DNS leaks are security vulnerability that is specific to Microsoft Windows operating systems. DNS leaks can cause your true IP address (or at least your ISP’s address) to leak out into the open without your knowledge, even when using an encrypted VPN. If you just access the internet through your standard connection via your ISP (Internet Service Provider), your computer will be told to use your ISP’s DNS servers. This means that all lookup requests will go through your ISP unless you manually specify otherwise.
When connected to a Virtual Private Network, your computer will be told by the VPN to use their secure DNS servers that are different from the ones assigned to you by your ISP. However, due to security flaws inherent in windows OS, your computer can actually mistakenly use the wrong DNS servers, thus exposing your true IP address to the website you are visiting.
DNS stands for Domain Name Server. Any time you type a web address in your browser bar, a request is sent to a Domain Name Server. This server matches domain names to IP addresses where the website is actually hosted. The DNS then tells your browser which IP address to go to in order to load the website you have requested.
DNS leaks can be caused (or induced) by a variety of factors. Something as simple as a website delaying its response to your computer can cause a windows machine to switch to the unsecured DNS servers. This is the technique utilized by many malicious websites to cause DNS leaks and expose private user information.
To prevent DNS leaks is to switch to secure DNS like OpenDNS or Google DNS and disable IPv6 Protocol of the respective adapters(wifi or wired). As long as your real location is not revealed in the DNS tests you are safe.
Step 1: Disable IPv6 Protocol
Step 2: If you are using OpenVPN GUI version 2.3.9 or higher then simply edit the configuration file and add this command “block-outside-dns” and save the configuration file by following the screenshots mentioned below:
A- Run the OpenVPN GUI as “administrator”.
B- Right click on the OpenVPN GUI icon in the system tray and hover the pointer to any of your desired location.
C- Now select “edit config”.
D- Now simply enter this line “block-outside-dns” below “</ca>” and save the file again.
E- You are now done and can proceed to using OpenVPN. However, this OpenVPN configuration will work in cases where you have static DNS bound in your network adaptor(wifi or wired) and you cannot use internet without the static DNS. This command will overwrite priority of static dns over dynamic dns and hence allow connection be established and also prevent dns leaks.
If you are using OpenVPN on windows XP/Vista/7 then an automated method is also available. Click here.
After installation a batch file will execute that will do the job for you.
Step 3: Alternate solution is to clear DNS manually via Command Prompt.
5. Disable the DNS configuration for the interface identified in step 1
netsh interface IPv4 set dnsserver “Local Area Connection” static 0.0.0.0 both
You are now done.