What is a DNS Leak?
A DNS leak occurs when your device sends Domain Name System (DNS) queries outside your VPN's encrypted tunnel. This means that even though your VPN hides your IP address, your Internet Service Provider (ISP) can still see which websites you're visiting.
Why DNS Leaks Are Dangerous
- Privacy breach: Your ISP can track every website you visit
- Data logging: ISPs may log and sell your browsing history
- Security risk: DNS queries can be intercepted by attackers on public Wi-Fi
- VPN bypass: Defeats the purpose of using a VPN for privacy
Common Types of DNS Leak
Not all DNS leaks happen for the same reason. The three you'll encounter most are:
- Standard DNS leak: your VPN connects, but DNS queries are still sent to your ISP's resolver instead of the VPN's — usually because DNS leak protection is off.
- IPv6 leak: your VPN only tunnels IPv4 traffic, so IPv6 DNS requests slip out unprotected. This is one of the most common modern causes.
- Transparent DNS proxy: some ISPs intercept and force DNS traffic through their own servers, so your queries are logged even when you point to a different resolver.
What Causes DNS Leaks
Leaks come down to one thing: a DNS query taking a path you didn't intend. That can be a VPN without built-in DNS handling, a manually set DNS server, unhandled IPv6, an unexpected network change, or an ISP-level proxy. Because the lookup and your IP address travel independently, masking your IP does nothing to stop a DNS leak.
How to Check and Fix a DNS Leak
The fastest way to know is to run a test: our free DNS leak test shows in seconds whether your queries are escaping the tunnel. If they are, the step-by-step guide to fixing DNS leaks in Chrome, Brave, and Firefox walks through enabling encrypted DNS and leak protection.
A reliable VPN that runs its own DNS servers prevents most leaks automatically — compare options on our Compare VPN Services page. You can also see how WebRTC leaks expose your IP in a different way.