How can I fix a DNS leak?

The solution is to ensure that once connected to the VPN, you are using ONLY the DNS server/s provided by the VPN service.

OpenVPN v2.3.9+

As of OpenVPN version 2.3.9 you can now prevent DNS leaks by specifying a new OpenVPN option. Simply open the .conf (or .ovpn) file for the server that you are connecting to and add the following on a new line. For more information see the OpenVPN manual.

block-outside-dns

If for any reason you are unable to use the solution above continue reading.

If you are using a version of OpenVPN older than v2.3.9

Please note that as this problem normally only affects windows clients, only solutions for Windows appear here.

3 basic steps to fix the problem;

  1. Before connecting to the VPN, set static IP address properties if you are using DHCP
  2. After connecting, remove DNS settings for the primary interface
  3. After disconnecting, switch back to DHCP if neccessary or reapply original static DNS servers

Solution A - Automatic

If you are using OpenVPN on Windows XP/Vista/7 then a fully automated solution is available.

Download dnsfixsetup.exe - (md5 checksum: f212a015a890bd2dae67bc8f8aa8bfd9)

After installation, when you connect to a VPN server, a batch file will be run executing the 3 steps above.

Three scripts are generated for each OpenVPN configuration file;

  1. configfilename_pre.bat - executed when you initiate the connection but before the connection is established - Calls pre.vbs - If any active DHCP adapters exist, switch to static
  2. configfilename_up.bat - executed when the connection is established - Calls up.vbs - Clear the DNS servers for all active adapter except the TAP32 adapter
  3. configfilename_down.bat - executed after the connection is disconnected - Calls down.vbs - Reconfigure adapters back to their original configuration

Solution B - Manually clearing the DNS

The solution below does not switch the adapter to static if you are using DHCP. If you do not switch to a static IP configuration and your computer renews its IP address whilst connected to the VPN, the DNS settings may be overwritten. It is highly recommended to switch to a static IP configuration.

  1. Open the command prompt (cmd.exe) as an administrator.
  2. Before connecting identify the name of the connected network interface. In the case below it is "Local Area Connection" netsh interface show interface
  3. Connect to the VPN. Once connected proceed to the next step.
  4. Flush the DNS resolver cache ipconfig /flushdns
  5. Disable the DNS configuration for the Interface identified in step 1
  6. netsh interface IPv4 set dnsserver "Local Area Connection" static 0.0.0.0 both
  7. Test for DNS leaks.
  8. After disconnecting, reconfigure the adapter to renew the previous DNS settings netsh interface IPv4 set dnsserver "Local Area Connection" dhcp
  9. Once again, flush the DNS resolver cache. ipconfig /flushdns
  10. Done.