNS servers
  • Malicious actors interfering with your router
  • Using the newer IPv6 Internet Protocol if your VPN provider doesn’t support it (or if they don’t automatically disable it for you) 
  • Certain native features of the Windows 10 operating system that increase speed at the expense of privacy

Some of these issues are easy to troubleshoot on your own; others can be quite complex. For most users, the best way to avoid DNS leaks is to choose a reliable VPN provider that offers the following:

  • Multi-platform support (macOS, Windows, Linux)
  • Dedicated DNS servers with a strict no-logs policy
  • Built-in DNS leak prevention features
  • Full technical support for customers

By going with a reputable, full-featured VPN, you greatly decrease your chances of suffering a DNS leak. Of course, that doesn’t mean you should blindly trust your provider: Be sure to perform periodic leak detection tests on your own as described above. But if you do spot a leak, using a quality VPN service means that you will be able to count on knowledgeable support teams to help you troubleshoot and resolve any issues.

Join our mailing list for the latest security news and deals