What are DNS leaks and how do I prevent them?

What is DNS?

DNS stands for Domain Name System and you use it every time you use the Internet. As you may know, the Internet works with IP addresses. For example, if you want to visit Google, you type google.com into your browser. In fact, you could also enter the IP address 172.217.19.78 and you will get to the same destination. Of course, this is much more complicated and that's why there is DNS.

Here's how it works: When you open google.com in your browser, your computer makes a request to the DNS server. This is usually your router. If your router does not yet know google.com, it forwards the request to a DNS server on the Internet. And so it goes on and on until someone knows google.com. The server then responds with the IP address 172.217.19.78. Only with this IP address you are able to access the website. As a user you don't notice anything. Everything happens in the background.

What is a DNS Leak?

If you connect to a VPN server, theoretically all traffic from your computer should be routed through the VPN. This includes DNS requests, i.e. not the DNS servers configured on your computer are used, but DNS servers specified by the VPN server. If there is a DNS leak, exactly this does not happen. This concerns especially Windows users

Is a DNS leak a security risk?

Not necessarily. By default, your Internet provider determines the DNS server you use. These are usually DNS servers that your Internet provider operates itself. This means that your Internet provider can theoretically see which pages you visit and which domains you resolve. However, only the domain is transmitted. If you watch a Youtube video, for example, your provider could see that you have called up Youtube, but not which video. A website operator could also determine which provider you are using and thus find out which country you are in. However, this is also possible via system time, system language, keyboard layout, etc.

Does Premiumize.me VPN protect against DNS leaks?

No, at least not reliably. We instruct the VPN clients to use only our DNS servers (e.g. with OpenVPN on Windows). Unfortunately, not every VPN client supports this. However, these options are optional and you can disable them if you don't want to use them.

Why don't you block the DNS servers like other VPN providers?

We have explicitly decided against this, because many users use their own DNS servers and would like to continue using them even with an active VPN connection. An own DNS server can have various reasons, e.g. blocking advertisements, own DNS entries or alternative top-level domains that are not accessible via regular DNS servers (e.g. .bit). Thus, our users have all the freedom and can do as they want to do.

How can I protect myself?

If you still use the default setting, you should change the DNS servers. The best thing is to make this setting in the router, because then the setting is automatically obtained by all devices in the network by default. You can find help in the manual or from the customer service of your router manufacturer. If you do not have access to the router, you can alternatively change the DNS settings in your computer. There is absolutely no advantage in using the DNS server of your provider. There are public DNS servers you can use instead, e.g. Google, Cloudflare, OpenDNS or Quad9. If only because your Internet provider knows which IP it has assigned to you and can therefore directly connect DNS queries to you, it is always recommended to use a public DNS server, because they are usually faster, more secure and more reliable than the DNS servers of the providers.

Below you will find a few providers that you can use:

Cloudflare DNS Primary: 1.1.1.1 / 2606:4700:4700::1111 Secondary: 1.0.0.1 / 2606:4700:4700::1001

Google DNS Primary: 8.8.8.8 / 2001:4860:4860::8888 Secondary: 8.8.4.4 / 2001:4860:4860::8844

Quad9 Primary DNS: 9.9.9.9 / 2620:fe::fe Secondary DNS: 149.112.112.112 / 2620:fe::9

OpenDNS Primary DNS: 208.67.222.222 / 2620:119:35::35 Secondary DNS: 208.67.220.220 / 2620:119:53::53