What is DNS leak ? How to detect and fix DNS leak in Linux
Are you crazy about protecting your online privacy ? Or leaving with a censored internet ? Or want to download some copyrighted material over torrent without informing your ISP ?
So you are using a VPN service or other anonymity services like tor , I2P, proxy servers etc. etc. But still your ISP could track your online activity pretty easily. How ? If your DNS quarries are leaking or VPN connection is not properly configured.
In this tutorial we are going test DNS leak in Linux and fix DNS leak problem. Before going further, lets talk about the basic things.
What is DNS leak ?
- DNS is the short form of Domain Name System, somewhat like a internet phone book. Which is responsible for resolving a IP address associated with a particular domain name. Like resolving the domain name www.google.com will return IP address 184.108.40.206 (may be different).
- But If you are using a VPN, every request must be routed through that VPN tunnel including DNS quarries. Why ? to protect yourself from the prying eyes of your ISP, as most ISP deploy their own DNS servers to monitor user activity.
- So, what is the problem ? After connecting to the VPN some applications, mostly web browsers still continue the use of your ISP default DNS servers instead of using the VPN’s DNS server. This is the VPN DNS leak problem. At this point, there is no advantage of using a VPN, as your every online activity is going to be logged by your ISP.
How to detect DNS leak ?
Hidester provides an one stop solution to detect DNS leak, WebRTC leak and browser fingerprint with an elegant user interface.
- DNS leak detection https://hidester.com/dns-leak-test/
- WebRTC leak detection https://hidester.com/webrtc-ip-leak-test/
- Browser fingerprint testing https://hidester.com/browser-fingerprint/
There is another nifty online DNS leak checker named DNSleaktest.com , where you could check for DNS leak very easily. Go to that site and click on the Standard test or Extended test button what ever you like and check the results. If there is any result with a IP address related to your real IP and ISP default DNS servers that means your DNS is leaking.
There is another online tool to check dns leak, dnsleak.com , you may try this one too.
How to know what is your ISP’s default DNS server in Linux?
There is no generic rule of knowing that, as everyone does not connects to internet in same way and same technology. In Linux this could DNS server address are managed by the /etc/resolv.conf file, this may be a static or dynamic file, depends how you configured your system. So looking at the /etc/resolv.conf file, this may give you a overview.
How to fix DNS leak problem in Linux ?
After doing a vpn dns leak test, how to fix it ? This answer also varies from user to user, depends upon many things like operating system, type of anonymity service you are using (VPN/Tor/Proxy), which software you are using etc .etc.
If you are using a VPN service every moment, the most suitable answer is do not use a default DNS server at all, let the VPN server take care of your DNS requests. By doing this, you will acquire only an IP address from your ISP and no DNS server to connect the internet, you will have full control on your DNS requests.
- If you are using Network Manager to connect internet in Linux, this setup could be done very easily. Open Network Manager connection editor and edit your connection profiles and change IPv4 method to Automatic (Only address) or manual method and leave the DNS field blank.With this settings, the system will not acquire any default DNS server address, now connect to the VPN and enjoy private internet access.
- If you want a temporary fix in Linux, simply make your /etc/resolv.conf file blank and connect to the VPN server. To do this, look at the commands bellow.
su -c 'echo '' > /etc/resolv.conf'
Now connect to the VPN service.
- Another alternative method, you could use other third party DNS servers like Google Public DNS , Open DNS or OpenNIC DNS . Just follow the first step and put your preferred DNS server address instead of leaving them blank.Put 220.127.116.11 and 18.104.22.168 separated by a comma for using Google Public DNS .
Other third party DNS servers
OpenNIC DNS servers Do not keep any log, this is an distinct advantage over other.
Another very popular free and secured DNS server.
So, that’s it, just make sure to check your DNS leakage and protect your anonymity. If you have any suggestion or question about DNS leak in Linux, just drop a comment. Any kind of feedback is also very important to us.