Windows 10 Using a VPN on Win10? Prevent Info Leakage

ragnarok1968

Well-Known Member
article:Guide: Prevent DNS leakage while using a VPN on Windows 10 (and Windows 8)

While the most popular way to keep your privacy online intact is through the use of a VPN provider, it's not always as straight forward as you think, by just installing it and hoping for the best. For that reason we have created a guide to ensure that your VPN isn't leaking DNS queries.

A Google search for smart multi-homed name resolution in Windows returns a lot of results to disablethe feature, but what is it? From Windows 8 on, Microsoft introduced a feature that speeds up DNS queries by using all of the network adapters available on the system, to pass back the first (quickest) result. This means that even if you are using a VPN to surf online, but have more than one network adapter in your system, the DNS query could be passed outside of your VPN connection.

Below, we will disable it on Windows 8 and Windows 10, but as pointed out above, this really only applies to systems that have more than one network adapter that is connected to the internet, such as multiple wired connections or a wired and WiFi connection.

Windows 8.x systems
The following registry edit only applies to Windows 8 systems and does not work on Windows 10.

If you are uncomfortable with editing the registry, you can skip past this section and use the Group Policy method instead, which does the same thing.



Note: Manipulating the Registry may lead to issues if done incorrectly. It is suggested that you create a backup of the Windows Registry before you continue. This can be done by selecting a Registry Hive in the Registry Editor, and then File > Export from the menu bar.

  1. Open the Windows Registry Editor. One easy option to do that is to tap on the Windows-key, type regedit.exe, and hit the Enter-key. Windows throws an UAC prompt which you need to confirm.
  2. Go to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient
  3. If the Dword value DisableSmartNameResolution exists already, make sure it is set to 1.
  4. If it does not exist, right-click on DNSClient, and select New > Dword (32-bit) Value from the menu.
  5. Name it DisableSmartNameResolution.
  6. Set its value to 1. You may turn the feature back on at any time by setting the value to 0, or by deleting the Dword value.
  7. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters
  8. If the Dword value DisableParallelAandAAAA exists already, make sure its value is set to 1.
  9. If the value does not exist, right-click on Parameters, and select New > Dword (32-bit) Value.
  10. Name it DisableParallelAandAAAA.
  11. Set the value of the Dword to 1. You can turn the feature back on by setting the value to 0, or by deleting the value.
Now you can close the registry editor, and reboot Windows for the changes to take effect.

Windows 8 & 10 systems (Group Policy method)
The following applies to all Windows 10 editions, but is also possible in Windows 8 instead of editing the registry.

Before we begin, the following Group Policy edit is only available in Windows 10 Pro editions. If you are running Windows 10 Home, you can use Policy Plus to edit the following Group Policy required to turn off smart multi-homed name resolution.



  1. Do the following to open the Group Policy Editor in Windows: Tap on the Windows-key on the keyboard, type gpedit.msc, and hit the Enter-key on the keyboard.
  2. Go to Computer Configuration > Administrative Templates > Network > DNS Client > Turn off smart multi-homed name resolution.
  3. Set the policy to enabled, to disable the smart multi-homed name resolution feature of the system.


Be sure to reboot your system for the changes to take effect.

This isn't by any means a surefire way to protect your privacy online, many other factors come into play as well. If you have a favorite tweak that you use to stay safe online, share it below in the comments; together, let's make browsing great safe again!

Credit: Thanks to Ghacks for the guide
 

BIGBEARJEDI

Fantastic Member
Premium Supporter
Hi Chris,
Thanks for posting this. For many of our average users, they are probably not ready for using VPN. I still have a project to test them out for next year and do a presentation on them. I use the very expensive ones on the market from places like Cisco & SonicWALL for my business customers. I've yet to try the new Opera that has the free VPN built in; but it looks promising. The other VPNs still have setups that require considerable computer networking skills to get working, plus they are fee-driven from $5-$10 month for a subscription or more.

Take a look at this article from PC-MAG which discusses this in more detail here: Opera
Having the VPN built-into the browser eliminates VPN and multi-adapter configuration needs in the registry (an inherently risky procedure for many home users who don't know about backup or those that do know and simply choose to work without a net).

The other thing we should have looked at, I'd like to test it out, is how the new Opera performs on W10 versus Linux versions. As I think I've resolved my W10-Linux dual-boot project, I hope to get to it in on my Test machine in a month or two. If anyone else has used Opera on W10 or Linux (please specify your versions tested) I think it would be worth sharing on this thread, and tell us how it works for you.

Good post.:thumbs_up:
Cheers!:teeth:
<<BIGBEARJEDI>>
 

ragnarok1968

Well-Known Member
Hi Chris,
Thanks for posting this. For many of our average users, they are probably not ready for using VPN. I still have a project to test them out for next year and do a presentation on them. I use the very expensive ones on the market from places like Cisco & SonicWALL for my business customers. I've yet to try the new Opera that has the free VPN built in; but it looks promising. The other VPNs still have setups that require considerable computer networking skills to get working, plus they are fee-driven from $5-$10 month for a subscription or more.

Take a look at this article from PC-MAG which discusses this in more detail here: Opera
Having the VPN built-into the browser eliminates VPN and multi-adapter configuration needs in the registry (an inherently risky procedure for many home users who don't know about backup or those that do know and simply choose to work without a net).

The other thing we should have looked at, I'd like to test it out, is how the new Opera performs on W10 versus Linux versions. As I think I've resolved my W10-Linux dual-boot project, I hope to get to it in on my Test machine in a month or two. If anyone else has used Opera on W10 or Linux (please specify your versions tested) I think it would be worth sharing on this thread, and tell us how it works for you.

Good post.:thumbs_up:
Cheers!:teeth:
<<BIGBEARJEDI>>
That's good to hear BBJ! It seems at face value fairly easy to do. But yes it seems some technical expertise is necessary to get this running.
Thanks BBJ for the kind words!
 
Top