Does DNS Test Leak My Real IP Address?

The website which makes the DNS test can only know our DNS provider. It can’t know our real DNS settings or our real IP address behind the proxy.

Question: I use a UK IP address in My IP Hide. But the DNS leak test shows my DNS servers are in Belgium. Does it leak my real IP address?

Answer: The short answer is No. Below is a detailed explanation.

Websites Know Your DNS IP?

The websites which can show our DNS servers are using the same technology. We use this one as an example: https://dnsleaktest.com

Here is the test result for our My IP Hide server 213.229.74.238 (UK5).

DNS Leak Test
DNS Leak Test for UK5 Proxy

It seems that the website dnsleaktest.com knows our DNS servers. In fact, it only knows the ISP of our DNS because our real DNS servers are 8.8.8.8 and 8.8.4.4 instead of 74.125.x.x.

Let’s see how it detects our DNS servers. First, it makes six new domain names such as these ones.

mx8wdhdrls.dnsleaktest.com
sxg1h57t5o.dnsleaktest.com
nnm7ra7ubq.dnsleaktest.com
o69mq7i0a2.dnsleaktest.com
d4hciffhoy.dnsleaktest.com
988rgz5xdg.dnsleaktest.com

Then it uses javascript to make our browser to connect to those domain names. Our browser needs to know the IP address of them. So it makes a DNS query: “What is the IP address of mx8wdhdrls.dnsleaktest.com”.

The query route looks like this: Our Browser -> UK5 Proxy -> 8.8.8.8 -> other Google DNS servers ->  74.125.x.x -> the name server of dnsleaktest.com (ns1.dnsleaktest.com)

What Are Those DNS IP?

Then the name server of dnsleaktest.com knows we used 74.125.x.x to do a DNS query. It made six new domain names so it can get six  IP addresses that query those six new domain names.

But those IP addresses 74.125.x.x are just edge DNS servers that are on the optimal route. ns1.dnsleaktest.com can’t even know their previous nodes. Neither can it know our real DNS servers (8.8.8.8) or our real IP address which is behind the UK5 proxy. What it actually knows is our DNS provider, Google.

Use DNS Test to Check User’s IP?

First, the DNS test can’t get the user’s exact location. For example, websites may get Belgium IP addresses for all the European users, and Taiwan IP addresses for all the Asian users if the users are using Google DNS 8.8.8.8.

Second, the DNS test is costly. It needs extra code to make many one-off domain names and read the logs from the name servers. It also wastes the Internet resources, by adding unnecessary DNS queries for those disposable domain names.

Because of the above two reasons (no exact location and costly), most websites won’t use the DNS test to block foreign visitors. Getting the IP address from the user’s HTTP request is still the main method.

The Meaning of DNS Leak Test

If you don’t use any proxy/VPN and use the default DNS server settings. You should be using the DNS server of your ISP. You will see Comcast, Verizon, or AT&T in the DNS Leak test result.

In that case, your ISP knows all your DNS queries. Thus it can know all the websites you visited.  That is a DNS leak. Some bad ISP may send fake or invalid IP addresses to your DNS queries. Thus it can block some websites.

Moreover, a DNS test may know your exact location if you are using the default DNS servers of your ISP.

The meaning of the DNS leak test is to check whether you are using a safe DNS provider. These are safe DNS providers.

DNS Provider NamePrimary AddressSecondary AddressFeature
Google8.8.8.88.8.4.4unfiltered
Cloudflare1.1.1.11.0.0.1unfiltered
OpenDNS Home208.67.222.222208.67.220.220secure
Level3209.244.0.3209.244.0.4unfiltered
Verisign64.6.64.664.6.65.6unfiltered
DNS.WATCH84.200.69.8084.200.70.40unfiltered
Comodo Secure DNS8.26.56.268.20.247.20secure
Norton ConnectSafe199.85.126.10199.85.127.10secure
Quad99.9.9.9149.112.112.112secure
SafeDNS195.46.39.39195.46.39.40secure
CleanBrowsing185.228.168.9185.228.168.10filtered
FreeDNS45.33.97.5172.104.237.57unfiltered
Alternate DNS76.76.19.19ad-free
Yandex.DNS77.88.8.877.88.8.1unfiltered
UncensoredDNS91.239.100.10089.233.43.71
Hurricane Electric74.82.42.42 
puntCAT109.69.8.51 

How to Fix a DNS Leak

  • Use those safe DNS providers above
  • Use remote DNS if you are using a socks proxy
  • Use a version of OpenVPN newer than v2.3.9
  • Use an HTTP proxy that doesn’t have the DNS leak problem natively
  • Use My IP Hide which is a free VPN for browsers