You turned on your VPN. Your IP address is hidden. You feel protected. But there's a problem most VPN users have never heard of: a DNS leak. And if your VPN has one, your ISP can still see every website you visit.
What Is DNS?
DNS stands for Domain Name System. It's the internet's phone book — when you type "google.com" into your browser, your device sends a DNS request to translate that domain name into an IP address so it can connect to the right server.
Normally, those DNS requests go through your ISP's servers. Your ISP can log them, which means they have a complete record of every website you visit.
What a VPN Is Supposed to Do
A VPN should route all your traffic — including DNS requests — through an encrypted tunnel to the VPN's own DNS servers. Your ISP sees only that you're connected to a VPN, not where you're going.
What a DNS Leak Is
A DNS leak happens when your DNS requests bypass the VPN tunnel and go directly to your ISP's servers, even though your VPN is active. Your IP is hidden, but your browsing destinations aren't.
This happens more often than VPN companies admit. It's especially common when your VPN connection drops and reconnects, when you're on a network with specific DNS settings, or when your VPN doesn't handle IPv6 traffic (only protecting IPv4).
How to Test Right Now
- Connect to your VPN
- Go to dnsleaktest.com
- Click "Extended Test"
- Look at the ISP column in the results
If you see your real internet provider listed instead of your VPN provider, you have a DNS leak.
How to Fix a DNS Leak
Enable DNS leak protection in your VPN settings. Most reputable VPNs have this option but ship with it disabled. Look for it in your app's settings or preferences.
Enable IPv6 leak protection. Many VPNs only protect IPv4 traffic. If you're on an IPv6-capable network, your DNS requests on that protocol can bypass the tunnel entirely.
Enable the kill switch. A kill switch cuts your internet connection if the VPN drops, preventing your device from falling back to your regular ISP connection and leaking requests in the gap.
VPNs That Handle This Well
Mullvad, ProtonVPN, and IVPN all enable DNS leak protection by default and have been independently audited. If your current VPN doesn't have these settings, consider switching.
Run the Test
Most people who use VPNs have never run a DNS leak test. Do it before you do anything else online today.