IP Address & Network

DNS Leak

About 4 min read

Last updated: 2026-03-08

What Is a DNS Leak

A DNS leak occurs when DNS queries are sent outside the VPN tunnel (typically to the ISP's DNS server) despite using a VPN.

The purpose of a VPN is to encrypt your traffic and hide the sites you visit from third parties. When a DNS leak occurs, your ISP or network administrator can see which domains you are accessing. In other words, even if your IP address is hidden by the VPN, your browsing destinations are exposed - a serious privacy issue.

Causes of DNS Leaks

DNS leaks can occur for several reasons.

  • OS default DNS settings: Windows may send queries to the DNS server configured on the physical network adapter even while connected to a VPN. This is especially likely when the "Smart Multi-Homed Name Resolution" feature is enabled, which sends queries to DNS servers outside the VPN tunnel in parallel.
  • VPN client misconfiguration: Occurs when the VPN app does not properly set up routing rules to force DNS traffic through the tunnel. Common with inexpensive VPN services.
  • IPv6 DNS leak: When a VPN tunnels only IPv4 traffic, IPv6 DNS queries can leak outside the tunnel. Frequent with VPNs that have incomplete IPv6 support.
  • Leak via WebRTC: The browser's WebRTC feature may bypass the VPN to make DNS queries.

How to Detect DNS Leaks

Detecting a DNS leak is relatively straightforward. Follow these steps.

  1. While connected to your VPN, visit a DNS leak test site (you can also check DNS server information on our homepage).
  2. Check the IP address and organization of the displayed DNS server.
  3. If the DNS server belongs to your ISP rather than your VPN provider, a DNS leak is occurring.

For example, if you are using a Japanese ISP and connected to a US VPN server, but the DNS server shown belongs to your Japanese ISP, a DNS leak is happening.

You can also verify from the command line. On Windows, run nslookup example.com and check whether the responding DNS server address belongs to your VPN provider.

DNS Leak Countermeasures

Here are specific countermeasures to prevent DNS leaks, listed in order of priority.

  • Check your VPN's DNS settings: Reputable VPN services operate their own DNS servers and force DNS traffic through the tunnel. Verify that "DNS leak protection" is enabled in your VPN app settings.
  • Enable DNS over HTTPS (DoH): Enabling your browser's DoH feature encrypts DNS queries over HTTPS, making them harder to intercept even if they leak outside the tunnel.
  • Enable the VPN kill switch: A feature that blocks all traffic if the VPN connection drops. Prevents not only DNS leaks but also IP address exposure.
  • Disable IPv6 (temporary measure): If your VPN does not support IPv6, disabling IPv6 on your OS prevents IPv6 DNS leaks. However, this means losing the benefits of IPv6, so waiting for your VPN to add IPv6 support is ideal.

How to Run a DNS Leak Test

To accurately determine whether a DNS leak is occurring, it is important to verify using multiple methods. A single test may miss intermittent leaks.

Web-based test tools: dnsleaktest.com offers both a "Standard test" and an "Extended test." The Extended test sends multiple DNS queries and can detect intermittent leaks, so it is recommended. ipleak.net is a comprehensive tool that checks for WebRTC leaks and IP address exposure in addition to DNS leaks.

Command-line verification: On Windows, run nslookup example.com and check the responding DNS server address. On macOS/Linux, check the SERVER line in the output of dig example.com. If the DNS server IP belongs to your ISP rather than your VPN provider, a leak is occurring. For more detailed analysis, dig +trace example.com traces the entire DNS resolution path.

Reading the results: Check the IP address and organization name of the DNS servers shown in the test results. While connected to a VPN, the DNS server should belong to your VPN provider (or a public DNS designated by your VPN provider). If your ISP's name appears, a DNS leak is occurring. If multiple DNS servers are shown and your ISP's server is among them, it is a partial leak.

What to do if a leak is detected: First, check and enable the DNS leak protection setting in your VPN app. If the issue persists, manually change the DNS server in your OS network settings to your VPN provider's server. Disabling Windows' "Smart Multi-Homed Name Resolution" often resolves the issue. Enabling DNS over HTTPS provides a second layer of defense by encrypting DNS query content even if a leak occurs.

To learn more about this topic, see What Is a DNS Leak? Risks and Prevention When Using a VPN.

Common Misconceptions

DNS leaks don't happen if you're using a VPN
DNS leaks can occur depending on the VPN's quality and configuration. Free VPNs and poorly configured VPNs have a high probability of DNS leaks. You should always run a leak test after connecting to your VPN.
DNS leaks are not a big deal
DNS queries contain every domain name you visit. Your ISP can log your visits to medical sites, political sites, and specific services, making the privacy impact significant. If your reason for using a VPN is privacy protection, a DNS leak fundamentally undermines that purpose.
Share

Related Terms

VPN (Virtual Private Network) A technology that encrypts internet traffic and routes it through a server in an… DNS over HTTPS (DoH) A technology that encrypts DNS queries using the HTTPS protocol, preventing ISPs… DNS (Domain Name System) A system that translates human-readable domain names (e.g., example.com) into IP… WebRTC A browser technology that enables real-time peer-to-peer audio, video, and data … VPN Kill Switch A safety mechanism that automatically blocks all internet traffic if the VPN con… Obfuscation (VPN) A technique that disguises VPN traffic as regular HTTPS traffic to evade detecti…

Related Articles

What Is a DNS Leak? Risks and Prevention When Using a VPN Understand how DNS leaks occur, the risks of DNS query exposure when using a VPN, detection methods,… What Is DNS over HTTPS (DoH)? How It Works and How to Set It Up Learn how DNS over HTTPS encrypts your DNS queries, how to enable it in major browsers, and how it d… What Is a VPN? How It Works, Benefits, and How to Choose One A comprehensive guide to VPN technology, including how it works, the benefits of using one, types of…
← Glossary