Kalpana Kalpana (Editor)

DNS leak

Updated on
Edit
Like
Comment
Share on FacebookTweet on TwitterShare on LinkedInShare on Reddit

A DNS leak refers to a security flaw that allows the true IP address of a connection to be revealed to websites, despite the use of a VPN service to conceal it. The flaw was first documented by Daniel Roesler, a developer based in San Francisco.

Contents

Process

The vulnerability allows remote websites to determine the user's true IP address using WebRTC, which is built into most web browsers. According to Roesler, determining the true IP is possible since WebRTC allows requests to ISPs' STUN servers to return the user's public and local IP addresses, noting that it is possible to do so using JavaScript.

Furthermore, the STUN requests aren't made using the regular XMLHttpRequest procedure, so can't be viewed in browsers' developer consoles or be blocked by popular privacy plugins (such as Ghostery or AdBlockPlus).

Determining the true IP address also allows the website to determine the approximate location of the connection, allowing for geo-blocking of content.

Prevention

Several websites exist to allow testing to determine whether a DNS leak is occurring, including Roesler's demo tool. DNS leaking can be prevented in a number of ways:

  • Disabling WebRTC in the browser (although this prevents functionality such as allowing sites access to microphones and cameras)
  • Block the leak in your browser with an add-on like uBlock Origin.
  • Encrypting DNS requests, such as through the DNSCrypt protocol
  • Using a VPN client with built-in DNS leak protection

    • References

    DNS leak Wikipedia
    (Text) CC BY-SA