VPN privacy basics
VPN DNS Leak Explained
A DNS leak happens when your device sends DNS queries outside the VPN tunnel. That can reveal the websites you are trying to reach, even if your public IP address appears to be hidden.
A VPN is not just about changing your visible IP. DNS handling matters because DNS queries can reveal browsing patterns.
Basics
What is DNS?
DNS turns domain names such as example.com into IP addresses that computers can connect to. If DNS requests go to your ISP while your VPN is connected, that may reduce the privacy benefit of the VPN.
Testing
How to check for a DNS leak
- Connect to your VPN.
- Run a DNS leak test in a browser.
- Check whether the listed DNS servers belong to your VPN provider or your normal ISP.
Command line users can inspect DNS behaviour with tools such as dig or nslookup, though browser-based leak tests are often easier for a quick check.
dig example.comFixes
How to reduce DNS leak risk
Many VPN apps include a DNS leak protection option. Make sure it is enabled.
Browser extensions may not protect all device traffic or DNS requests.
Operating system, browser and VPN app updates can change network behaviour.
FAQ
DNS leak FAQ
Does a DNS leak show my real IP?
Not always. A DNS leak may reveal your DNS provider or ISP even if your public IP appears to be the VPN IP.
Do all VPNs prevent DNS leaks?
Good VPN apps usually include DNS leak protection, but you should still test your own setup.
Can browser extensions leak DNS?
They can, depending on how they work. A full VPN app generally gives broader device-level protection than a simple browser proxy.
Related VPN privacy guide
Does a VPN hide your IP?
Learn what a VPN hides, what it does not hide, and how logins, cookies, browser fingerprinting and DNS leaks can still matter.