What are DNS, WEBRTC, and IPV6 Leaks & How to Prevent Them

Last Updated by Joel Timothy on March 05, 2019

Internet privacy is a huge concern for many people, and whenever you’re online, your information is at risk of being exposed.

Third-parties like marketing networks can track your browsing history and habits, ISPs can see every query and data you send, and cybercrime is always evolving.

With a VPN, you can hide your IP and protect your privacy when online, however, not all VPNs are created equal.

Despite encrypting your traffic, some VPNs can still leak information, which is extremely risky as it could expose your identity and online activities.

What is a VPN leak?

Usually, when you send encrypted data through a VPN, nobody should be able to see your public IP address, and your DNS requests shouldn’t be visible to any DNS server other than that of the VPN.

A leak is a security flaw that causes a VPN to reveal information to your ISP and other third parties.

Common VPN leaks

  1. DNS leaks
  2. WEBRTC leaks
  3. IPV6 leaks

1 DNS leaks

A DNS translates domain names into machine read IP addresses to facilitate browsing. When you type the name of a website, a query is sent to the ISP’s DNS server which response is the IP address, and, therefore, ISPs can monitor and log all requests you submit.

With a VPN, queries are redirected to an anonymous DNS server, but if the browser continues to use the ISP’s servers, that’s a DNS leak.

You can test for a DNS leak using websites like DNSLeak.com and dnsleaktest.com. The tests will give you the name of the DNS server you are using, and if it indicates your ISP’s server, you have a leak.

How to Prevent DNS Leaks

  • When you connect to a VPN, your DNS servers should change automatically; however, with some Windows devices this tends to be temperamental, so you have to change the DNS servers manually.
  • If the VPN you are using doesn’t have private DNS servers, you can use Open DNS (preferred: 208.67.222.222, alternate: 208.67.220.220), Comodo Secure DNS (preferred: 8.26.56.26, alternate: 8.20.247.20), or Google Public DNS (preferred: 8.8.8.8, alternate: 8.8.4.4), which can result in an improvement in connection speeds.
  • Use a VPN with DNS Leak Protection. Some top VPNs like ExpressVPN, NordVPN, and CyberGhost have DNS Leak protection that prevents your device from overwriting VPN DNS servers, avoiding leaks.

2 WebRTC Leaks

Web Real-Time Communication allows web browsers to communicate P2P without the need for an extra add-on. While the technology results in faster speeds and less lag, it also poses a huge privacy and security risk when using a VPN.

For two devices to communicate via WebRTC, they need each other’s IP address. A direct connection like this can bypass VPN encryption leaving third-party website able to identify your real IP address by exploiting browsers like Firefox, Opera, Chrome, and Brave.

Typically, this is achieved through STUN requests to the browser, and the result is a WebRTC leak.

Daniel Roesler exposed this vulnerability on his GitHub page in 2015.

“Firefox and Chrome have implemented WebRTC that allow requests to STUN servers be made that will return the local and public IP addresses for the user. These request results are available to javascript, so you can now obtain a user’s local and public IP addresses in javascript. This makes these types of requests available for online tracking if an advertiser sets up a STUN server with a wildcard domain.”

Put simply; any website can efficiently execute Javascript commands to obtain IP addresses via browsers, even when using a VPN. To check for any WebRTC leaks, you can use www.ipleak.org

How to prevent WebRTC Leaks

  • Disable the WebRTC capability in your browser. Since the browser is the root cause of the problem, it would make sense to address this first.
  • If your browser doesn’t allow you to disable WebRTC (e.g., with Chrome, Edge & Brave), use browser extensions, but be aware that add-ons are not 100% effective, and an IP address could still be exposed with the right STUN code.
  • Use a VPN that prevents WebRTC leaks; this is the most effective way to way to avoid them.

3 IPv6 Leaks

IPv6 addresses are the next generation of the protocol and the solution to the exhaustion of the current format. Although IPv6 was devised to improve online communications, it also poses some serious privacy and security issues, mostly because adoption has been slow.

Current VPNs only handle IPv4 technology, so if your ISP uses IPv6, these requests are ignored by the VPN, resulting in a leak.

If a third-party makes an IPv6 request, your identity could be exposed; however, some VPNs block IPv6 traffic altogether to avoid this problem.

Check if your VPN prevents IPv6 leaks at www.ipleak.net

How to Prevent IPv6 Leaks

  • Disabling IPv6 on your device is the most effective way. However, some devices, like Android and iOS, don’t allow this, but you can disable IPv6 directly on routers to ensure that no connected devices get issued with an IPv6 address, preventing leaks.
  • Use a VPN with IPv6 Leak Protection. ExpressVPN, NordVPN, and CyberGhost VPN have implemented DNS Leak protection features within their client apps. Make sure you turn DNS leak protection on as it can be off by default.

Solving DNS, WebRTC, and IPv6 Leaks at one go

Though there are various ways to resolve leaks, some of them are complicated, and others just not effective.
vpn leak protectionSome VPNs can prevent leaks altogether, with advanced security and privacy features enabling protection with the click of a button.
ExpressVPN leak protectionDNS, IPv6, and WebRTC leaks are serious security threats, and they can expose your data while assuming your VPN protects you.

Some VPNs are just not good enough to prevent leaks, so you must invest in an established service or implement the various techniques of identifying and protecting yourself.

Joel Timothy
Joel is an online privacy advocate, writer, and editor with a special interest in cyber security and internet freedom. He likes helping readers tackle tricky tech and internet issues, as well as maximize the boundless power of the internet.