How to prevent a DNS leak in Windows

While using VPN in Windows and ISP's (Internet Service Provider) DNS there is a risk of de-anonymization, so it's necessary to prevent a DNS leak.

Viscosity users are able to apply the built-in solution.

If you use OpenVPN 2.3.9 (or higher) and Windows 8.1 (or higher) having block-outside-dns option in configuration files will prevent a DNS leak automatically (since 25.12.2015 this option is included by default to ZorroVPN configuration files).

While using old versions of OpenVPN or not using Windows 8.1 (or higher) use the follow guide:

  1. Go to Network and Sharing Center:
  2. Choose the ISP's network connection:
  3. Go to "Properties" of the connection:
  4. Choose Internet Protocol Version 4 (TCP/IPv4) and go to "Properties":
  5. Set up an non-existent DNS address - Instead of this address you can set up Google Public DNS address -
  6. Close the configured properties of the protocol and network connection. From now ISP's DNS will not be used.

  7. It's recommended to disable Internet Protocol Version 6 (TCP/IPv6). Or if VPN service supports IPv6, you can do the same steps and set up 0:0:0:0:0:0:0:42 as non-existent DNS address. On the other hand, Google Public DNS address can be used - 2001:4860:4860::8888.

show comments