What is DNS Leak?

DNS Leak is often mentioned in technical articles but rarely goes into the details of the process. We would like to create a common understanding of the process with the help of this article, breaking down the implementation stages of the leak itself.

Main parameters

First, we recall that our devices at the output to the Internet have a connection with all hosts not directly, but with the help of an intermediary, who is also a provider. Through the provider, we can get the service of other services.

In other words, when we request the browser http://example.com, then first of all the name will be resolved, which goes to the provider, and the provider is already making a request to public DNS and at the end of the process gives us the necessary IP address, on which our device makes the request. Or our request is sent directly to the provider, where it receives a name and resolves it, and then our packets are sent to the required address.

For unknown reasons, when describing these processes, many people miss one important detail: the provider. This is explained by the fact that this is just an intermediary in the chain of tasks. The opinion is very erroneous, so you should not forget that our devices do not independently make requests to DNS servers, but the provider does it.

An extremely important feature is that DNS leaks also mean leaking DNS IP addresses because it is directly related to our devices (in other words, it is directly related to our provider). When the address of such a server is at your disposal, you can easily figure out the provider, and through it, without much effort, you can “reveal” the anonymity of the target.

It is for these reasons that DNS Leak is in principle possible, because by hiding your device with an intermediary in the form of a proxy server or when using an anonymizer, we anonymize the address on the network, but not the address of the DNS itself.

How DNS leaks happen.

We have dealt with the general basics of the domain name resolution scheme, now we can analyze the leak in more detailed processes.

Suppose that we are using a proxy to anonymize our IP address and request a site that has data that has a domain name in the receiving address that has not been resolved by our devices before and has not yet been cached by any of the DNS servers on the network.

Our device appeals to the provider, the provider’s DNS starts resolving, and, according to the scheme that was indicated before, it reaches the DNS server, and it, in turn, gives the desired address of this name.

It turns out that the root of the leak is that we make a call to the DNS server “straight”, bypassing our chain of intermediaries, deanonymizing the IP address of our DNS.

The solution to the problem is quite logical and not difficult to implement. We need an analog of proxy servers for our DNS, namely, to set the use of the proxy provider’s DNS server in the SOCKS4a / SOCKS5 settings.

Proxy selection

In general, the DNS leak process is not difficult, but to avoid it, using public (free) proxies does not make much sense.

We will not solve the problem of leakage, but we also expose ourselves to the risk of additional problems and complexities, namely:

  • Our data is not protected
  • Anonymity equates to almost zero
  • The probability of using a proxy by several users is enormous
  • The alleged proxies may be already blacklisted by many resources.

And many other «wonderful» aspects can be expected when using public proxies.

Of course, in fairness, it is worth mentioning that among them there is something close to the word “quality”, but how much time and effort it will take you to search for such a thing is one big mystery. Is it worth it?

We strongly recommend using only private proxies, in which you can be sure that whole organizations are engaged in their maintenance. Even if you encounter any problems, you can always contact the customer support service, where they will help you figure it out. The cost of this is often more than humane.