Question: I use a UK IP address in My IP Hide. But the DNS leak test shows my DNS servers are in Belgium. Does it leak my real IP address?
Answer: The short answer is No. Below is a detailed explanation.
Websites Know Your DNS IP?
The websites which can show our DNS servers are using the same technology. We use this one as an example: https://dnsleaktest.com
Here is the test result for our My IP Hide server 213.229.74.238 (UK5).
It seems that the website dnsleaktest.com knows our DNS servers. In fact, it only knows the ISP of our DNS because our real DNS servers are 8.8.8.8 and 8.8.4.4 instead of 74.125.x.x.
Let’s see how it detects our DNS servers. First, it makes six new domain names such as these ones.
mx8wdhdrls.dnsleaktest.com sxg1h57t5o.dnsleaktest.com nnm7ra7ubq.dnsleaktest.com o69mq7i0a2.dnsleaktest.com d4hciffhoy.dnsleaktest.com 988rgz5xdg.dnsleaktest.com
Then it uses javascript to make our browser to connect to those domain names. Our browser needs to know the IP address of them. So it makes a DNS query: “What is the IP address of mx8wdhdrls.dnsleaktest.com”.
The query route looks like this: Our Browser -> UK5 Proxy -> 8.8.8.8 -> other Google DNS servers -> 74.125.x.x -> the name server of dnsleaktest.com (ns1.dnsleaktest.com)
What Are Those DNS IP?
Then the name server of dnsleaktest.com knows we used 74.125.x.x to do a DNS query. It made six new domain names so it can get six IP addresses that query those six new domain names.
But those IP addresses 74.125.x.x are just edge DNS servers that are on the optimal route. ns1.dnsleaktest.com can’t even know their previous nodes. Neither can it know our real DNS servers (8.8.8.8) or our real IP address which is behind the UK5 proxy. What it actually knows is our DNS provider, Google.
Use DNS Test to Check User’s IP?
First, the DNS test can’t get the user’s exact location. For example, websites may get Belgium IP addresses for all the European users, and Taiwan IP addresses for all the Asian users if the users are using Google DNS 8.8.8.8.
Second, the DNS test is costly. It needs extra code to make many one-off domain names and read the logs from the name servers. It also wastes the Internet resources, by adding unnecessary DNS queries for those disposable domain names.
Because of the above two reasons (no exact location and costly), most websites won’t use the DNS test to block foreign visitors. Getting the IP address from the user’s HTTP request is still the main method.
The Meaning of DNS Leak Test
If you don’t use any proxy/VPN and use the default DNS server settings. You should be using the DNS server of your ISP. You will see Comcast, Verizon, or AT&T in the DNS Leak test result.
In that case, your ISP knows all your DNS queries. Thus it can know all the websites you visited. That is a DNS leak. Some bad ISP may send fake or invalid IP addresses to your DNS queries. Thus it can block some websites.
Moreover, a DNS test may know your exact location if you are using the default DNS servers of your ISP.
The meaning of the DNS leak test is to check whether you are using a safe DNS provider. These are safe DNS providers.
| DNS Provider Name | Primary Address | Secondary Address | Feature |
|---|---|---|---|
| 8.8.8.8 | 8.8.4.4 | unfiltered | |
| Cloudflare | 1.1.1.1 | 1.0.0.1 | unfiltered |
| OpenDNS Home | 208.67.222.222 | 208.67.220.220 | secure |
| Level3 | 209.244.0.3 | 209.244.0.4 | unfiltered |
| Verisign | 64.6.64.6 | 64.6.65.6 | unfiltered |
| DNS.WATCH | 84.200.69.80 | 84.200.70.40 | unfiltered |
| Comodo Secure DNS | 8.26.56.26 | 8.20.247.20 | secure |
| Norton ConnectSafe | 199.85.126.10 | 199.85.127.10 | secure |
| Quad9 | 9.9.9.9 | 149.112.112.112 | secure |
| SafeDNS | 195.46.39.39 | 195.46.39.40 | secure |
| CleanBrowsing | 185.228.168.9 | 185.228.168.10 | filtered |
| FreeDNS | 45.33.97.5 | 172.104.237.57 | unfiltered |
| Alternate DNS | 76.76.19.19 | ad-free | |
| Yandex.DNS | 77.88.8.8 | 77.88.8.1 | unfiltered |
| UncensoredDNS | 91.239.100.100 | 89.233.43.71 | |
| Hurricane Electric | 74.82.42.42 | ||
| puntCAT | 109.69.8.51 |
How to Fix a DNS Leak
- Use those safe DNS providers above
- Use remote DNS if you are using a socks proxy
- Use a version of OpenVPN newer than v2.3.9
- Use an HTTP proxy that doesn’t have the DNS leak problem natively
- Use My IP Hide which is a free VPN for browsers