DNS Leak
A security flaw where DNS queries bypass the VPN tunnel and are sent to your ISP's DNS servers, revealing which websites you visit.
A DNS leak occurs when your device sends domain name resolution requests outside the encrypted VPN tunnel. Even with a VPN active, your ISP can see every domain you visit if DNS leaks are present.
How DNS Leaks Happen
- Misconfigured VPN software or network settings
- Operating system overriding VPN DNS settings (common on Windows)
- IPv6 traffic not being tunneled by the VPN
- Smart Multi-Homed Name Resolution on Windows
How to Prevent DNS Leaks
- Use a VPN with built-in DNS leak protection (most premium VPNs include this)
- Run a DNS leak test at dnsleaktest.com while connected
- Disable IPv6 if your VPN doesn't support it
- Use the VPN's own DNS servers instead of public ones
FAQ
How do I test for DNS leaks?
Connect to your VPN, then visit dnsleaktest.com and run an extended test. If you see your ISP's DNS servers instead of the VPN's, you have a leak.
Do all VPNs protect against DNS leaks?
Most premium VPNs include DNS leak protection, but it may not be enabled by default. Check your VPN settings and verify with a leak test.