ISPs and especially DNS servers can keep tons of data about their users and store information about which IP addresses made original requests to any hostname on the Internet. If your public DNS provider is able to monitor and store this information in their servers forever, then you invite the huge risk of a DNS leak.
A DNS leak is the act of monitoring, storing and filtering your DNS traffic at ISP level -- by inspecting the public DNS servers you use to resolve internet hostnames into IP addresses.
Here’s how it works:
- Open up your browser.
- Type “Twitter.com”.
- At this point, your ISP DNS servers will store a record in their servers with this activity:
- The originating computer IP (yours).
- The target hostname.
- The target server IPs.
In other words, a DNS leak is a security problem between your computer and the DNS resolvers, one that affects your online privacy because all queries are sent using an unencrypted DNS request over the network.
In a world with net neutrality, users shouldn’t be worried about whether their browsing activity is being inspected or not. As a user, you should have the freedom to browse and contact different kinds of websites and online services without any concern about DNS leaks.
That is no longer the case. But even if net neutrality is over, there are ways to prevent DNS surveillance activity.
How can I prevent DNS leaks?
Is there any way to avoid DNS leaks? Let’s find out.
Use a VPN service, your own or from a third party
One of the most popular ways to avoid a DNS leak is by using a VPN server.
VPN (Virtual Private Network) services allow you to set up a private tunnel between your computer and the Internet. This way, you can connect to the VPN server, and then start browsing anonymously without revealing your origin IP.
While the main goal of VPN servers is to hide your real IP address and encrypt your traffic, not all VPN providers can ensure this. Many VPNs are in fact vulnerable to DNS leaks. Always double check the VPN features before choosing your next provider, and ensure they will not allow any DNS leaks.