What is a DNS Leak?

What is DNS Leak

If you use VPNs or have browsed the VPN market looking for the best deal, then you’ll have heard the term ‘DNS Leak.’ Many VPN services pride themselves on offering DNS leak protection, and it is considered an essential feature of a decent VPN service.

While many internet users are aware that leaking DNS is bad, what isn’t so clear is why. Fortunately, we have put together a complete guide on everything you need to know about DNS leaks so that you can understand why it is so important to use a VPN that offers DNS leak protection.

This article is a part of a series:

Chapter 1: VPN for Dummies

Chapter 2: How to set up a VPN

Chapter 3: Can you be tracked with a VPN?

Chapter 4: Should you be using a VPN?

Chapter 5: Do I need a VPN at home?

Chapter 6: What does a VPN hide?

Chapter 7: How do I know if my VPN is working?

Chapter 8: How does a VPN work?

Chapter 9: What does your ISP see when using a VPN?

Chapter 10: Why does my VPN keep disconnecting?

Chapter 11: Why is my VPN slow?

Chapter 12: How to check your VPN location

Chapter 13: What is a VPN Kill Switch?

Chapter 14: How to cancel a VPN subscription

Chapter 15: What types of encryption does a VPN have?

Chapter 16: How does a VPN protect you?

Chapter 17: What is split tunneling on VPN?

Chapter 18: What is a VPN used for?

Chapter 19: How to hide your IP-address

Chapter 20: The ultimate guide to VPN tunneling

Chapter 21: What is a DNS leak?

What is DNS?

Before you can understand what a DNS leak is and why it is something you want to avoid, you need to know what DNS is. DNS stands for Domain Name System or Domain Name Service. DNS makes it easy for browsers to interact with each other through their IP addresses.

All websites, devices, and other internet services have an IP (Internet Protocol) address, which helps enable all communications online. For example, every website has a unique IP address, but because this is too difficult for people to remember, we use web addresses instead. Once we input a web address, DNS translates this domain name to the website’s IP address in the background; this then helps internet users reach their desired website.

So, without the Domain Name System, we wouldn’t be able to seamlessly browse the web as we are used to doing; it essentially acts as the telephone book of the internet, connecting IP addresses to the correct web address or device.

What are DNS Requests?

DNS requests (also known as DNS queries) occur when you want to visit a website on the internet. When you enter a web address in your browser (such as www.VPNSurfers.com), the DNS request will scan DNS servers through a DNS lookup to find the correct IP address to connect your device to the right location. Most Internet Service Providers (ISPs) operate their own DNS servers so that their customers’ requests are routed via the ISP’s DNS servers.

Essentially DNS requests are when your device makes a request to the Domain Name System so that it can visit a specific website. Therefore, DNS requests can reveal a lot of information about your online activities, which many users are unaware of.

A VPN can help hide DNS requests by routing queries via its own DNS servers; however, sometimes there can be DNS leaks which means the information you want to hide is accidentally exposed.

What Does it Mean if Your DNS is Leaking?

So, what exactly is a DNS leak? DNS leaks occur when users employ a VPN to send all of their internet activity through an encrypted VPN tunnel. What a VPN does, is hide all browsing data as well as DNS traffic from third parties such as ISPs. However, a VPN service provider can sometimes accidentally leak your DNS data, including your actual IP address.

So, what causes DNS leaks? There are several things that could be causing DNS leaks. First of all, your ISP may be doing something called ‘ISP forcing.’ ISP forcing is when ISPs use transparent DNS proxies. A transparent DNS proxy is something that many ISPs use to direct DNS traffic to their own DNS servers.

As well as the above, your network DNS settings may be causing DNS leakage. For example, switching between new Wi-Fi networks may cause new DNS servers to be assigned to your device, which bypasses the VPN. This can then automatically cause all DNS requests to be redirected via the ISP DNS servers.

Is a DNS leak bad?

You might be wondering, “what is the problem with DNS leaks?” For some people, the idea that their browsing history can be exposed isn’t a big deal. However, you should be highly concerned if you are experiencing DNS leaks. Although many people are unaware of this fact, there are various reasons why you should try to avoid DNS leaks and why they are bad news. Here are the main reasons you should prevent DNS leaks:

Your ISP can profit from your data

If all of your DNS queries are sent via your ISP’s DNS server, then this means your ISP has access to all of your browsing information. This enables your ISP to create a dedicated user profile based on your online activity and sell this to online advertisers.

Your data is hugely lucrative for ISPs, so by selling it to third parties who can then create targeted advertisements that appear on your browsers, your ISP can make a nice profit off of you.

You could get in trouble with law enforcement

Not only can your browser’s DNS requests be sold onto third parties by your ISP, but many ISPs legally have to share this information with law enforcement and government agencies if requested to do so. Your web traffic logs could therefore reveal everything you have been doing online, which could land you in trouble if you have been downloading copyrighted material or accessing restricted sites.

Public networks can take advantage of you

If you connect to a public Wi-Fi network, then you may have to use its own DNS server for each DNS request. Malicious public Wi-Fi hotspots could redirect you to websites with phishing scams, or worse, your DNS requests and internet traffic could be exposed to other users on the network.

Malicious third parties could launch cyber-attacks against you

If cybercriminals find a way to intercept your DNS queries due to a DNS leak, they can use this information against you. By finding out which websites your visit using your IP address, they can quickly build a profile on you and target you with phishing scams via emails, which can cause you to unwillingly share more information or cause you to download malware onto your system.

As well as the above, expert cybercriminals can easily carry out brute force attacks on your online accounts based on information gathered about you from your DNS logs. For example, they may be able to guess your passwords for social media or email accounts based on your internet profile.

So, as you can see, a DNS leak is an extremely serious issue. If your VPN connection is consistently leaking DNS requests, you need to resolve this issue to ensure that you don’t become a victim to any of the scenarios we’ve outlined above.

How do I know if my DNS is leaking?

Before you can stop DNS leaks, you first need to determine whether or not you have a DNS leak. Fortunately, there is an easy way to do so by carrying out a DNS leak test. So, what exactly does a DNS leak test do? A DNS leak test will tell you information about your DNS requests, including data such as:

  • Your IP address
  • DNS servers
  • Your ISP provider
  • Your geo-location, including your city and country

This information can reveal personally identifiable data about you and put you at risk of identity theft, online scamming, and more.

So, if you want to check for DNS leaks when using a VPN, you first need to run a DNS leak test without an active VPN connection. This will provide you with your real IP and other details. Then, you should activate the VPN and connect to a VPN server in a different location. Once you have established a secure connection, perform a DNS leak test. If the IP address and other details are the same as before switching on the VPN, then you are suffering from a DNS leak.

Is DNS leak test safe?

After reading all of the information above, you might be wondering, “is it safe to run DNS leak tests?” This is a good point since malicious websites could pose as legitimate test sites to log users’ data or to encourage users to click on phishing links etc.

Fortunately, many reputable VPN providers offer a DNS/VPN leak test on their websites, such as ExpressVPN and PureVPN. By using one of these VPN services’ leak tests, you can rest assured that you won’t fall victim to any foul-play online and will simply be able to work out whether or not you have a VPN DNS leak.

How do I fix a DNS leak?

So, how can you prevent DNS leaks to stop your Internet Service Provider and other third parties from viewing your web traffic via your DNS requests? There are several ways that you can easily prevent DNS leaks and ensure you have total online privacy.

Use a Virtual Private Network

The easiest way for preventing DNS leaks is by using a good VPN service. Nowadays, most VPN services, like NordVPN and ExpressVPN, come with built-in DNS-leak protection. These VPN providers use their very own DNS servers to tunnel DNS queries. By using the VPN provider’s DNS servers, there are less likely to be any leaks which mean you have more privacy.

Use Cloudflare public servers

Cloudflare offers public DNS resolvers, which enable users to hide their DNS queries from their ISP. If you’re worried about your Cloudflare misusing your DNS request information, you needn’t be as it deletes all logs on its servers daily.

Use the Tor browser

Another great way of preventing DNS leaks is by using the Tor browser. This anonymous browser doesn’t need you to configure the DNS settings on your device to use it since it offers online privacy regardless.

Use your system firewall

You can disable DNS and use the system firewall to ensure that there are no DNS leaks. Your system firewall doesn’t just offer DNS leak protection but can also stop unauthorized third parties from trying to access your system and cause issues without your permission.

Which VPN does not leak DNS?

Using a VPN is the best and easiest way to get DNS leak protection, and most VPN providers come with features to stop a DNS leak in its tracks. Here are some of the best VPN service providers to prevent leaking DNS.


NordVPN is the best VPN service for preventing DNS leaks since it offers private DNS on all of its VPN servers. This means that all of your queries are directed via the encrypted VPN tunnel to a secure VPN server and are not exposed to your ISP.

VPN users who sign up to NordVPN can also adjust DNS blocking in the VPN settings of the app and offer extra protection thanks to stopping IPv6 and WebRTC leaks too.


Not only is ExpressVPN a great security VPN provider that offers a DNS leak test service on its website, but it also provides users with access to its very own DNS servers for secure requests. This means not only do users’ internet traffic, but also their Domain Name System (DNS) queries go through an encrypted tunnel secured by the most robust VPN tunneling protocol.

The VPN client is easy to use, and there is support for almost every operating system, which is good news for users. As well as this, ExpressVPN provides consistent speeds for a fast and stable internet connection.

Can a VPN leak?

Yes, sometimes a VPN can leak DNS queries outside of the encrypted tunnel, which could expose them to your Internet Service Provider. To ensure that your VPN doesn’t leak, you could switch servers or guarantee that you only use VPN service providers that come with dedicated DNS leakproof features.

Should I turn on DNS protection?

If you are using a VPN that offers dedicated DNS leak protection in the VPN app, then you should ensure that you activate this feature. If you don’t have this feature enabled, then your DNS server requests will go through your regular ISP DNS servers.

However, if you activate the DNS leak protection, then your DNS queries and internet activity will be sent via the VPN tunnel instead, and therefore be protected from third parties.

What is a DNS Resolver?

A DNS resolver sends requests to DNS servers that are sent from the device. Essentially, the DNS resolver is the first obstacle to sending forward a request and is essential to ensuring that DNS queries reach their destination.

A great way of preventing DNS leaks is for some users to set up their own DNS resolvers using special software. However, this is a tricky process and needs to be set up in a privacy-friendly country so that users can benefit from privacy and ensure that the DNS requests are not shared.

Author Monique Ballard

Hi there! I'm Monique, and I am a writer at VPNSurfers. I live in New York, but I'm originally from Delware. I love traveling, but the US will always be home to me. I have more than 5 years of experience using VPNs, and I ha...
Read more about the author