You might have come across VPN services boasting of DNS leak protection a lot of times. Since it is mentioned so often, people realize that it must be something related to online privacy and security.
Well, it turns out that it’s not so difficult to understand the concept of DNS leak. For one to understand what a DNS leak test is, they need to know what DNS is and what are its functions.
Back in the days when there were no instant messaging apps, and the internet still hadn’t replaced most forms of communication and media, people used to mail letters to friends, relatives, and other folks they wanted to reach out.
I don’t know who might be reading this, but the chances are that some of our readers might even be oblivious of the mailing system, hence the explanation.
Now imagine if your grandpa was sending a letter to his mother, and instead of mentioning the address on the envelope, he wrote ‘My mom’s house.’
Assuming that your grandpa was not such a popular figure that people knew where his mom’s house was and no one in the postal department knew him so well to know his mom’s address, then you can be sure that your great grandmother kept waiting for that letter.
The postal system identifies houses by street names, zip codes, house numbers, and other similar attributes rather than knowing where Steve’s mom lives.
Same is the case with the internet. If you consider all the websites as houses with some address, DNS (domain name system) is the place where all these addresses are stored. These addresses are not saved the way you type in the URL of a website on the address bar.
Instead, each website has an IP address attached to it. It consists only of numbers and dots. Since it is difficult for us humans to remember so many complex numbers, we leave it up to the DNS to take care of it.
So, when you type in www.google.com, the browser asks the DNS to find the IP address for the entered URL, which results into you reaching the destination site. The whole process of the browser generating a DNS request, and you reaching to the intended website, takes place in the blink of an eye.
However, the request goes through a series of servers before the browser finally gets to know the actual IP address of the website.
The request first goes to a recursive name server. This might be your internet service provider, or one can opt for public servers such as the ones from Google and Cloudflare. In the subsequent sections of this article, you will realize that this is the only step where all the leaking may happen, or where your privacy is at the highest risk.
If the recursive name server hasn’t got the IP address stored for the URL, then the request is sent to one of thirteen root servers. Staying true to our mailing analogy, you can consider this step as identifying the city and state mentioned in the address.
Root servers take care of sorting TLD (top-level domains) such as .com, .org, and .co. The root server points toward the appropriate TLD server, which is equivalent of locality or street name mentioned on the address.
The final step would be the TLD server, pointing towards an authoritative name server. You can consider this step as finally locating the home address.
Even though it may seem to be such a long process, it doesn’t take much time. And to make it even swifter, the recursive name server, as well as your computer, will store the IP address of the website. Therefore, the next time you enter that address, the whole process of redirection from one server to another will be easily bypassed.
If we are to boil down all this literature into easily digestible bite-sized chunk then, DNS are directories for identifying the IP address of websites against the URL you enter in the browser.
Without DNS, we all would’ve been adding a bunch of numbers in our browsers instead of adding easy to remember web addresses such as www.vpncrew.com.
What is DNS leak?
Remember the first step of the process in which the request goes to recursive name server? Internet service providers usually maintain the recursive name server.
When you connect to a privacy network such as VPN, you expect that no third party will be able to make out what is it that you are doing on the internet. In case of a DNS leak, all the URL lookups or requests you initiate go through recursive name servers, usually maintained by ISPs.
With the requests being redirected this way, the ISPs will be able to know what sites you are visiting. They will still not be able to make out what is it that you are exactly doing on that website, but it is still a mighty blow to one’s online privacy.
There is no particular reason as to why this leak happens. Sometimes, it can be because of lousy web surfing practices, the inefficiency of VPN services, because of the operating system on your device, ISP’s aggressive policies, etc.
A VPN redirects all the user’s internet traffic through a secured tunnel, keeping it safe from the prying eyes of internet service providers, government, and cybercriminals.
In case of DNS leak, the traffic will still be routed through a secure and encrypted tunnel, but the leak would let the recursive name server, and therefore its owner knows where the tunnel is heading.
One of the reasons for this leak can be the user continually switching from one network to another. It might lead to the device locking onto a particular server. It is highly likely that this server would belong to your ISP, and therefore all your destination websites can be logged without you knowing about it.
Another reason can be the use of transparent DNS proxies from the ISP. It allows them to intercept all your DNS queries, and therefore know about your destination websites. It detects any change in the DNS settings, and then use a proxy server to retain control on the flow of all the lookups.
It is usually one of the roadblocks when someone tries to redirect traffic through pubic DNS servers or private servers.
If you are using Windows 8 or above on your device, then you are highly likely to encounter a DNS leak. It is because of the implementation of SMHNR (Smart Multi-Home Named Resolution) feature.
The feature was introduced to improve browsing experience and speeds, but the method it uses to do so is not so privacy-friendly. It sends out DNS requests to all the available DNS servers and accepts responses from the fastest one.
With SMHMR, users are prone to even more DNS related issues, compared to just the ISP getting to know about the user’s browsing activity. Some malicious servers may redirect you to websites which may be identical to the website you intended to browse and make you submit some of your personal information or commit some monetary fraud.
Another possible way of leak can be IPv4 and IPv6 issues. You might have noticed that DNS leaks and IPv6 are usually discussed together, especially with VPN services. IPv4 and IPv6 are different ways to store IP addresses of websites; the one DNS looks up for when you enter the web address in the browser.
IPv4 contains four groups of numbers with a max of three digits in a group. The exponential growth of the internet has led to a situation where the majority of the IPv4 addresses are occupied. Therefore, the need for another form of IP addresses was felt, which led to the introduction of IPv6. It contains alphabets and allows for more characters.
The online world is going through a transition right now with websites having addresses in both the formats. When the website you need to access has an IPv6 address, but the VPN you use doesn’t support IPv6, the browser has no way but to look for the address on ISP servers.
Even though underlying issues are different, they end up causing the same problem. The upcoming sections will include the part where we will figure out the solution to this problem, as well.
Why should you care about a DNS leak?
Apart from the last case we mentioned in the review, DNS leak may not seem much big of an issue to a lot of users. However, those who are using or planning to use a VPN service may be knowledgeable enough to appreciate the seriousness of this issue.
Others may not see any harm in ISPs keeping track of the websites they are visiting. Some may argue that they have got nothing to hide, so it doesn’t matter if the service provider maintains a log of their activity.
There may also be some who would argue that nothing substantial can be done against them with just the address of websites they visit.
Let us start by tackling the first line of thought. It is a common perception that people should feel the need to hide their browsing activities only when they are doing something fishy on the internet.
This couldn’t have been farther away from the truth. The fact is that the online ecosystem is not as safe as it used to be. Even though websites try to imply heavy safeguards and laws are being created against cybercrimes, the ways in which you can be conned on the internet are way too many even to remember what can go wrong.
And it is not just the cybercriminals that you need to worry about; there are government agencies trying to keep a ledger of everything and anything you do on the internet. The word ‘private’ means nothing with such penetrative surveillance from government bodies.
And finally, there are our beloved Internet Service Providers, who would not hesitate even once to trade away all your personal information for whatever they can make from it. Your personal information will then be used against you in a variety of ways.
It will be used to manipulate your decisions, or some undue advantage will be taken of the knowledge of your needs. Even discussing all the possibilities is like going down a rabbit hole.
And those who think that one can do nothing much by knowing just about the websites you visit, well, they would be surprised to know what kind of profile can be generated from such information collected over time.
The profile may contain some facts that even you were oblivious to. It would be foolishness to underestimate the risks associated with what one can do with such information at their disposal.
There are a lot of DNS testing tools on the internet. There is also a possibility that your VPN service might be providing a free DNS leak check on its website.
Our suggestion would be to not rely solely on results from one website. Since you can check DNS leaks for free, it would be a good idea to try at least a couple of them.
Some of the DNS leak test websites will check only for DNS leak, while there will be some who would include other stuff in the package as well. They can tell you about IPv6 leaks, WebRTC leaks, and a lot more.
Some of the popular DNS leak test websites are dnsleaktest.com, dnsleak.com, and ipleak.net. You will be able to find plenty more avenues to test out your VPN service for DNS leaks.
Here are some of the screenshots of tests conducted on these sites.
The first is from a website called dnsleaktest.com. This one doesn’t tell you directly if there is a DNS leak or not. You will have to see if the results show your IP and DNS location or something different. The have discussed the process under the test results.
The second screenshot is from dnsleak.com. This one will clearly indicate if there is a DNS leak. The results are then backed by some data such as IP address and DNS IP for you to verify the results.
The final screenshot is from ipleak.net. The do more than DNS leak test. You can test for IPv6 and WebRTC leaks too. It may be a bit difficult to know the results at just glance. However, the comprehensive test covers all the bases.
There is a geekier method if you want to check for the leak without using any of these websites. It would involve you sending pings to some trusted servers. You can send the ping using the command prompt, and if the results show your IP address, then you would know that there is DNS leak.
However, there should be no issues when checking for DNS leak on other websites.
Ways to prevent a DNS leak
The issue at hand is not to figure out how to test for the leak, but to figure out ways to prevent it. It is an issue not just for the people who use VPN services, but also for those who prefer public DNS servers over the ones owned by their ISPs.
In the previous section, we mentioned all the different ways in which your DNS might be leaking. The obvious way to prevent a DNS leak would be to prevent those getting yourself in those scenarios.
Since a DNS leak comes into picture mostly when someone is using a VPN service, you need to be cautious while choosing a VPN service. You need to make sure that it will keep your web browsing data away from the prying eyes of ISPs.
If a VPN service is good at taking care of DNS leaks, you can be sure of them talking a lot about it. However, it doesn’t mean that every virtual private network claiming to be free of DNS leaks will stand true to its claims.
You can go through both customer reviews and expert reviews to find out if people came across any issues of such leaks. Majority of VPN services offer a trial run before one subscribes to the service. You should take advantage of free trials and test out the service for leaks yourself.
We explained how IPv6 leaks are a different phenomenon, but they end up causing the same damage as DNS leaks. You can check if the VPN service supports IPv6. Once again, you can go through all the same process to get into the details of this topic.
Sometimes, you may have to manually configure your device to connect to the VPN’s DNS server. The step would ensure that all DNS requests go through a secure server.
You also need to keep in mind that not all VPN services have DNS servers of their own. Instead, they use public DNS servers. These servers are not the like your local DNS servers owned by your ISP, but they are not as safe or secure compared to the ones owned by a reliable VPN service.
Google and Cloudflare networks offer public DNS servers. If your private network connection is using one of the public DNS servers, all your browsing data goes to the company owning those servers. It might not be as bad as letting your ISP get a hold of that information, but you can’t be sure if that data will not be mishandled.
We would suggest you go with a VPN service which owns a DNS server rather than relying on public DNS servers.
There is a reason why OpenVPN is the most preferred protocol of people using VPN services. Not only it provides superior speed and security over other protocols, but it can also help in mitigating the DNS leak issue as well.
We would suggest our readers to try using OpenVPN protocol instead of the other ones. Another advice would be to keep conducting DNS leak tests regularly. It is not necessary that if you are not leaking DNS now, then you won’t leak it in the future. One can’t leave the guard down when it comes to online security.
Why VPN should do more than DNS leak prevention?
While we are at the topic of VPNs which take care of DNS leaks, there are a lot of other things that you need to keep in mind while looking for a VPN service. If one is specific enough to take care of DNS leaks, then other bases should be covered as well.
The whole idea behind stopping the DNS from leaking is that the ISPs should not even get to know what websites you are visiting. But when you use a VPN service, all the information about your browsing activities is redirected through VPN servers.
In an ideal case scenario, the VPN servers will not store any of your information. But if the service provider has got any other plans, then it would fail the whole purpose of subscribing to a private network in the first place.
You need to ensure that they follow a strict no-logs policy. It would imply that they do not store information about your online activities. Nothing personally identifiable, and nothing which can help create your profile.
You will find VPN services claiming to follow a no-logs policy, but they might be storing your IP address or information about the websites you visit. You need to carefully go through the privacy statement of any VPN service you plan of using. Looking on the internet for events related to the service sharing information about its users can also help in this case.
The jurisdiction is a critical factor too. You don’t want the VPN service to be based in a country where it is directed by the law to store user’s online activity, or in a country where the government hasn’t got a good reputation when it comes to snooping on its citizens.
The next consideration would be the server network. All your internet traffic would be redirected through VPN servers. The distance between you and the server you are connected will affect the kind of speed you get. The server density will also have a role to play in this case.
A private network, having a lot of servers located all around the globe, should do the trick. There can be a few exceptions, such as when you find a quality VPN service with only a handful of servers. If those servers are in a region close to you such that you get some quality browsing experience, then you may consider getting that service.
A VPN service encrypts all your internet traffic and then routes it through secure protocols, usually referred to as tunnels. The tunnel is there to protect your traffic from the monitoring by third parties.
The protocols provided by the network to route your traffic should be secure enough for you to trust it. OpenVPN happens to be the most optimum VPN for most of the use cases. Usually, VPN services will offer more than one protocol, and you need to ensure that OpenVPN is one of them. It becomes even more critical if DNS leak is one of your concerns.
Encryption obfuscates the content of your online traffic so that no one can read the contents of it. So, even if someone can tap into your online traffic, she would not be able to make out what are you doing on the internet.
AES 256-bit is the most advanced encryption available out there on VPN services. Surprisingly, the majority of them come loaded with the option of AES 256-bit encryption. This encryption is so sophisticated and robust that it might not even hurt you to even settle with options just a notch below this one.
AES 128-bit encryption is also almost impenetrable encryption. It does not take as high of a toll on your device and allows you to enjoy better speeds even when connected to an encrypted network.
Make sure that one of the two encryption options are available on the network.
The encryption and routing of internet traffic affect your internet speed. The encryption requires some processing. Heavier encryptions are preferred for better security, and heavier encryptions are more resource-intensive compared to others.
Similarly, routing requires your internet traffic to go through VPN servers instead of going directly to the intended servers. This introduces latency in the connection and takes away some of the capabilities of your high-speed internet connection.
The reduction in speed and the latency in your connection will vary from one VPN service to another. Some services are better at coping with such issues, while the others will tell you that you need to sacrifice speed for security.
You need to be smart when choosing VPN services. Choose the one which provides better internet speed but without compromising with your online security. There are quite a few VPN services which do exactly the same.
Finally, you may want to pay attention to some of the miscellaneous services which align with your personal preference.
For example, you can go for a VPN service which is good at bypassing regional restrictions and firewalls, if you are into streaming a lot of online content and are always on the move.
Some VPN services are good at being available for several devices, and you may find one of your preferred devices in their list too.
We don’t think that you will run into any problem if you take care of all the factors mentioned in this section.
Top VPNs which don’t leak DNS
If you don’t want to go through the hassle of finding a VPN service which doesn’t leak DNS queries and is excellent in other areas too, then here are our top five recommendations. You can pick the one which suits your needs the best
1. NordVPN
More Info: Read Review | Sign Up Free Trial!
NordVPN is one of the table toppers in most of the top VPN list. The Panama based VPN service keeps all bases covered and provides its users with a safe online ecosystem, in which they can explore the internet without any fear and restrictions.
They have more than 5000 servers around the globe, strategically located in 60 countries. 5000 is a mind-boggling number when it comes to servers owned by a VPN service.
With such a vast and extensive server network, they are a good choice for people living in all the continents. It is highly likely that you will find one of their servers close to your region.
You can expect latency issues to stay at bay, and since they have so many servers, one can also strike out traffic bottleneck issues.
It is not just the server network which impressed us on NordVPN, they tick all the boxes in a checklist for an excellent private network service.
There are multiple protocol options, you can easily use it across a number of platforms and devices, it provides the best possible encryption, and so much more.
2. CyberGhost
More Info: Read Review | Visit Website
Using CyberGhost is one of the best ways of staying safe on the internet. It will keep away all the snoopers trying to get their hands on your valuable browsing activity. It hides away your IP address, making it impossible for websites and services to trace the activity to your location and keeps you anonymous.
The available security measures include AES 256-bit encryption, which is virtually impossible to decrypt without the key, multiple protocol options including OpenVPN, a strict no-logs policy, and much more.
The service is based in Romania, a country with no mandatory data retention laws and a place which allows individuals and governments to exercise privacy.
CyberGhost has a huge server network with servers in sixty countries. It includes servers dedicated to specific services such as streaming and torrenting. Their presence makes things so much easier for a user.
With CyberGhost, you can stay protected when connecting to open public Wi-Fi networks such as the ones on cafes and airports. It works on a majority of platforms and devices, and there is always an option to use it with a router to keep all your devices protected.
3. ExpressVPN
More Info: Read Review | Visit Website
ExpressVPN is like the rockstar of VPN services. It has all the flash and bling that appeals to users.
It is based in the British Virgin Islands, which brings in the controversy, which is usually related to rockstars. However, it is incredibly difficult for one to find flaws in this service.
The server network of ExpressVPN covers a good part of the globe. They have servers in more than 90 countries. The server locations amount to 160, which is jaw-dropping when compared some of the other players in the game.
You can expect a high-speed internet connection even when connected to the network. ExpressVPN is particularly good at getting through regional restrictions and censorships. When you combine it with the high speeds that you get on the service, then you will have a great way of streaming high-quality content from around the world.
The security is top-notch with AES 256-bit encryption and multiple protocol options. They do not maintain any connection logs, and you will not have to worry about DNS leaks, as well.
The internet kill switch ensures that none of the traffic is routed through a regular connection in case the VPN connection drops.
4. Perfect Privacy
More Info: Read Review | Visit Website
Perfect Privacy is, without a doubt, the most advanced VPN services present out there. They have some of the most innovative and exclusive features when it comes to keeping users safe on the internet.
Even the regular features come beefed up on Perfect Privacy, allowing one to feel more secure when connected to this network.
Their Swiss jurisdiction goes well with their goal of keeping user’s data private. It doesn’t compel them to store user’s browsing data and activity, and they have a strict no-logs policy on top of it to serve in the user’s interest.
One of the features worth mentioning is NeuroRouting. This feature uses artificial intelligence to make sure that the user’s traffic is routed through the private servers for as long as possible. It significantly reduces the chances for any snooper to try and compromise user’s internet traffic for the short while for which it is exposed.
They have added more flare to the usual kill switch on a VPN service. You will find a multi-level kill switch on Perfect Privacy.
Cascading allows the user to connect to up to four VPN servers. Each server adds up to the security and beefs up the already secure connection. You will not have to worry about IPv6 as well as DNS leaks when connected to this network.
5. IPVanish
More Info: Read Review | Visit Website
IPVanish is a US-based VPN service, which might turn a lot of heads in the room because of the controversial jurisdiction. Even though IPVanish has its jurisdiction in one of the 5-Eyes countries, it has so many striking features which make it tough to ignore it.
Let’s start with the vast server network. They have servers in 60 countries around the world and have more than 1000 servers under their belt. The server network is good enough to serve the needs of most users connecting to the network.
It provides the option of 10 simultaneous connections, which is very impressive compared to the usual average of 5 for other VPN services.
The AES 256-bit encryption and multiple protocol options take care of the security side of things. You will not encounter a significant decrease in speed, even with all these measures to secure the connection.
There are proxy services to bypass firewalls and censorships. You will get the option to connect a good range of platform and devices to the network.