Many users seek hideIP your computer for the purpose of anonymity or to bypass blocking. Usually yours or is known to the administrators of the visited sites. Theoretically, this information is confidential, but practically nothing prevents attackers from using it for criminal purposes.
WhatDNS server and why hide it?
DNS (Domain Name System) is a system for obtaining information about a domain. Most often, it is used to determine (receive) the IP address of a specific resource by its name. DNS converts the entered site name (for example, yandex.ru) into an IP address by which the browser opens the desired page. In fact, the site loads the IP address, not the name (URL), while the name exists only for the convenience of users. It is much easier to remember and enter "yandex.ru" than "213.180.193.3". DNS is the mechanism that translates a human-readable URL into computer understandable IP.
Many users make a common mistake. In settings network connection in addition to the IP address, the address of the DNS server is also indicated. The computer first accesses it, and only then to the site itself. The error when hiding the IP address is that the user leaves his provider in the DNS settings. If an attacker can, he can easily determine the DNS, thereby determining the location of the user. Hence, VPN usage IP masking is useless without changing DNS.
HidingDNS usingVPN client
Viscosity helps you connect to your purchased VPN server and communicate securely with it without exposing your DNS. To set up the program, do the following:
1. Download the app from here: http://www.sparklabs.com/viscosity/ and install it (in OS X you will need to drag the application icon to the " Applications»):
2. Run the program and go to settings.
3. On the tab " Connections» click « + ' and select ' Add connection»:
4. Select the file received from the VPN service after paying for the account (in this example this is "Luxemburg-tcp.ovpn"):
5. Connection import finished - click " OK».
6. On the tab " Settings» check the boxes as in the picture (note that the checkbox for "Accept DNS settings at the same time" is not worth it):
7. On the tab " Connections» Double-click on the name of the imported file (in OS X, you can do as in the screenshot).
UniversalDNS
There are completely free DNS servers, the most common of which are Google and OpenDNS. With their help, you can introduce yourself as a user from the United States or another country of your choice. To work with universal DNS in Windows environment do the following :
1. Open " Control Panel" on the menu " Start».
2. On the tab " Network connections" or " View network status and tasks” (for Windows 7, 8) open your current connection (network or ) and click “ Properties».
3. Double click on the item " Internet protocol version 4».
4. Check the box below " Use following addresses DNS servers».
5. In top line each cell in turn enter: 8.8.8.8 (DNS by Google) or 208.67.222.222 (OpenDNS).
6. In the bottom line, enter: 8.8.4.4 (Google) or 208.67.220.220 (OpenDNS). These servers can be combined by entering different servers in different lines.
7. Click " OK” and close the window.
To use universal DNS on OS X, do the following:
1. At the top of the desktop, click the " Apple».
2. Select " System settings».
3. Click on the icon " Network» and in the window that appears, click on the lock icon.
4. Select your current Internet connection (usually Ethernet or Wi-Fi) and click " Additionally…» in the lower right corner.
5. Enter everything in the DNS settings in the same way as in the case of Windows.
ChangeDNS using the "dnsfixsetup" program (windows)
On Windows, you can do the following to resolve the issue:
1. Before connecting to the VPN, set static IP addresses in the network connection settings if you are using DHCP to obtain an IP automatically.
2. After connecting to the VPN, clear the DNS settings in the network connection settings.
3. After disconnecting from the VPN, return the settings back (i.e. in the network connection settings, check the boxes for automatic receipt IP and DNS).
On Windows, you can use the "dnsfixsetup.exe" program to solve the problem. After installation, the program will run three scripts that perform the above actions automatically:
1. bat - executed when a connection is initiated, but before a VPN connection is established (called internal function"pre.vbs"). If the settings specify automatic IP and DNS acquisition, the program will switch them to manual (static) acquisition.
2. bat - executed when a VPN connection is established. Calls the "up.vbs" script, which removes DNS servers from all active connections(except TAP32 adapter).
3. bat - executed after the VPN connection is disconnected. The script "down.vbs" sets the default settings.
Another way to changeDNS by manual method
This solution does not switch the adapter to static settings when using DHCP. If you have not switched to a static IP configuration and your computer updates its IP address when connected to the VPN, then the DNS settings may be overwritten. It is highly recommended to switch to a static IP configuration.
1. Run "cmd.exe" by pressing the "Win + R" keys on the keyboard and typing "cmd" in the window that appears.
2. Before connecting, determine the name of the connected network interface by entering in the window that appears (usually black) " netsh interface show interface". In our case, we use "Connection by local network» ( local area connection).
3. Connect to a VPN. If you are already connected, proceed to the next step.
4. Clear the DNS resolution cache by entering the command " ipconfig /flushdns».
5. Disable current settings DNS command " netsh interface IPv4 set dnsserver "Local Area Connection" static 0.0.0.0 both».
6. To check the DNS (whether it remains the same or not), you can go to "https://www.dnsleaktest.com/index.html". If your country name is shown here, repeat all steps.
7. After disconnecting from the VPN, reconfigure the adapter according to the previous DNS configuration using the " netsh interface IPv4 set dnsserver "Local Area Connection" dhcp».
8. Flush the DNS resolver cache again by typing " ipconfig /flushdns».
We have changed the DNS server settings. Now you are completely sure that no one will be able to determine your real location.
Change methodDNS servers on Android
1. You need to go to wifi settings on your phone.
2. Select desired connection and select "Change network" from the menu that appears.
3. Click Advanced.
The main problem of most programs used in conjunction with “Tor” (The Onion Router) is the leakage of DNS queries. That is, despite the fact that Tor is used, the programs first send a DNS query “unjammed” to get the IP address of the final target. And only after that they turn to the final goal being “jammed”. This means that the task of identifying DNS leaks is critical in terms of anonymity.
Consider an example. When accessing the site's domain name (google.com) instead of its IP address (173.194.70.101), the IP is calculated from this name. This is done by the “Domain Name System” (DNS) service. In this case, a leak occurs: an open, unencrypted request is sent to the network to DNS servers, containing Domain name(google.com), which lets the curious (like SORM-2) know where you go. But even if you entered by typing in address bar IP address (173.194.70.101), then it can also be leaked due to requests active elements pages downloaded from the site (for example, java scripts can be executed).
DNS queries are short, so they are sent over the transport UDP protocol. If the request is too long, the normal TCP transport is used and port 53 is used. So we will listen to port 53.
Used to test the network special programs- interceptors-analyzers network traffic(information going over the network). They are also called sniffers (sniffer - sniffer).
Option 1: “TCPDump” (Console)
The best known analyzer is the “tcpdump” program (http://ru.wikipedia.org/wiki/Tcpdump) included with most Linux distributions.
Install "tcpdump":
sudo apt-get install tcpdump
sudo tcpdump port 53
In this case, it is desirable to close everything except the application under study. If after this command, as a result of the operation of the application under study, lines appeared in the tcpdump window, then a DNS leak is taking place. Then you can analyze what.
If several are used network devices, then you may additionally have to specify the required network interface. Their list can be found console program ifconfig.
sudo ifconfig
After finding the name of the network interface, add the following to the command:
I<имя_сетевого_интерфейса или его номер>
sudo tcpdump -i eth0 port 53
The analysis is stopped by the combination CTRL+C .
Option 2: “WireShark” (Console & GUI)
Wireshark (formerly Ethereal) is a traffic analyzer program for computer Ethernet networks and some others. Written on GTK+ libraries and has GUI(GUI). But besides the GUI, there is a console implementation of the program called “TShark”, which has the same functionality as its graphical version. The functionality is very similar to that of tcpdump , however Wireshark has a graphical user interface and much more possibilities sorting and filtering information. The program allows the user to view all traffic passing through the network in real time, translating network card in promiscuous mode(promiscuous mode). Since the program is very popular as an administrative network analysis tool, it is available in the repositories of almost every Linux distribution.
- TShark
Install:
sudo apt-get install tshark
Let's start listening to check for DNS leaks:
sudo tshark -i eth0 port 53
Instead of eth0, enter the name of your interface
- Wireshark
Install:
sudo apt-get install wireshark
In all instructions on the network, it is usually suggested to run WireShark as root, otherwise WireShark will not see the network interfaces, since root rights are needed to access them. But granting root privileges to GUI programs is contraindicated! Therefore, we will not use sudo, but will do the manipulations described in the official instructions.
Create a wireshark group:
sudo groupadd wireshark
Add a user (that is, yourself) to the wireshark group, replacing user with your username:
sudo usermod -G wireshark -a user
Note: Enter your username in the user place.
sudo chgrp wireshark /usr/bin/dumpcap sudo chmod 754 /usr/bin/dumpcap sudo setcap "CAP_NET_RAW+eip CAP_NET_ADMIN+eip"/usr/bin/dumpcap
Let's log in (log out and log back into the system) in order for the manipulations with the rights to take effect.
Now WireShark can see network interfaces not only from root, but also from a user in the wireshark group.
Run wireshark:
Opening a tab with the mouse Capture ⇒ Capture Filters:
Let's create a DNS interception filter. 
In the block “Properties” in line “Filter name” enter:
TCP or UDP port 53 (DNS)
And in the line “filter string”:
Click on the button “new”.
The filter we created should appear at the end of the list.
Click “OK”.
Click CTRL+I or click to open a tab Capture ⇒ Interfaces:
Put a check in front of the network interface that we are going to listen to and click Options:
Click on the button “Capture Filter” and in the window that opens, select the filter “TCP or UDP port 53 (DNS)” which we have created.
Click "Start".
Finally, we can see all the packets passed through port 53. 
Domain Name System (DNS) is responsible for converting domain names (such as "site") into actual IP addresses to connect to. It translates long, complex, and hard-to-remember numeric web server names to human language and vice versa.
So, whenever your computer needs to connect to a particular website (for example, when you type "www.google.com" in your browser's address bar), it first goes to the DNS server and requests that site's unique IP address. This procedure is an important part of how the Internet works.
What is a DNS leak?
If you are trying to keep your online activities secure and private with a VPN service, it is imperative that all traffic originating from your computer is routed through VPN network. It also includes the above DNS queries- they must go through the VPN tunnel to your VPN provider's DNS servers, not to your ISP's servers.
However, your system may for some reason fall back to the default DNS servers, which results in your ISP being able to see which websites you visit. This can happen if you:
- Are you running Windows or have you recently reset your system settings?
- set up a VPN manually;
- use VPN service, which does not have its own DNS servers or whose servers do not offer sufficient protection against leaks.
How might this affect you?
Any of your traffic that goes out through the normal unencrypted route can be intercepted by third parties (for example, your ISP or DNS provider). In this case, they can see:
- the websites you visit;
- files you download;
- the services you use and much more.
Plus, you won't even know about it unless you do a custom DNS leak test like the one above. That's why you need to choose a VPN service that provides DNS leak protection.
When connected to NordVPN, your device will only use DNS servers that are fully managed by NordVPN. So you never have to worry about a leak. confidential information and interception of information by third parties.
How to test for a DNS leak
You can check for DNS leaks in a few simple steps:
- Go to the DNS leak test;
- See if the displayed IP address and location matches your actual data. If so, then either you are not connected to the VPN, or your VPN service does not work;
- To test for a DNS leak, select the Standard or Extended test. If you are connected to a VPN server and the test does not show the DNS servers of your actual ISP, your traffic is safe.
What if you're connected to NordVPN and still see a DNS leak during testing? Contact our support team via live chat, Email or support coupon. We will help you solve any problems as soon as possible.
A VPN may not always be able to secure your device's DNS queries, even if all other traffic is securely protected by the VPN tunnel. This is called a "DNS leak". If DNS queries are leaked, then third parties, such as your ISP or DNS server operator, can see which websites you visit and which applications you use.
Since DNS is a system address books, then almost everything you do on the Internet is connected with it. Your browser and other applications use DNS to find the servers that run the sites and services you use. Your device forwards queries to a DNS server, which sends back instructions on how to find what you're looking for. This is why DNS queries put your privacy at risk.
What is DNS
How can I check if a VPN is protecting me or not?
If set up correctly, the ExpressVPN app will protect you from DNS leaks. The DNS leak test on this page verifies that ExpressVPN is up to the task.
How does ExpressVPN prevent DNS leaks?
Without VPN device usually uses DNS service provided by your ISP. But when you connect to ExpressVPN, your device only uses ExpressVPN's DNS servers. This provides numerous benefits because:
- ExpressVPN DNS servers are very fast
- ExpressVPN does not store any online activity or connection logs
- All traffic between your device and DNS servers is fully encrypted
Here's how it works. To open a web page, you enter a URL or click a link in your browser. This URL is sent through ExpressVPN's encrypted tunnel to ExpressVPN's own DNS server. The DNS server looks up the IP address and sends it to the ExpressVPN server, which accesses desired page. In an instant, ExpressVPN returns this page to you. All traffic remains reliable protection VPN tunnel.
If I'm already using a VPN, why do I need to check if there is a DNS leak?
One of two things can happen:
In both cases, third parties can see a list of websites and applications that you use.
What Causes DNS Query Leaks When Using a VPN?
DNS leaks can happen for many reasons. Here are some of them:
- Your VPN network is manually configured. If you manually configure a VPN connection, the risk of DNS query leaks increases and depends on your operating system configuration. Using the ExpressVPN apps eliminates many of these dangers.
- Your router is controlled by an intruder, For example, Wi-Fi operator in the cafe. An attacker could make your device send DNS queries outside VPN tunnel. ExpressVPN apps protect against DNS leaks, but other apps and manual settings may be vulnerable.
- Manual DNS setup. you (or software on your device) instructed the operating system not to use ExpressVPN's DNS servers. Power Users can query a specific DNS service, but for security reasons, most people are better off not doing this.
Some Internet users prefer to use VPN services at work to hide their real IP address and encrypt data. As a rule, they are driven to such a step by the desire to maintain their online privacy, as well as a number of other reasons. However, all this will be in vain if your personal data is "leaked" to the network due to security vulnerabilities. There are two main types of such leaks: DNS leak and WebRTC leak(IP).
What is a DNS leak?
If you have ever accessed the Internet, then you have come across the Domain Name System (DNS), even without knowing it yourself. DNS maintains a database of domain names (for example, vpnmentor.com) and translates them into the appropriate numerical address (Internet Protocol, IP). It is at these addresses that browsers find sites on the network. Essentially, IP addresses and domain names are similar to phone book where each person has a name and phone number.
Strictly speaking, domain names are only for humans, while computers only work with numbers in the format. It can be difficult for a person to remember an address like 168.212.226.204, but remembering the domain name of such a site can be much easier. Here's what happens when your browser opens a page on a website: Your computer sends a query to your ISP's DNS servers and gets back the IP address of the web page you want. But when you use a VPN service, the request goes to the DNS servers not of the provider, but of the VPN service itself.
How does a leak happen?
Due to a security vulnerability, sometimes a DNS query can get to your ISP, and not to the servers of the VPN service, which will be able to hide it from prying eyes. In fact, it is in this case that DNS leak. The culprit is an unencrypted DNS request sent by your computer through a non-secure VPN tunnel. This vulnerability is related to operating system computer. So, each network interface can have its own DNS system. And sometimes it happens that a computer sends DNS queries directly to the provider or even to third party servers(see figure below), ignoring the default gateway and DNS settings of your VPN service, which leads to data leakage.
All this allows the provider to find out which sites the user visits.. And if you use a VPN service and suddenly find out that you are sitting under your real IP address, then this means only one thing: all your DNS requests also go not to the VPN service servers, but directly to the provider. By the way, some providers use Transparent DNS proxy technology (“Transparent DNS proxy”), which forces the user's devices to make DNS requests to the provider's servers even when you have set different DNS settings.
What is a WebRTC (IP) leak?
In 2015, Internet security specialist Daniel Roesler reported a vulnerability that allows attackers to intercept a user's real IP address from API(application programming interface) built into most modern browsers -Web Real Time Communication (WebRTC). It was even possible to intercept the data of those users who connected to the VPN service. Note that WebRTC is used in different networks for cross-browser data exchange, P2P file sharing, video calls and more.
How does a leak happen?
It only takes a few lines of code to get WebRTC to give out your real IP address. It's all about the so-called STUN-server (server of utilities passing sessions for NAT). STUN server allows computers and devices from your internal network find their public IP addresses (essentially their internet addresses). VPN services also use the STUN server to translate your internal network address to a public Internet address and vice versa. To do this, the STUN server maintains a database that contains records of your local and public IP addresses.
This leak has nothing to do with VPN services at all, from the degree of security to this case nothing depends. The problem lies in the vulnerability of your browser - more precisely, in WebRTC. When the module Browser WebRTC receives requests from the STUN server, it sends back a message that contains both your IP addresses (internal and public), as well as other data.
The content of the message, i.e. the user's real IP address, can be found out by writing a tiny JavaScript program. For it, only one thing is needed: that WebRTC is supported in the browser (well, the program itself still needs to be written, of course). And if WebRTC is enabled in your browser, then it will accept requests from the STUN server and send responses back.
Summarize: ideal systems no, everyone has their own mistakes and vulnerabilities that remain hidden for the time being. Therefore, it is important to use which eliminates all vulnerabilities found in a timely manner.. Required for data leaks and if it turns out that you are at risk.
