Guide: Prevent DNS leakage while using a VPN on Windows 10 (and Windows 8)

While the most popular way to keep your privacy online intact is through the use of a VPN provider, it's not always as straight forward as you think, by just installing it and hoping for the best. For that reason we have created a guide to ensure that your VPN isn't leaking DNS queries.

A Google search for smart multi-homed name resolution in Windows returns a lot of results to disable the feature, but what is it? From Windows 8 on, Microsoft introduced a feature that speeds up DNS queries by using all of the network adapters available on the system, to pass back the first (quickest) result. This means that even if you are using a VPN to surf online, but have more than one network adapter in your system, the DNS query could be passed outside of your VPN connection.

Below, we will disable it on Windows 8 and Windows 10, but as pointed out above, this really only applies to systems that have more than one network adapter that is connected to the internet, such as multiple wired connections or a wired and WiFi connection.

Windows 8.x systems

The following registry edit only applies to Windows 8 systems and does not work on Windows 10.

If you are uncomfortable with editing the registry, you can skip past this section and use the Group Policy method instead, which does the same thing.

Note: Manipulating the Registry may lead to issues if done incorrectly. It is suggested that you create a backup of the Windows Registry before you continue. This can be done by selecting a Registry Hive in the Registry Editor, and then File > Export from the menu bar.

  1. Open the Windows Registry Editor. One easy option to do that is to tap on the Windows-key, type regedit.exe, and hit the Enter-key. Windows throws an UAC prompt which you need to confirm.
  2. Go to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient
  3. If the Dword value DisableSmartNameResolution exists already, make sure it is set to 1.
  4. If it does not exist, right-click on DNSClient, and select New > Dword (32-bit) Value from the menu.
  5. Name it DisableSmartNameResolution.
  6. Set its value to 1. You may turn the feature back on at any time by setting the value to 0, or by deleting the Dword value.
  7. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters
  8. If the Dword value DisableParallelAandAAAA exists already, make sure its value is set to 1.
  9. If the value does not exist, right-click on Parameters, and select New > Dword (32-bit) Value.
  10. Name it DisableParallelAandAAAA.
  11. Set the value of the Dword to 1. You can turn the feature back on by setting the value to 0, or by deleting the value.

Now you can close the registry editor, and reboot Windows for the changes to take effect.

Windows 8 & 10 systems (Group Policy method)

The following applies to all Windows 10 editions, but is also possible in Windows 8 instead of editing the registry.

Before we begin, the following Group Policy edit is only available in Windows 10 Pro editions. If you are running Windows 10 Home, you can use Policy Plus to edit the following Group Policy required to turn off smart multi-homed name resolution.

  1. Do the following to open the Group Policy Editor in Windows: Tap on the Windows-key on the keyboard, type gpedit.msc, and hit the Enter-key on the keyboard.
  2. Go to Computer Configuration > Administrative Templates > Network > DNS Client > Turn off smart multi-homed name resolution.
  3. Set the policy to enabled, to disable the smart multi-homed name resolution feature of the system.

Be sure to reboot your system for the changes to take effect.

This isn't by any means a surefire way to protect your privacy online, many other factors come into play as well. If you have a favorite tweak that you use to stay safe online, share it below in the comments; together, let's make browsing great safe again!

See also:

Credit: Thanks to Ghacks for the guide

Report a problem with article
Previous Story

Apple reportedly ready to launch LTE-only, standalone Apple Watch Series 3

Next Story

Daybreak rebrands H1Z1: Just Survive alongside massive new update to the game

12 Comments - Add comment

Advertisement