DNS leak

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

A DNS leak refers to a security flaw that allows DNS requests to be revealed to ISP DNS servers, despite the use of a VPN service to attempt to conceal them.[1]

Process[edit]

The vulnerability allows an ISP, as well as any on-path eavesdroppers, to see what websites a user may be visiting. This is possible because the browser's DNS requests are sent to the ISP DNS server directly, and not sent through the VPN.

This only occurs with certain types of VPNs, e.g. "split-tunnel" VPNs, where traffic can still be sent over the local network interface even when the VPN is active.

Starting with Windows 8, Microsoft has introduced the "Smart Multi-Homed Named Resolution". This altered the way Windows 8 handled DNS requests, by ensuring that a DNS request could travel across all available network interfaces on the computer. While there is general consensus that this new method of domain name resolution accelerated the time required for a DNS look-up to be completed, it also exposed VPN users to DNS leaks when connected to a VPN endpoint, because the computer would no longer use only the DNS servers assigned by the VPN service. Instead the DNS request would be sent through all available interfaces, thus the DNS traffic would travel out of the VPN tunnel and expose the user's default DNS servers. [2][3]

Prevention[edit]

Websites exist to allow testing to determine whether a DNS leak is occurring, including www.dnsleaktest.com[4] and ipleak.org[5]. DNS leaks can be addressed in a number of ways:

  • Encrypting DNS requests with DNS over HTTPS or DNS over TLS, which prevents the requests from being seen by on-path eavesdroppers.
  • Using a VPN client which sends DNS requests over the VPN. Not all VPN apps will successfully plug DNS leaks, as it was found in a study by the Commonwealth Scientific and Industrial Research Organisation in 2016 when they carried an in-depth research called "An Analysis of the Privacy and Security Risks of Android VPN Permission-enabled Apps" [6][7] and found that 84% of the VPN applications on Google Play Store that they tested, did leak DNS requests.

References[edit]

  1. ^ "What is a DNS leak and why should I care?". dnsleaktest.com. 2017-05-29. Retrieved 2016-09-03.
  2. ^ "Preventing Network and DNS Traffic Leaks - SparkLabs". www.sparklabs.com. Retrieved 2018-11-29.
  3. ^ "Windows 8 and Windows 8.1 New Group Policy Settings". blogs.technet.microsoft.com. Retrieved 2018-11-29.
  4. ^ "DNS Leak Test". www.dnsleaktest.com. Retrieved 2016-09-03.
  5. ^ "DNS Leak Test - Share results with a link". ipleak.org. Retrieved 2018-11-29.
  6. ^ "An Analysis of the Privacy and Security Risks of Android VPN Permission enabled Apps" (PDF).
  7. ^ "VPN Tests and Checks - The Ultimate How-To Guide | Restore Privacy". Restore Privacy. 2018-03-07. Retrieved 2018-11-29.