What is DNS?
DNS (Domain Name System) is like the internet's phone book. When you type a website address like "google.com", DNS translates it to an IP address (like 142.250.80.46) that computers use to connect.
google.com
You type this
DNS Server
Looks up the address
142.250.80.46
Returns IP address
What is a DNS Leak?
A DNS leak occurs when your DNS queries bypass the VPN tunnel and go directly to your ISP's DNS servers. This reveals the websites you visit, even when connected to a VPN.
What Gets Exposed
- Every website you visit
- Your real geographic location
- Your ISP (identifiable by DNS server)
- Timestamps of when you visited each site
How to Test for DNS Leaks
- 1Connect to your VPN
- 2Visit a DNS leak test website (dnsleaktest.com, ipleak.net)
- 3Run the extended test
- 4Check the results - you should only see your VPN provider's DNS servers
- 5If you see your ISP's DNS servers, you have a leak
No Leak (Good)
Results show only VPN provider's DNS servers, located in the VPN server's country.
DNS Leak Detected (Bad)
Results show your ISP's DNS servers or servers in your real location.
How to Prevent DNS Leaks
Use a VPN with Built-in DNS Leak Protection
Most reputable VPNs include automatic DNS leak protection. Make sure it's enabled in settings.
Use Your VPN's DNS Servers
Configure your device to use your VPN provider's DNS servers rather than your ISP's.
Disable IPv6
IPv6 can bypass VPN tunnels. Disable it in your network settings if not needed.
Use Third-Party Secure DNS
Use privacy-focused DNS like Cloudflare (1.1.1.1) or Google (8.8.8.8) as backup.
Configure Firewall Rules
Advanced: Block all DNS traffic except through the VPN tunnel.
Get a Leak-Proof VPN
All our recommended VPNs include DNS leak protection by default.
View Best VPNs