vpn dns leaks protected does your vpn have dns leaks

Does Your VPN Sevice Allow DNS Leaks? [2021 Case Study]

In this post I am going to describe an issue that has ruined my VPN reviewing experience.

First of all, I would like to clarify that I don't believe this is an issue related to your privacy.

Initially, I was worried about that but after a ton of experiments I came to realize that there is a problem in routing and DNS lookups (which may even mean that VPN providers use more virtual servers than they tell us).

I'm confident that several VPN services perform a weird-looking DNS lookup, in which for instance you are connected to a US VPN server and a European DNS server shows up too. This affects the VPN's ability to bypass geo-blocking, but it doesn't reveal anything about your location (other than the fact that you are probably in Europe in this case).

First, I would like to explain the tools I used and why I used them. I used three DNS leak-testing tools, DNSLeakTest, DNSLeak by Private Internet Access, and ExpressVPN's DNS leak testing tool.

During these tests I noticed that DNSLeakTest does more extended DNS leak testing and can identify all the DNS servers. DNSLeak seems quite similar in that aspect, while ExpressVPN seems to stick to the most standard test.

I observed the following issue: Some VPN providers use DNS servers in mismatching regions, e.g., the US and Netherlands, and if the streaming service's standard DNS test identifies such issue, it will flag you as a VPN user, and you will not be able to see any content (e.g., in the case of Disney+) or you will see limited content as in the case of Netflix.

Please also note that I own two Windows PCs and on one everything works like a charm while I have encountered these issues on the other, newer one, where I do most of my work and testing.

The whole situation indicates that there is something wrong, I just can't tell at what level yet.

I have informed all involved parties and I will keep informing other VPN service providers whose services demonstrate similar behavior.

Notice that there is one particular DNS server IP that keeps showing up, 181.214.35.152 ran by Heficed Network Operating Center in Brazil.

suspect DNS server IP
I get the feeling this DNS server shouldn't be reached.

The second culprit is a server in Hungary with the IP address 185.252.223.50 ran by a Hungarian DNS provider.

I don't believe these servers are part of any VPN network and I can't tell why there is encrypted traffic directed to them.

But I think we are going to find out.

Whether it is malware, adware, buggy software or a wrong default set up.

I will be adding more VPNs to this post until I cover them all.

DNS Leak Test

For this test I have set all protocols on Automatic for every VPN client and I have enabled the kill switch.

Split tunneling is disabled to avoid any extra leaks. The premise under which I'm working here is that the VPN will send all traffic to the VPN server, my ISP will route that traffic, and the DNS lookup should be performed with the VPN server as a client in the region I'm connected.

Let's see if that is what happens in practice. I will list VPNs in alphabetic order as I don't mean to support on indict any VPN in this list.

After all, I'm an affiliate for all of them (except for ExpressVPN and that's actually quite funny), so I would make money by promoting every single one of them.

CyberGhost

At the moment, using CyberGhost is like a curse for me. The moment I connect to a VPN server and perform a DNS leak test, I get this bizzare result.

First Connection – United States, New York

cyberghost us dnsleaktest

Here it is. I am connected to the US but another DNS server shows up, in Amsterdam, Netherlands. Is this a virtual server location?

For streaming, this means that Disney+ and Netflix will show me the US homepage indeed. But when I try to log in, Disney+ redirects me from the page https://disneyplus.com/login to the blank page https://disneyplus.com/en-gb/login. This is an issue I have witnessed a ton of times for the past 10 months, and I know that my VPN does not work when it happens.

The IP is not banned, but I think my use of VPN is detected due to the VPN's own DNS leak.

Netflix is less punishing but it doesn't show me the US library. It doesn't show me the Netherlands library either. I am stack in what I call a no-man's-region library, a generic one. I can watch movies and tv shows, but US exclusives are not there.

Second Connection – United Kingdom

cyberghost dnsleaktest results uk
DNSLeakTest results for CyberGhost – UK

Let's try the other two tools now, DNSLeak and ExpressVPN's DNS leak test now. The results are identical for DNSLeak and the IPs are also correct in ExpressVPN's test.

cyberghost uk dnsleak
DNSLeak results for CyberGhost – UK
ExpressVPN leak tests
ExpressVPN leak test results for CyberGhost – UK

What I want you to note here is that all three tools reported two DNS servers in mismatching locations, UK and Hungary. It would make sense for a streaming service to consider this an issue and not allow you to continue.

I don't know exactly what this all means, but it doesn't look good. Let's move to the next VPN service.

ExpressVPN

ExpressVPN did not have any leaks, and it's the reason I have the audacity to publish this article. One VPN provider actually gets it right, so it can't be my or my computer's fault.

First Connection – United States, New York

Second Connection – United Kingdom

I did not do anything special here. I just switched my location and we that there are two DNS servers in the UK.

Once again, no leaks. I would like to note that ExpressVPN automatically activates the browser extension when I connect to it. I don't know if it makes a difference, but it could, so I will try removing it and see whether I can reproduce the leak.

Disney+ US and UK and Netflix US and UK both worked with ExpressVPN. For Disney+, I had to delete my Disney+ cookies as I'm sure it tries to match the location in cookies with the one from the request, so a new session was necessary.

We can see that ExpressVPN's servers are 100% compatible with the connected location and work like a charm.

Removing the ExpressVPN Browser Extension

I was sure that removing the browser extension would lead to leaks. It didn't though…

 DNSLeakTest's test - 4 US Servers
DNSLeakTest's test – 4 US Servers
DNSLeak's test - 4 US Servers
DNSLeak's test – 4 US Servers
Express VPN's leak test - 2 US servers
Express VPN's leak test – 2 US servers

At least one service seems to fully cover my traffic and mask my location completely.

Why isn't that the case with others?

Ivacy VPN

Ivacy was the first VPN I bought and I was hoping it would do well. The results were mixed though.

Ivacy VPN is the reason I have an idea of what the actual issue is here.

First Connection – United States, New York

In this case dnsleaktest.com and dnsleak.com reported two DNS server addresses while ExpressVPN found only one, the US DNS server.

Here I would to pinpoint the significance of ExpressVPN's standard test. As you can see, ExpressVPN's test did not discover the second server and I believe streaming services perform similar standard and fast DNS tests.

Consequently, Netflix worked and showed me the US library (I keep searching for Hannibal, which you can't find in most libraries, including the no-man's-region library).

Even more surprisingly, Disney+, the VPN police, showed the US home page and I successfully logged in to the service. Good job Ivacy!

At this point I noticed that I had not enabled the IP/DNS protection for Ivacy which wasn't fair to it.

The VPN's DNS leak is still there but the streaming services work.

Second Connection – United Kingdom

These are the most confusing results I have seen. Hungary and the UK shouldn't be compatible. The extended test by DNSLeakTest found one DNS Server in Hungary, DNSLeak found two and ExpressVPN's found one in the UK.

Netflix and Disney+ UK worked so this adds more fuel to my theory that standard DNS leaks can be bypassed.

Ivacy worked in both cases.

NordVPN

NordVPN is the most interesting case as sometimes works and others it doesn't. Unsurprisingly, in all cases it works I can only see one DNS server.

First Connection – United States, New York

This is another very weird DNS server composition.

One DNS server leaking and one not according to DNSLeak.

ExpressVPN only reports the US server. Let's see if Netflix US and Disney+ US work now (they didn't work 2 hours ago).

Neither Netflix nor Disney+ worked with NordVPN. Now let's see what happens if I enable the browser extension.

Now both Netflix and Disney+ work, but let's see what's going on with the leaks.

All three tools agree to a single DNS server location, that's why Disney+ US and Netflix US worked as expected.

So, what does this mean? How can something on my computer cause this?

And what happens to the traffic that is not going through my browser? Does it still leak multiple DNS server addresses?

Second Connection – United Kingdom

At this point I moved on to connect to United Kingdom, with the browser extension disabled.

nordvpn uk dnsleaktest results
DNSLeak Test shows one DNS server in Hungary.
nordvpn uk dnsleak results
DNSLeak reports 2 DNS servers, one in UK and one in Hungary.
nordvpn uk expressvpn dns leak results
ExpressVPN's tool reports 2 DNS servers, one in UK and one in Georgia (another misregistration, presumably).

Once again, nothing works in the two streaming services.

Let's enable NordVPN's browser extension once again.

nordvpn uk dns leak test
nordvpn uk dns leak
nordvpn uk expressvpn leak test

Back to normal, with streaming services working properly.

VyprVPN

VyprVPN is the next VPN I'm going to review, so the first thing to do was to check whether the leak is present. That HOST1PLUS server seems to keep showing up and I get the feeling that it's not related to any VPN. The question is why VyprVPN's traffic ends up performing a DNS lookup in the Netherlands.

Also, VyprVPN does not offer a browser app so the test is limited to the native Windows client.

First Connection – United States, New York

vyprvpn dns leak test united states
DNS Leak Test finds 4 DNS servers but one of them keeps showing up.
vyprn vpn dns leak

Second Connection – United Kingdom

vyprvpn uk dnsleaktest
DNSLeakTest test results
vyprvpn uk dnsleak
DNSLeak test results
vyprvpn uk expressvpn leak test
ExpressVPN Leak Test

Summary

I don't know what readers make of all this but it feels that non-browser traffic is quite easily traced to a VPN in my case and even browser traffic is, without a browser extension.

I'm quite impressed that ExpressVPN still works as intended even without the browser extension, and I get the feeling that it's the only VPN service that actually protects my traffic in full.

I don't think this is a case where the reviewer messed up. Instead, I think this is a case where the reviewer looked too closely. This post is not an indictment to VPN services; it shows that bugs in software combined with other bugs in software can lead to… this.

All I can say is that there is a reason VPN support asks you to use the browser extensions to access streaming services. But what does that mean for non-browser traffic?

Scroll to Top
%d bloggers like this: