10-08-2016, 12:10 AM
Preventing DNS Leaks When Using a VPN
A lot of VPN users think they are safe, when using a VPN...but the reality is you have to download some extra protection software and adjust your computer settings, for your VPN to work without any leaks.
I'll explain some steps you can take to prevent DNS leaks.
First of all.
• How do you know when u have DNS leaks:
1 Connect to your VPN
2 Visit this site Leaktest
3 Now take the Extended test
4 Determine if your DNS is leaking, if you are connected to an anonimity/privacy service and ANY of the servers listed below are from your ISP then your DNS is leaking (you should be able to recognize them based on the hostname and location)
Example
Here we have a DNS LEAK
![[Image: bO6OUQL.png]](https://i.imgur.com/bO6OUQL.png)
Here we have NO DNS LEAKS
![[Image: PwFLwb3.png]](https://i.imgur.com/PwFLwb3.png)
• What to do when you have DNS leaks
There are alot of solutions you can try to fix this, we are going to explain a couple of easy fixes.
1) Change your IP address to a static one
Disabling DHCP so when your router reboots your address will remain the same) as well as changing your preferred DNS servers to that of Googles or OpenDNS. Alot of people still use the DNS servers from their ISP...i would NOT recommend this ofcource.
These are some of the DNS servers you can use
Google DNS Servers:
Preferred DNS server: 8.8.8.8
Alternate DNS server: 8.8.4.4
Open DNS Servers:
Preferred DNS server: 208.67.222.222
Alternate DNS server: 208.67.220.220
I will show u the instructions for Windows 7, alot of other OS's uses similar procedures.
First head on over you your Network and Sharing Center which is located on your Control Panel. Alternatively just hit Start and type Network and Sharing. Once there select Local Area Connection.
![[Image: He9qZ5n.png]](https://i.imgur.com/He9qZ5n.png)
Then u want to go to Properties> Internet Protocol Version 4 (TCP/IPv4)> Properties.
I would also recommend to uncheck the Internet Protocol Version 6 (TCP/IPv6) box.
![[Image: a7zsbfr.png]](https://i.imgur.com/a7zsbfr.png)
If you have never touched these settings then by default you will have an IP address automatically set for you by your router via DHCP (Dynamic Host Configuration Protocol) and the DNS servers that you will be using are those belonging to your ISP (Internet Service Provider). These are what we are going to change.
Note
That the choice of DNS servers that you use are completely up to you, although I suggest that u use other DNS servers then your ISP providers. If you are unsure as to what your IP address is currently, just hit the Windows key+R and type cmd into the Run box and hit enter. You will then get the command prompt window open. Now type ipconfig and hit enter. You will find your current IP address, Subnet Mask and Default Gateway (router address)
![[Image: qCQOlmL.png]](https://i.imgur.com/qCQOlmL.png)
Now you have the information that you need, so now we can fill in the details.
In the first part of the Properties window select Use the following IP address button. This will now allow you to make the changes. My original IP address was 192.168.1.76 which I changed the last number to 18. The Subnet Mask will automatically be set for you when you click in the first box (in most cases this is 255.255.255.0) The Default Gateway is the address of your router.
If you find that you get an IP conflict error, simply change the last digit of your IP address to a different one, as another computer or device may be currently using that. This is another reason that I prefer to set static IP addresses on all of my devices where possible
For the DNS server details to be changed, select Use the following DNS server addresses button. I will be using the Google DNS servers. And as i have previous times stated, i suggest you DON'T use your ISP DNS servers.
![[Image: jm8IADW.png]](https://i.imgur.com/jm8IADW.png)
Now hit OK>Close>Close
You can now test to see if you still have any DNS leaks by visiting the DNS Leak Test page
Leaktest
Make sure that you are connected to your VPN and then run the test. You should hopefully not be able to see any information relating to your actual ISP.
If you still have DNS leaks ? Please continue on this journey
2) Executing BATCH file - Automatic Only apply's to OpenVPN
This is a very easy solution to prevent DNS leaks.
Download dnsfixsetup.exe
After installation, when you connect to a VPN server, a batch file will be run executing the 3 steps above.
Three scripts are generated for each OpenVPN configuration file;
configfilename_pre.bat - executed when you initiate the connection but before the connection is established - Calls pre.vbs - If any active DHCP adapters exist, switch to static
configfilename_up.bat - executed when the connection is established - Calls up.vbs - Clear the DNS servers for all active adapter except the TAP32 adapter
configfilename_down.bat - executed after the connection is disconnected - Calls down.vbs - Reconfigure adapters back to their original configuration
3) Manually clearing the DNS
Click the Start button.
Enter cmd in the Start menu search text box.
Right-click on Command Prompt and select Run as Administrator.
Type the following command and press Enter: ipconfig /flushdns
If the command was successful, you will see the following message:
Windows IP configuration successfully flushed the DNS Resolver Cache
![[Image: FAdBURr.png]](https://i.imgur.com/FAdBURr.png)
Test again for DNS leaks!!!
Still no luck ?
4) DNS Crypt
DNSCrypt is a piece of lightweight software that everyone should use to boost online privacy and security. It works by encrypting all DNS traffic between the user and OpenDNS, preventing any spying, spoofing or man-in-the-middle attacks.
You can download DNS crypt package here DNSCrypt
It looks something like this
![[Image: 39P7v0M.png]](https://i.imgur.com/39P7v0M.png)
So, these are some easy ways to prevent DNS leaks, but there are other ways u won't even have to do one of these steps to prevent leaks, and it all starts with picking the RIGHT VPN provider. And thats very simple.
5) Use a VPN client with built in DNS leak protection
![[Image: SFOdmjN.png]](https://i.imgur.com/SFOdmjN.png)
This is by far the easiest way, but unfortunately only a few VPN providers supply this option. Those that do include:
• Private Internet Access
• Mullvad
• TorGuard
But ofcource u can choose your own VPN provider, where you feel comfortable with.
These clients also feature an Internet Kill Switch
Perhaps the simplest way to ensure that no programs access the internet except over VPN, is to use am ‘internet kill switch’ built into your providers VPN client. Choosing this setting in the client’s Settings dialogue will prevent all traffic in and out of the computer in the event of a VPN fail.
![[Image: 7TOnI9N.png]](https://i.imgur.com/7TOnI9N.png)
Unfortunately this is a feature that we don’t see often enough, and of the providers we have reviewed so far, only the following offer this feature:
• Private Internet Access
• Mullvad
![[Image: FTYbRmR.gif]](http://i.imgur.com/FTYbRmR.gif)
Check Out My Free Crypting Service Here
![[-]](https://weleaks.info/images/collapse.png)
