So, what happens when a DNS leak occurs, and what information is leaked out? First, we have to distinguish between three cases:
- Information that goes to the user’s ISP
- Information that is tapped on the way to the DNS server
- Information that is disclosed on the part of a service operator
A DNS query received by the ISP’s DNS server contains the domain name to be resolved in addition to the end user’s undisguised IP address. Time-stamped in the ISP’s server logs, this provides information about when which user wanted to access which domains. This is a serious privacy issue. On the one hand, the DNS data is often packaged into profiles and sold; on the other hand, government agencies can gain access to the data. In the worst case, this can be fatal for dissidents and activists.
DNS requests use the User Datagram Protocol (UDP) as the connection protocol. UDP packets can be seen on their way to the DNS server by any actor who is able to monitor the line. To keep the end user’s surfing behavior private, DNS requests should be routed through the VPN. Since the Snowden revelations, it has been known that intelligence agencies monitor, leak, evaluate, and store Internet traffic on a massive scale. The personally identifiable DNS packets resulting from a DNS leak thus pose a serious threat to the security and privacy of Internet users.
In addition to the dangers already mentioned in connection with DNS leaks, there is another risk. This is because a DNS leak can be exploited by third parties. This can be a service provider, e.g., the operator of a website. The provider can use a technique to determine that a user is accessing the service via a VPN. The ISP of the user may be revealed to the service provider. This, in turn, reveals the user’s approximate geographical location. The same technique is used – for the benefit of the user – by the DNS leak testers.