If you want to stay safe online, you’ve probably heard that DNS leaks are a real security risk. But what are they, exactly, and how can you protect yourself?
Every time you access a new website, your system sends out a Domain Name System (DNS) query to find the site’s server. These requests aren’t encrypted, which means your ISP, Wi-Fi hotspot owners, and even snoopers hanging out at your favorite cafe might be able to log your browsing history.
Installing a VPN encrypts your connection, reducing the risk that hackers can monitor what you’re doing, but not all providers protect you from DNS leaks. It is important to check that you are safe.
In this article, we will explain some basics of DNS, how and where you are at risk. We’ll talk about simple DNS leak tests that can highlight security holes in seconds, and if you’re found to be vulnerable, give you some helpful ideas on what to do next.
What is DNS?
Accessing techradar.com seems easy, just enter its domain name in your browser – but there’s a lot going on underneath.
Specifically, for your browser to find TechRadar’s server, it must translate the techradar.com domain to the server’s IP address.
The magic happens through the Domain Name System (DNS). Your browser sends a query to a DNS server, asking it to look up techradar.com (or whatever site you’re trying to visit) and the server returns the IP address.
It’s a nifty scheme, but it has some privacy issues. For example, devices normally use your ISP’s DNS server, which means it’s possible for the company to see and record where you go online.
Connect to public Wi-Fi and it gets worse. Even if you’re accessing an https-encrypted website, your DNS query is usually in plain text, so other hotspot users can spy on the sites you’re visiting. And if that’s not enough to worry you, a rogue hotspot might force you to use its own DNS server, log your internet activities, or even redirect you to phishing or other bogus sites.
What is a DNS Leak?
Installing the best VPN allows your device to route its DNS queries (and all its other internet traffic) through a secure connection. Bank-grade encryption hides your web activities from your ISP, hotspot operators and others, while protecting you from pesky hotspot hackers.
Well, that’s the theory. In reality, it’s not always that simple. A “DNS leak” occurs when a VPN fails to properly protect you and leaves your DNS queries, browsing history, and possibly your device’s IP address exposed to attackers.
The bad news is that you’ll probably have no idea what’s going on. In fact, since you’ve installed a VPN, you’ll probably think you’re completely safe.
The good news is that testing for a DNS leak is easy and you can check your system in seconds.
How do I know if I have a DNS leak?
There are plenty of free DNS leak test websites out there, and the best ones do a great job of reporting any privacy issues.
With your VPN disconnected, go to dnsleaktest.com and press Extended Test. Note the DNS server IP addresses listed in the test report.
Connect to the VPN on the device you will use most often and run the test again. If you see new DNS servers that don’t belong to your ISP, the connection is secure. But if you still see some or all of your ISP’s DNS servers, you probably have a DNS leak.
To confirm this, check the same device on a few other test sites. Browser leaks, IPLeak and IPX are fast and offer a stack of additional privacy details.
(Passing (or failing) a test on an iPhone doesn’t mean you’ll see the same result on a Windows laptop or Android phone, so we also recommend repeating the same leak test on every device you connect to. the network – whether through an Android VPN, iPhone VPN, or something else.)
How to fix a DNS leak?
It’s hard to believe, but while most VPNs have some form of DNS leak protection, they don’t always have it enabled by default. Open your app’s Settings panel, look for an option like “DNS Leak Protection” and make sure it’s enabled.
Also enable “IPv6 leak protection”, if available, and find and enable any settings that force the use of the VPN’s own DNS servers. Check the VPN’s support site for helpful information.
As a last resort, you can try changing the protocol of your VPN app (this is the method the VPN uses to connect to its servers.) Some protocols have their own versions of DNS leak protection, so if the one fails, another might work. Return to your app’s Settings panel and try a different protocol, if possible.
Flipping every possible app switch is probably not a good idea, of course, so only make adjustments when they look promising. And whenever you change something, write it down so you can restore the original setting if it doesn’t work or you notice other issues. (Changing protocols can fix a DNS leak but also slow you down, for example.)
If none of this helps, it might be time to switch to a VPN that doesn’t leak DNS. NordVPN and ExpressVPN consistently deliver leak-free results in our tests.