Cloudwards.net may earn a small commission from some purchases made through our site. However, any earnings do not affect how we review services. Learn more about our editorial integrity and research process.
Why you can trust us
Our team of experts thoroughly test each service, evaluating it for features, usability, security, value for money and more. Learn more about how we conduct our testing.
If you’re a VPN user, you might be worried about your VPN failing to encrypt your traffic properly, resulting in a DNS leak. You might be wondering: What is a DNS leak? In this guide, we’ll answer that question and teach you how to avoid DNS leaks.
Written by Aleksandar Kochovski (SEO and Briefings Editor)
Facts checked by Vildana Bratic (Video Editor, Fact-Checking Editor)
Last Updated: 2023-11-20T09:52:57+00:00
All our content is written fully by humans; we do not publish AI writing. Learn more here.
Whenever you connect to a website, you send a DNS request to its server. Unless you’re on an encrypted connection, your DNS requests are visible to your ISP and any potential interlopers. A VPN keeps your DNS requests private by sending your traffic through an encrypted tunnel, but even VPNs can leak. So what is a DNS leak and how can you prevent your DNS requests from leaking?
In this article, we’ll explain how DNS and IP addresses work, how to change your DNS server to a more private one and how to do a DNS leak test for your VPN. Read on for the full scoop.
We rewrote this article to simplify it and make it easier to understand. We also added guides for how to test for DNS leaks and how to avoid them.
A DNS leak means that your DNS requests are no longer handled by your VPN provider’s DNS server, and your internet service provider can see your web traffic.
An online DNS leak test is the easiest way to detect a DNS leak, though you could also use packet inspection software if you’re more experienced.
The easiest way to fix a DNS leak is to activate the kill switch in your VPN settings. If it’s already on and you’re still experiencing leaks, it might be time to get a new VPN provider.
If you value your online privacy, then yes, DNS leak protection is absolutely necessary.
The concepts of DNS and IP addresses are closely linked. Every device on the internet has its own unique IP address, which lets it communicate with other online devices. However, numerical IP addresses are difficult to remember. This is why, when you want to access a website, you use its domain name instead.
DNS stands for “domain name system.” In a nutshell, it’s a phone book of IP addresses, where each IP address has its corresponding domain name. For example, let’s say you want to visit Google. Instead of typing in an IP address like 192.168.10.254, you can just type in the domain name — for example, google.com — and your browser will take you to Google’s website.
DNS servers are key to this process because they translate domain names into IP addresses. Before you get to the website you’re trying to access, your device sends a DNS request to a DNS server. This server translates the domain name into an IP address, facilitating your communication with the website’s server.
This means that you need to have complete trust in the DNS server, because its operator can technically see all of your traffic.
By default, that DNS server operator is your ISP, and that should raise some concerns. ISPs collect a lot of data and they use legal loopholes to sell it to third parties, including advertisers. For this reason, you probably want to hide your traffic from your ISP’s DNS server.
The easiest way to do that is to use a trustworthy VPN service. A VPN provider runs its own DNS servers, which are subject to the VPN’s no-logs policy. This means that they don’t collect any of your browsing data.
Unfortunately, not all VPN providers are good enough to protect your data. In fact, many free VPNs are part of data harvesting scams, which is why some prudence is necessary when choosing a VPN provider.
Sometimes a VPN will fail, at which point your DNS requests might default back to your ISP’s DNS server. This makes your DNS queries known to your ISP and is known as a DNS leak.
There are other ways DNS leaks can happen as well. For instance, if you’re connected to a public WiFi network and someone takes control of the router, they might be able to manipulate your traffic so that it bypasses the VPN tunnel, exposing your DNS requests. However, most DNS leaks happen because of human error while setting up a custom VPN or DNS server.
Most commercial VPN services use various mechanisms to prevent DNS leaks, and we’ll talk about that later in this article.
Testing for DNS leaks is easy. There are plenty of reliable tests you can do online, and we frequently use the DNS leak test at IPleak.net to test for leaks.
First, run the test using an unprotected connection and note the results you get. Then, connect to a VPN and compare the two results. If they match, you’ve probably sprung a leak. Here’s what that looks like in practice.
Simply go to the IPLeak website and the DNS leak test will start running automatically. The website performs an IP leak test as well. You should be able to see your real IP address and your ISP’s DNS servers, as well as your internet protocol version. Make note of both your IP address and what DNS servers you see, or simply take a screenshot.
Connect to the VPN of your choice and refresh the IPLeak web page. If you are protected, you should see the VPN server’s IP address and your VPN provider’s DNS servers. If you see the same results as before, you have a leaky VPN.
However, if you don’t want to trust a third-party website, you can do your own DNS leak check using packet sniffing software, like Wireshark. Here at Cloudwards, we use Wireshark to test if a VPN encrypts DNS traffic properly. However, the process is a bit more involved than the standard DNS leak test.
You can see the full process in our guide on how to use Wireshark, but the short version is that you need to analyze a brief stream of data captured while accessing an HTTP website not HTTPS). If Wireshark shows you using a VPN tunneling protocol (like WireGuard) and packet inspection only shows gibberish, then the VPN is doing its job properly.
Avoiding DNS leaks should be easy enough if you use a reliable and secure VPN. As we mentioned, there are several crucial VPN features that work to prevent DNS leaks.
The foremost of these is the aptly named DNS leak protection, which works by blocking all DNS traffic that isn’t directed toward the VPN’s DNS servers.
We advise that our readers never switch off DNS leak protection, if given the choice. Most VPNs have the “option” grayed out or have removed it completely, indicating that it’s a built-in feature that’s integral to the VPN, rather than something you can switch off.
Another important feature is the kill switch, which comes standard with most VPN providers nowadays. Sometimes, a VPN can lose the connection to its servers. In this case, your DNS requests might revert back to your ISP. A kill switch prevents this from happening by completely disconnecting you from the internet when your VPN connection drops.
DNS leaks can compromise your online privacy and anonymity, but it’s easy to avoid them. Using a trustworthy VPN provider that’s been proven to protect against DNS leaks is the best way to stop your traffic data from being exposed.
Have you ever used a VPN to change your DNS? Have you ever had a DNS leak when using a VPN? Let us know in the comments below, and as always, thank you for reading.
Aleksandar Kochovski (SEO and Briefings Editor)
After a brief stint in architecture and a tango with teaching, Aleksandar is now dancing to the beat of his own drum as a tech writer, merging his passions for technology and literature. When he’s not hidden behind his computer screen, you can find him photographing the streets of Skopje or cooking quesadillas for his friends at home.
Learn more about our editorial team and our research process.
One thought on “What Are DNS Leaks? How to Test for and Avoid DNS Leaks in 2023”
Hey, could you guys tell me what DNS leak test websites you use exactly?
Also interesting
What Is Smart DNS? How Does It Work & Why You Might Need It in 2023
How to Change DNS Servers in 2023: Get a Different DNS Address
What Are DNS Records? What You Need to Know
Your In-Depth Guide to 15+ VPN Features in 2023: Untangling the Technobabble
We are a professional review site that receives compensation from the companies whose products we review. We test each product thoroughly and give high marks to only the very best. We are independently owned and the opinions expressed here are our own.
© 2007-2023 Cloudwards.net
About The Author
More Stories
The Shift in Peering Threatening the Internet’s Foundations
Remembering Alan Barrett: A Builder of the African Internet
From Email to Case Study: What We Learned About Connecting Refugee Communities in Just One Year