GlossaryPrivacy & SecurityIntermediate

DNS Leak

A DNS leak happens when your DNS lookups bypass your VPN or proxy and go to your ISP instead, revealing the sites you visit. It can undermine your privacy even when your traffic looks protected.

Last updated June 8, 2026

Definition

A DNS leak occurs when domain name lookups are sent outside the secure tunnel of your VPN or proxy - typically to your ISP's default DNS server - exposing which websites you are visiting. Even if your actual web traffic is encrypted and routed through a different IP, leaked DNS queries can reveal your browsing activity and true location.

How it happens

Your device must translate domains like example.com into IP addresses via DNS. If the operating system or browser ignores the VPN's DNS settings - due to misconfiguration, IPv6 fallback, or WebRTC - the query goes to your ISP instead of the tunnel.

Why it matters for privacy

  • Deanonymization - observers can log every domain you request despite the VPN.
  • Geo accuracy - leaked queries can reveal your real region, breaking geo-spoofing.
  • Trust - a no-logs VPN with leak protection is essential for genuine privacy.

Always test for leaks and choose tools with built-in DNS leak protection and a kill switch to ensure every query stays inside the encrypted tunnel.

Examples

1

A VPN user discovering their ISP still logs every domain they visit via leak-test sites

2

An IPv6 DNS query escaping a VPN tunnel that only protects IPv4

3

WebRTC triggering a DNS lookup outside the VPN, exposing the real location

Common Use Cases

Testing a VPN or proxy setup for DNS leaks before trusting it for privacy
Configuring DNS leak protection and a kill switch to seal the tunnel
Preventing geo-spoofing from failing due to leaked location data
Choosing a no-logs VPN that forces all DNS queries through its own resolvers

Frequently Asked Questions

DNS leaks usually stem from misconfigured DNS settings, IPv6 traffic escaping an IPv4-only tunnel, or WebRTC sending lookups directly to your ISP instead of through the VPN.
Connect your VPN or proxy, then use an online DNS leak test - if it shows your ISP's servers or your real location instead of the VPN's, you have a leak.
Use a VPN with built-in DNS leak protection and a kill switch, disable IPv6 or WebRTC if needed, and force all queries through the provider's own DNS resolvers.

Keep Learning

All terms

VPN

A VPN (Virtual Private Network) encrypts all of your device's internet traffic and routes it through a remote server, hiding your IP and protecting data on untrusted networks.

Read definition

DNS (Domain Name System)

DNS is the internet's phonebook — it translates human-readable domain names like example.com into the numeric IP addresses computers use to connect.

Read definition

WebRTC Leak

A WebRTC leak exposes your real IP address through the browser's built-in real-time communication feature — even when you are using a VPN or proxy.

Read definition

No-Logs Policy

A no-logs policy is a VPN or proxy provider's commitment not to record what you do online — your browsing, connections, traffic or real IP.

Read definition
Back to Glossary