How to Prevent Windows 10 DNS Leaks

There are a few ways to tell if your DNS is leaking and the solutions to fixing it are fairly easy. By the end of this guide, you’ll be able to stop the leakage.

One of the first things you can do is invest in a VPN. A growing number of VPN services actually offer private DNS servers and other protections. Providers such as Surfshark have them built in. You might consider giving Windows client a try here.

What Is “DNS” Anyways?

The network communication service DNS is called “Domain Name Service” in full. The internet has many DNS servers that talk back and forth with each other and your computer. Imagine a few friends texting each other to find the street where they’ve last seen John’s apartment.

This translates a website name like “YouTube.com” into its numerical IP address. A site’s IP address is the location of the file server. Your computer talks to these servers to fetch the files you’re browsing.

VPNs attempt to hide your habits from prying eyes. The IP and DNS addresses should be hidden.

A DNS leak shows where you’ve been browsing the internet. Your Internet Service Provider(ISP) would still be able to see everything you’ve done.

Let’s dig into why Windows 10 is known for this huge issue.

Why Does Windows 10 DNS Leak?

The main point of Windows 10 is that it tries to do everything for you. You’ve probably noticed how it is a simplified version of Windows 7. Sometimes this desire for simplicity causes it to be a nuisance for more advanced users.

One feature or bug is that Windows automatically seeks the simplest path to the internet. It will automatically find the easiest DNS server. If you are browsing with a VPN, you will sometimes have DNS traffic leak since a VPN can often be a slower path to the internet.

The internet is taking the painful steps to move to IPv6. This is a more powerful protocol for accessing the internet, but it’s still new. Your computer will still have issues translating IPv4 and IPv6. Windows has a technology named “Teredo” that simplifies this. However, it will often bypass your VPN and leak since that’s the simplest path.

Lastly, the Windows Firewall is very simple. It basically allows all traffic to flow from behind it for convenience. This is bad for your privacy since it lets stray DNS requests spill the beans on your traffic.

Your ISP will then see where you’ve been browsing. This is bad since ISPs are now legally allowed to record all your traffic and sell it in countries like the United States. You can read more about net neutrality’s death over here.

Now, you know what the main causes of leaks are. The next step is to learn how to check for leaks. After that, you’ll see how to fix these three main issues.

Checking For VPN Leakage:

Here are the steps:

1. Connect to the VPN.
2. Go to dnsleaktest.com or ipleak.net.
3. Click standard test. Ipleak.net should be automatic unless you’ve disabled javascript.
4. Give it a few seconds.

You should only be able to see the VPN information. There should be nothing else that you can see. If any information related to your ISP shows, then you’re leaking.

Eliminating DNS Leaks:

Don’t leave your windows computer on DHCP. This is a dynamic host change protocol. It dynamically changes according to the easiest way to connect to the internet. You’ll notice it ignores your VPN most of the time.

Change your settings from DHCP to static DNS server or to a public DNS server. Your VPN host may also give you suggestions of the optimal setting. Some people use Comodo DNS and Cloudflare DNS if their provider doesn’t have DNS servers of its own.

 

Here are the steps:

1. Open the start menu in Windows and
2. Enter “Network and Sharing Center” into the search bar.
3. Go over to “Change Adapter Settings.”
4. Find your network and right-click its icon.
5. Then, click “Properties” in the drop-down menu.
6. Find IPv4 and select it. Click on its name to do this. It should have a blue highlight on the text.
7. Go back to “Properties.”
8. Click on the button called “Use the following DNS server addresses:”
9. Use your VPN host’s DNS addresses or a third party’s like Comodo.
10. Make sure you click “Ok” to save your settings.
11. Check back over here at dnsleaktest.com or ipleak.net.
12. Is it still leaking? If not, you’ve done it correctly.

How To Shut Off Teredo

Teredo is a feature in Windows 10 that automatically converts between IPv4 and IPv6. It often ignores your VPN settings and bypasses them. That means it has to be shut off.

The way to do this is through the command prompt. Open it as an administrator. You can find it on your start menu. Then, type “netsh interface teredo set state disabled.” The only drawback to this is you may occasionally run into slightly slower browsing. IPv6 compatible VPN hosts can avoid this issue.

Blocking Non-VPN Traffic

To be extra safe, you can change your firewall to only allow VPN traffic. Follow these steps to do it:

1. Connect to the VPN
2. Go to “Network and Sharing Center.” Look for your ISP in “Network,” and your VPN in “Public Network.” Change them to these settings if they are different.
3. Log in as the admin. Open “Windows Firewall” settings.
4. Select “Advanced Settings.”
5. Click on “Inbound Rules” on the left sidebar.
6. Under actions, click the option for “New Rule.”
7. Click “Program and click on the “Next” button.
8. Select “All Programs.” Click “Next.”
9. Click “Block the Connection,” and click “Next” again.
10. Select “Domain” and “Private” to block them. Leave “Public” unselected.
11. Go back to the “Advanced Settings” menu in Window’s Firewall. Do steps 6 to 10 for “Outbound Rules.”

Now all of your Non-VPN traffic should be blocked. This will only let your VPN be the source of traffic. You will be protected on public networks too.

That should do it for you. Make sure you use a few sites to check if your DNS is leaking anymore. Never leave your privacy to chance.

Conclusion:

No one surfing the net is safe from surveillance. Do you really want random companies being able to profile your browsing habits? No, you probably don’t. Getting a VPN is a simple way of putting an end to this. No one will know exactly where your traffic is coming from.

Make sure you follow the steps of this article to eliminate any leaking on your end. It only takes a few clicks and double checking your work. This will keep DNS logs off of your ISP’s servers. You’ll also be protected from DNS hijacking attacks. That means they won’t be able to sell your very private information to third parties. Many experts recommend doing regular leak tests to stay on the safe side.