DNS Leak
A DNS leak occurs when your DNS requests bypass the VPN and go to your ISP's DNS servers. You think you're protected, but your browsing history is exposed.
DNS Leak Test
Check whether your DNS requests are leaking outside your VPN tunnel. Free DNS leak test tool.
DNS LEAK TEST
This test checks whether your DNS requests leak outside your VPN tunnel. If you are not using a VPN, seeing your ISP's DNS servers is normal.
The test queries multiple checkpoints through your browser. Results are not stored on Secunnix servers.
What Is a DNS Leak?
DNS (Domain Name System) is the internet's 'phone book' — it translates domain names into IP addresses. When using a VPN, your DNS queries should also pass through the tunnel.
How It Happens
OS DNS settings, IPv6 leaks, router configurations, or VPN connection drops can all cause DNS leaks.
VPN Protection
Trusted VPNs use their own DNS servers, offer kill switches, and provide IPv6 leak protection.
Secure DNS
DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) protocols encrypt your DNS queries for better privacy.
What Is a DNS Leak?
DNS (Domain Name System) is the internet's 'phone book' — it translates domain names you type (e.g. google.com) into IP addresses computers understand. Normally your ISP's DNS servers handle this translation, which means your ISP can see which sites you visit.
When using a VPN, your DNS queries should also pass through the VPN tunnel. A DNS leak is when these queries escape the tunnel and go to your ISP's DNS servers. Result: you think you're protected but your browsing history is exposed to your ISP.
How Do DNS Leaks Happen?
| Leak Type | Cause | Risk Level |
|---|---|---|
| OS DNS Leak | Windows Smart Multi-Homed Name Resolution sends DNS queries outside VPN | High |
| IPv6 Leak | VPN only tunnels IPv4 traffic, IPv6 DNS queries are exposed | High |
| Router DNS Leak | Router's own DNS settings bypass the VPN | Medium |
| Configuration Error | DNS leak protection disabled in VPN application | Medium |
| VPN Connection Drop | DNS traffic exposed when VPN drops without kill switch | High |
VPN DNS Leak Protection Comparison
| VPN | Private DNS | IPv6 Protection | Kill Switch |
|---|---|---|---|
| NordVPN | Yes — own DNS servers | Yes | Yes |
| ExpressVPN | Yes — private DNS on each server | Yes | Yes (Network Lock) |
| Surfshark | Yes — private DNS | Yes | Yes |
| Mullvad | Yes — DNS-over-HTTPS | Yes | Yes (always active) |
| ProtonVPN | Yes — DNS-over-TLS | Yes | Yes |
| Free VPNs | Usually no | Rarely | Rarely |
5 Ways to Prevent DNS Leaks
- Enable DNS leak protection: Turn on 'DNS Leak Protection' in your VPN app's Settings > Advanced section.
- Use a kill switch: A kill switch stops all internet traffic when VPN drops, preventing DNS query exposure.
- Disable or protect IPv6: If your VPN lacks IPv6 protection, temporarily disable IPv6 in your OS to prevent leaks.
- Use trusted DNS servers: Configure reliable DNS providers like Cloudflare (1.1.1.1), Quad9 (9.9.9.9), or Google (8.8.8.8).
- Test regularly: Run a DNS leak test every time you connect to VPN, switch servers, or change networks.
Secure DNS Protocols
Traditional DNS queries are sent as unencrypted plaintext. Modern DNS protocols encrypt these queries for better privacy:
- DoH: DNS-over-HTTPS (DoH): Encrypts DNS queries over HTTPS. Built-in support in Firefox and Chrome.
- DoT: DNS-over-TLS (DoT): Protects DNS queries with TLS encryption. Available as 'Private DNS' on Android 9+.
- DNSCrypt: DNSCrypt: Open-source protocol that encrypts and authenticates DNS traffic. Requires additional software.
Resources & References
Frequently Asked Questions
What is a DNS leak?
A DNS leak is when your DNS requests escape the VPN tunnel despite using a VPN. When this happens, your ISP can see which websites you visit.
How is a DNS leak detected?
A DNS leak test checks which servers handle your DNS requests. If the DNS server belongs to your ISP instead of your VPN provider, there's a leak.
Why is a DNS leak dangerous?
Your ISP and potentially government agencies can monitor which sites you visit. You think you're private but your browsing history is exposed.
I use a VPN but have a DNS leak, what should I do?
Enable DNS leak protection in your VPN app, turn on the kill switch, and make sure your VPN uses its own DNS servers.
Which VPNs offer DNS leak protection?
Leading VPNs like NordVPN, ExpressVPN, Surfshark, Mullvad, and ProtonVPN all offer built-in DNS leak protection.
Does changing my DNS server prevent leaks?
Switching to trusted DNS providers like Cloudflare, Google, or Quad9 is better than ISP DNS, but not sufficient alone. Use it with a VPN.
What is an IPv6 DNS leak?
Many VPNs only tunnel IPv4 traffic and ignore IPv6. If your device supports IPv6, DNS queries may leak via IPv6 outside the VPN.
How often should I run a DNS leak test?
It's recommended to test every time you connect to VPN, switch servers, or change networks.
Our Customers
