We often use VPNs and DNS systems to stay anonymous on the internet, however, most of the time, the free VPN apps, and free DNS servers do more harm than good. A leaked DNS can reveal your online identity, making things difficult for you if your information gets compromised.
IBM estimates that cybersecurity theft will cost USD 10.5 trillion annually by 2025. That’s almost equal to 2 countries’ combined GDP. This emphasizes the importance of using a cybersecurity system that is strong enough to protect your online identity and ensure that you stay anonymous for every nano-second you spend on the internet.
I may not go deeper into technical jargon to confuse you, as my goal is to help you prevent DNS leak while using the internet, i had a word with some fellow cybersecurity experts to help me understand what practices we can incorporate other than using a solid VPN service like Surfshark VPN, to keep our identity secure.
What is a DNS Leak?
A DNS leak happens when the DNS requests are not routed through your VPN’s encrypted tunnel but directly sent over to your internet provider’s DNS server, which then exposes your actual IP address, thus revealing your identity.
In layman’s terms, a DNS leak is like sending your ATM pin on a postcard rather than sending it in a sealed letter, anyone can read it. DNS leaks can compromise your browsing history, and allow third-party apps to track your information and every damn move.
Businesses experience more than seven DNS attacks every year, which cost an average $950k, and this not only increases the importance of having a robust security system but also managing it efficiently throughout the time.
Moreover, with the increasing adoption of DNS tunneling techniques by cybercriminals (up by 41% in recent years), the stakes are higher for anyone who uses the internet for sensitive activities.
As now you know a tidbit of DNS leaks, let’s jump to the methods that can help you prevent that.
5 Methods to Prevent DNS Leak: Expert’s Recommendations
1. A Reliable VPN
Yes, as you might have expected, this is my first tip because a reliable VPN is the best solution to prevent DNS leak. If you are still using a free VPN to save money for an extra cheeseburger, please stop.
A reliable VPN provider will offer you the best quality service, and various locations such as:
- USA
- Canada
- Japan
- Australia
You can log into multiple devices, prevent, and enjoy various other features like killswitch, which disconnects the user from the internet just in case the VPN connection gets interrupted. Free VPN providers do not offer such features, as these features require a lot of money for development.
2. Manually Configure Your DNS Settings
Another recommendation to prevent DNS leak is to manually configure your device to use a DNS server that’s popular for its security, and data protection. One of the most popular DNS services is offered by Google [8.8.8.8. and 8.8.4.4) or the one offered by OpenDNS (208.67.222.222). There are several guides available on YouTube that can help you set up these custom DNS on your devices like macOS, Windows, Android, etc.
3. DNSCrypt or DNS over HTTPS (DoH)
For those who can understand the complexity of using tools to take a big step and prevent DNS leaks, I suggested using DNSCrypt and DNS over HTTPs are protocol that encrypts your DNS requests through a secure tunnel and stops unwanted interception of malicious miscreants.
To get started, visit the DNScrypt website and follow the process required for your preferred operating system. At first, it might seem confusing, but there are several video tutorials available on YouTube.
4. Configure a Firewall to Block Non-VPN Traffic
Firewalls can effectively help you to block outgoing traffic that is not passing through your connected VPN service. You can set up firewalls either on your router or personal computer, however, your router must support adding custom firewalls, which is mostly an inbuilt feature in modern routers.
For a Windows system, you can use “Windows Firewall tools” to manage the firewall and configure it to ensure that no DNS request leaves your device without security. You can even configure a kill switch on Windows, I found this helpful guide which you can read and understand the process in depth.
5. Disable Teredo on Windows
Did you know Teredo on Windows can cause DNS leaks? I bet you did not, even I was unfamiliar with this until one of my cybersecurity expert friends told me why he recommends turning off Teredo on Windows.
In a nutshell, teredo is a protocol used by Windows to seamlessly transfer data packets and communicate with iPV4 and IPv6 devices. During the process, some network packets exchanged may not pass through a secure tunnel, which may lead to a DNS leak.
The process to do so is quite simple, a few commands and you are good to go. I have added a step-by-step guide below, the commands are highlighted.
Follow the below steps to disable Teredo on Windows:
- Start Windows.
- Log in if necessary.
- To display Teredo status:
- Open command prompt [admin access necessary].
- Type netsh interface teredo show state and press Enter.
- Observe the Teredo status.
- Type netsh interface teredo set state default and press Enter.
- Use ipconfig to display Teredo settings.
- Type netsh interface teredo set state disabled and press Enter.
- Use ipconfig to confirm that Teredo was disabled.
- Close the command prompt to complete this activity.
Wrapping up
Preventing DNS leaks is important as you wouldn’t want to compromise your online security. Our internet usage is not just limited to information consumption but also safeguards the private information that can be used against us someday.
While modern-day ISP providers try their best to offer robust security protocols, the chances of leaked DNS may not end there. Therefore, deploying some strong measures by yourself is crucial and you should be proactive on this.
We shared several easy-to-follow methods that are useful for someone who does not know a lot about technology. A reliable VPN service may end your work, but if you still need to deploy the suggested measures, there’s no harm to do so.
