PCsuggest

What is DNS leak ? How to detect and fix DNS leak in Linux

Updated - by

Are you crazy about protecting your online privacy ? Or leaving with a censored internet ? Or want to download some copyrighted material over torrent without informing your ISP ? Then you must know about DNS leak.

So you are using a VPN service or other anonymity services like tor , I2P, proxy servers etc. etc.  But still your ISP could track your online activity pretty easily. How ? If your DNS quarries are leaking or VPN connection is not properly configured.

In this tutorial we are going test DNS leak in Linux and fix DNS leak problem. Before going further, lets talk about the basic things.

What is DNS leak ?

  • DNS is the short form of Domain Name System, somewhat like a internet phone book. Which is responsible for resolving a IP address associated with a particular domain name. Like resolving the domain name www.google.com will return IP address 216.58.196.100 (may be different).
  • But If you are using a VPN, every request must be routed through that VPN tunnel including DNS quarries. Why ? to protect yourself from the prying eyes of your ISP, as most ISP deploy their own DNS servers to monitor user activity.
  • So, what is the problem ? After connecting to the VPN some applications, mostly web browsers still continue the use of your ISP default DNS servers instead of using the VPN's DNS server. This  is  the VPN DNS leak problem. At this point, there is no advantage of using a VPN, as your every online activity is going to be logged by your ISP.
what is dns leak

How to detect DNS leak?

There's an online DNS leak checker named DNSleaktest.com , where you could check for DNS leak very easily. Go to that site and click on the Standard test or Extended test button what ever you like and check the results.

If there is any result with a IP address related to your real IP and ISP default DNS servers that means your DNS is leaking.

There is another online tool to check dns leak, dnsleak.com , you may try this one too.

How to know what is your ISP's default DNS server in Linux?

There is no generic rule of knowing that, as everyone does not connects to internet in same way and same technology. In Linux this could DNS server address are managed by the /etc/resolv.conf file, this may be a static or dynamic file, depends how you configured your system. So looking at the /etc/resolv.conf file, this may give you a overview.

How to fix Linux DNS leak problem?

After doing a vpn dns leak test, how to fix it ? This answer also varies from user to user, depends upon many things like operating system, type of anonymity service you are using (VPN/Tor/Proxy), which software you are using etc .etc.

If you are using a VPN service every moment, the most suitable answer is do not use a default DNS server at all, let the VPN server take care of your DNS requests. By doing this, you will acquire only an IP address from your ISP and no DNS server to connect the internet, you will have full control on your DNS requests.

  1. If you are using Network Manager to connect internet in Linux, this setup could be done very easily. Open Network Manager connection editor and edit your connection profiles and change IPv4 method to Automatic (Only address) or manual method  and leave the DNS field blank.
    dns leak test no dns server nm
    With this settings, the system will not acquire any default DNS server address, now connect to the VPN and enjoy private internet access.
  2. If you want a temporary fix in Linux, simply make your /etc/resolv.conf file blank and connect to the VPN server. To do this, look at the commands bellow. 
    su -c 'echo '' > /etc/resolv.conf'

    Now connect to the VPN service.

  3. Another alternative method, you could use other third party DNS servers like Google Public DNS , Open DNS or OpenNIC DNS . Just follow the first step and put your preferred DNS server address instead of leaving them blank.
    google DNS dns leak test
    Put 8.8.8.8 and 8.8.4.4 separated by a comma for using Google Public DNS .

Other third party DNS servers to prevent dns leak

OpenNIC

  1. 192.71.247.247
  2. 111.67.16.202
  3. 103.25.56.238
  4. 111.223.227.125
  5. 119.252.20.75
  6. 108.61.213.134

OpenNIC DNS servers Do not keep any log, this is an distinct advantage over other.

Open DNS

  1. 208.67.222.222
  2. 208.67.222.220

Another very popular free and secured DNS server.

Conclusion

So, that's it, just make sure to check your DNS leakage and protect your anonymity. If you have any suggestion or question about DNS leak in Linux, just drop a comment. Any kind of feedback is also very important to us.

Your comments

  2. Zhang says

    Thank you, it helped me alot.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.