The Anatomy of DNS and IP Leaks on iPhones
When using a virtual private network, it seems that the connection will be stable and the sites viewed will remain secret. However, a VPN with a connection of even the highest quality can be susceptible to cyber-attacks. To be sure of the security of your own IP address and the information you are viewing, you may decide “I want to test my VPN”.
All devices with Internet access have an IP address. Servers that store information about sites translate text addresses into numbers, which are assigned to every device. Domain Name Services (DNS) does this job.
When you are trying to access the site you want, the browser sends a request to convert the URL to a number identifier. It also requires a destination folder that is usually located on the selected server. Next, the DNS server receives a request to return the destination of the file, then the information is loaded into the browser. These steps are called DNS resolution.
When using a VPN for iPhone that secures users’ connection, DNS resolution should be done on the server that the virtual network offers. You can also identify the IP address from which the request was received.
How do you know if your VPN is working, you may ask. Logging into the network with a VPN turns out to be useless from a security standpoint, and the VPN isn’t working. If hackers intercept the sent DNS queries, they will access your personal data and other confidential information. You not let this happen, you can use DNSCrypt, but it cannot protect your IP address.
How to Find Your Leak
To check for vulnerabilities and data leaks while accessing the Internet, you can use services that check for DNS leaks. To test the level of security of an IP address, follow several steps, which are the same regardless of the chosen tool:
* turn off your VPN;
* choose a suitable site for testing;
* remember what IP-address and DNS server address was used;
* connect to the virtual network and re-login to the test site by refreshing the page.
Pay attention to which address is displayed now. If the site still shows the data specified earlier, it means your system has a vulnerability and the information is unprotected. Now you know how to check if a VPN is working. When you need anonymity, try to understand the main causes of data leaks.
1. WebRTC Leak Test
One of the most widespread reasons of privacy breaches is the vulnerability of browsers that use WebRTC. Check our article about how to turn off your browser history. It is an interface for launching web apps. It doesn’t require installation of additional plugins or extensions.
Chrome or Firefox running on WebRTC use STUN, the apps needed to traverse a NAT session. Thus, they get the external network address. When a website makes a request to find out your IP address, some of the page code may be hidden. Mostly the code is used to send UDP requests to the STUN server. Later requests will be redirected to publicly available networks.
At the same time, it’s easy to get information about your real IP address and the way you access the network via a VPN, but first you should know the answer to the question “How to check my VPN?”. A special combination can be embedded into website code that doesn’t need extra information about you. The requests will not look like usual HTTP requests, so they cannot be seen through the standard console used by developers. Therefore, this leak will not be blocked by plugins built into the browser.
To prevent this threat, you should conduct a VPN connection test and select certain rules in the firewall that block requests that were made outside the secure connection. Another option is to disable WebRTC in browsers you use to access the Internet.
2. Security Flaw in VPN Connections
If you only access the web using a VPN, don’t rely on a DNS server from your provider. It might violate your privacy. Try using DNS servers provided by Google. But when using the paid VPN version, the options offered by the system are enough.
In some cases, the VPN provider may be to blame for the leaks, so it’s worth using a DNS leak detector. Virtual networks that don’t support IPv6 often don’t provide sufficient privacy. In this case, the IPv4 protocol is used, with its 32 bits addresses. In this case, a certain number of users might get a secret address. The programs used by the IPv6 protocol use 128-bit addressing. Now the number of addresses has become much larger, so users from more countries can count on replacing their address with fake ones.
Implementation of the modern protocol is slow. Sites with a large audience support both protocols, so the channels are serviced depending on the client’s chosen system. How to test if VPN is working, you may ask. If the VPN doesn’t support IPv6, there might be problems.
If websites only use IPv4, there may be vulnerabilities. In the case of using IPv6, the virtual network sending the request through the tunnel loses the ability to hide personal data. The browser will send requests unencrypted, so the IP address will not be protected.
For DNS leak fix, try the following:
* use a VPN with an assigned DNS VPN server and built-in leak protection.
* Here is how to install VPN or your iPhone;
* choose a virtual network that supports IPv6;
* disable the IPv6 protocol in your OS manually.
You can refer to other sources to find out how to complete this operation depending on the device you have.
3. DNS leaks occur on Windows Operating Systems
There are several factors to consider when connecting to a VPN if you are using Windows OS. You might wonder “How can I tell if my VPN is working?” In each OS, DNS resolutions are performed in a hierarchical order. The first one is HOST which helps with DNS mapping. If this information is not available, it proceeds to servers dedicated to the network connection. If no data is transferred, the request goes to Netbios. Thus, if the DNS server allows the request, the OS doesn’t use third-party servers.
Users of Windows 10 should be aware of the following. System queries are sent to network adapters regardless of which DNS server responds first. When connecting via VPN, the sent requests will end up on the provider’s device.
When a virtual network that has passed the check for VPN connection is used for Windows, the above IPv6 vulnerability may occur. Teredo tunneling is used to support hosts of this protocol that are still running on the IPv4 network. In this case, leaks may occur outside the VPN service area.
How to test a VPN connection? To fix this problem, you should deactivate tunneling. It’s enough to disable the OS optimization and deactivate intelligent multinetwork name resolution in the Group Policy Editor. If you have a basic home OS installed, you won’t be able to make these changes. To ensure your own privacy and the security of data used on the Web, choose the right VPN provider and be sure that the answer to the question “Is my VPN secure?” is affirmative.
Use virtual private networks (VPN) to secure your connection
To create a secure connection, it is enough to use a VPN, but don’t forget the connection stability test. Read more about what is VPN. The Internet will be accessed via a secret IP address, depending on the server selected for connection. Neither the service provider nor attackers will be able to intercept confidential information transferred over the Internet.
The data about your connection will remain unknown to the sites to which you are referring. Check VPN connection status and go to any Internet sites. Moreover, you will be able to explore the content of those pages, access to which is open only to users from a specific region. There will be no more unaccessible websites or videos. Absolutely any resources are available to you now, and your traffic will be encrypted using modern cryptographic protocols.