When using an anonymity or privacy service, it is extremely important that all traffic originating from your computer is routed through the anonymity network. If any traffic leaks outside of the secure connection to the network, any adversary monitoring your traffic will be able to log your activity.
DNS or the domain name system is used to translate domain names such as "www.privacyinternational.org" into numerical IP addresses e.g. 123.456.78.90 which are required to route packets of data on the Internet. Whenever your computer needs to contact a server on the Internet, such as when you enter a URL / Domain Name into your browser, your computer contacts a DNS server and requests the IP address. Most ISPs assign their customers a DNS server which they control and use for logging and recording your Internet activities.
Under certain conditions, even when connected to the anonymity network, the operating system will continue to use its default DNS servers instead of the anonymous DNS servers assigned to your computer by the anonymity network. DNS leaks are a major privacy threat since the anonymity network may be providing a false sense of security while private data is leaking.
The solution is to ensure that once connected to the anonymity network, you are using ONLY the DNS server/s provided by the anonymity service. As this problem affects predominantly Windows clients, only solutions for Windows appear next.
Three basic steps to fix the problem:
- Before connecting to the VPN, set static IP address properties if you are using DHCP
- After connecting, remove DNS settings for the primary interface
- After disconnecting, switch back to DHCP if neccessary or reapply original static DNS servers
If you are using a VPN service based on OpenVPN on Windows XP/Vista/7/8.1/10 then a fully automated solution is available:
- Download - (md5 checksum: f212a015a890bd2dae67bc8f8aa8bfd9)
- After installation, every time when you connect to a VPN server, a batch file will be run executing the 3 steps above.
Bookmarks