Did you know that billions of people use 220.127.116.11 to get answers to their questions? Don’t be confused. It is the IP address of google.com. What saves you from the hassle of remembering this string of numbers is called a DNS or Domain Name Server.
The job of a DNS is to translate website names into IP addresses. The information is then sent back to your browser, after which your browser takes you to the website. Your internet service provider has its own DNS, which is how it knows the websites you visit, since it keeps a record of the DNS requests sent by you.
If you are using any anonymity tool, such as a VPN, then ideally your DNS requests should not go to your ISP but the DNS hosted by your VPN. A DNS leak happens when a security flaw compels your device to forward the DNS request to your ISP’s DNS server instead of the DNS used by the VPN.
As stated above, your DNS requests give away your browsing activities, which can be used against you. Plus, if someone has access to your DNS requests, besides your ISP or the VPN server, then it means that your security has been compromised and you are exposed. You have to protect your DNS requests from your ISP to stop it from tracking your movements, regardless of whether you're using a VPN or not!
You need DNS leak protection to make sure that nobody knows what you browse online. Protecting your DNS requests is the first step toward protecting your privacy online. Your browsing habits give away much more than the websites you visit. The collected data can be used to serve you targeted ads, blackmail you, profiling you, and to further compromise the security of the device you are using and the integrity of data on that device.
The easiest and most common way to fix DNS leaks is to use a trusted VPN. Put some time and effort while configuring a VPN on your device, and use the DNS provided by the VPN. If a DNS is not provided, then you are better off using a public DNS such as Google’s DNS. We don’t recommend it, however, since your DNS request SHOULD NOT be available to any third-party, EVER.
Then comes the problem of IPv4 and IPv6 IPs. Most websites on the web still use IPv4, which looks something like this: 18.104.22.168, whereas IPv6 looks like this: fe80::c47f:e386:8afa:e01b. The problem is twofold: First, if your ISP supports IPv6, you will be assigned both IPv4 and IPv6 IPs. Secondly, when you visit a website that supports only IPv4, your request will carry your IPv6 identifications along with your IPv4 as well. This will cause your IPv6 to leak. And, as in the case of IPv4, your IPv6 too is unique to you and you can be easily identified.
Since the complete transition from IPv4 to IPv6 is still underway, it is creating a lot of hurdles, even for VPN providers. So, remember to choose a VPN that stops your IPv6 from leaking or else your DNS requests will bypass the VPN tunnel and directly go to the DNS of your ISP. This will also result in a DNS leak, the consequence of which can be disastrous for you.