Back to All Guides

DNS Leaks Explained: How to Detect and Prevent Them

Understand what DNS leaks are, why they compromise your privacy, and how to test and fix them when using a VPN.

What is a DNS Leak?

A DNS (Domain Name System) leak occurs when your DNS requests - the queries that translate website names like "google.com" into IP addresses - bypass your VPN tunnel and go directly to your Internet Service Provider's DNS servers instead.

Even though your VPN is connected and encrypting your traffic, DNS leaks expose which websites you're visiting to your ISP, defeating one of the main purposes of using a VPN: privacy.

Your ISP can see every website you visit, when you visit it, and build a complete profile of your browsing habits - all while you think you're protected by your VPN.

How DNS Works (Simplified)

When you type a website address into your browser, your computer needs to find the numerical IP address for that website. This process works like this:

  1. You type "example.com" in your browser
  2. Your computer sends a DNS query asking "What's the IP address for example.com?"
  3. A DNS server responds with the IP address (e.g., "93.184.216.34")
  4. Your browser connects to that IP address to load the website

With a VPN: Your DNS queries should go through the VPN's encrypted tunnel to the VPN provider's DNS servers.

With a DNS leak: Your queries bypass the VPN and go straight to your ISP's DNS servers, exposing your browsing.

What Causes DNS Leaks?
  • Operating System Behavior: Windows and other OSes sometimes use features (like "Smart Multi-Homed Name Resolution") that send DNS requests outside the VPN
  • IPv6 Leaks: If your VPN only routes IPv4 traffic, your IPv6 DNS requests may leak
  • Poor VPN Configuration: The VPN app fails to properly route DNS traffic through its servers
  • Manual DNS Settings: Custom DNS servers configured on your device might override the VPN's DNS
  • VPN Connection Issues: Brief disconnections can cause your system to temporarily use ISP DNS
How to Test for DNS Leaks

Testing for DNS leaks is simple and takes less than a minute:

  1. Connect to your VPN and choose a server location
  2. Visit a DNS leak test website like:
    • dnsleaktest.com
    • ipleak.net
    • dnsleak.com
  3. Run the standard or extended test
  4. Check the results:

    No leak: You should see DNS servers belonging to your VPN provider, located in the country of the VPN server you connected to

    DNS leak detected: You'll see DNS servers belonging to your ISP or in your real location

How to Prevent DNS Leaks

Use Built-in DNS Leak Protection

Most quality VPNs include DNS leak protection that automatically routes all DNS queries through the VPN tunnel. Enable this feature in your VPN settings if available.

Disable IPv6

If your VPN doesn't support IPv6, temporarily disable IPv6 on your device to prevent IPv6 DNS leaks. Most VPNs only route IPv4 traffic.

Use VPN's DNS Servers

Configure your device to use only the VPN's DNS servers, or let the VPN app handle DNS automatically. Avoid manual DNS settings like Google DNS (8.8.8.8) or Cloudflare (1.1.1.1) when using a VPN.

Choose a VPN with DNS Leak Protection

Not all VPNs properly handle DNS. Premium VPNs run their own private DNS servers and include robust leak protection.

Why DNS Leaks Matter

Even with a DNS leak, your ISP and others still can't see the content of your communications (if the website uses HTTPS). However, they can see:

  • Every website domain you visit
  • When you visit them and how often
  • Your browsing patterns and habits
  • What streaming services you use
  • What you're researching or interested in

This metadata is valuable for building profiles, targeted advertising, and can be shared with or sold to third parties.

Get a VPN with Built-in DNS Leak Protection

All our recommended VPNs include robust DNS leak protection and run their own secure DNS servers.

Find Your Secure VPN