You're using a VPN — but your browsing might still be leaking to your ISP. A DNS leak can expose which websites you visit, defeating the purpose of your VPN.
What Is a DNS Leak?
When you visit a website, your device asks a DNS server to translate the domain name into an IP address. With a VPN, these DNS queries should go through the encrypted VPN tunnel.
A DNS leak happens when those queries bypass the tunnel and go directly to your ISP's DNS server. Result: your ISP sees every domain you visit, even though you think you're protected.
Causes of DNS Leaks
- Misconfigured VPN client
- Windows "Smart Multi-Homed Name Resolution" sending queries outside the tunnel
- Manually configured DNS settings that override the VPN
- IPv6 leaks when the VPN only tunnels IPv4 traffic
How to Test for a DNS Leak
- Connect to your VPN.
- Visit our IP checker — your IP should show the VPN server's IP, not your real one.
- Look at the ISP field. If it shows your real internet provider (not the VPN provider), you may have a DNS leak.
- Run an DNS lookup and note which DNS servers respond.
How to Fix a DNS Leak
1. Use a VPN with Built-in DNS Leak Protection
Quality VPN providers like NordVPN and Surfshark automatically route all DNS queries through the VPN tunnel. Enable DNS leak protection in your VPN app settings if available.
2. Set a Private DNS Server
Configure your OS to use a privacy-respecting public DNS server:
- Cloudflare:
1.1.1.1and1.0.0.1 - Google:
8.8.8.8and8.8.4.4
3. Disable IPv6 (if needed)
If your VPN doesn't support IPv6, disable it in your network settings to prevent IPv6 DNS queries from leaking outside the tunnel.
Conclusion
A DNS leak undermines your VPN's protection completely. Test regularly, use a VPN with built-in DNS protection, and consider switching to a privacy-focused DNS server.