Topics Glossary About Privacy Terms Free IP Tools →
Beginner Apr 5, 2026 5 min read Updated Apr 5, 2026

What Is a DNS Leak? When Your VPN Doesn't Protect Your DNS

dns leak vpn privacy dns security

A DNS leak occurs when your DNS queries are sent through your ISP’s DNS servers instead of your VPN’s DNS servers, even though you’re connected to a VPN. This means that while your browsing traffic is encrypted through the VPN tunnel, your ISP can still see every domain name you visit through the unprotected DNS queries. It’s one of the most common VPN privacy failures and completely undermines the point of using a VPN for privacy.

How DNS Leaks Happen

When you connect to a VPN, all your traffic should go through the encrypted tunnel, including DNS queries. But several things can cause DNS queries to leak outside the tunnel:

OS DNS configuration: Windows is particularly bad at this. Even with a VPN active, Windows may send DNS queries through the default network adapter’s DNS settings (your ISP) instead of the VPN’s DNS.

IPv6 DNS leaks: Your VPN might only tunnel IPv4 traffic. If your ISP provides IPv6 connectivity, DNS queries over IPv6 bypass the VPN entirely.

Smart Multi-Homed Name Resolution (Windows): A Windows feature that sends DNS queries to all available network interfaces simultaneously and uses whichever responds first. If your ISP’s DNS responds before your VPN’s DNS, your query leaks.

Split tunneling misconfiguration: Some VPNs offer “split tunneling” where only certain traffic goes through the VPN. If DNS isn’t included in the tunnel, queries leak.

Fixing DNS Leaks

  1. Use a VPN with built-in DNS leak protection: All reputable VPNs (NordVPN, ExpressVPN, Mullvad, ProtonVPN) run their own DNS resolvers and force queries through the tunnel.
  2. Disable Smart Multi-Homed Name Resolution on Windows: Group Policy Editor → Computer Configuration → Administrative Templates → Network → DNS Client → Turn off Smart Multi-Homed Name Resolution → Enabled.
  3. Manually set DNS to your VPN’s DNS servers: Configure your network adapter to use the VPN provider’s DNS servers.
  4. Use DNS over HTTPS (DoH): Configure your browser to use DoH with a privacy-focused resolver like Cloudflare 1.1.1.1.
  5. Disable IPv6 if your VPN doesn’t support it: Prevents IPv6 DNS queries from bypassing the tunnel.

Test It Yourself

DNS Leak Test

Check if your DNS queries are leaking outside your VPN. See which DNS servers are handling your requests.

Open Tool →

Frequently Asked Questions

Connect your VPN, then use a DNS leak test tool. If the test shows your ISP's DNS servers instead of your VPN provider's DNS servers, you have a leak. whatismyip.technology can help you check.
Not all. Quality VPNs run their own DNS servers and force all queries through the tunnel. Cheaper or misconfigured VPNs may let DNS queries leak. Always test after connecting.
Related Articles

Keep Reading

security

What Is a VPN? The Unbiased Guide (No Affiliate Links)

A VPN creates an encrypted tunnel between your device and a server, hiding your IP address and …

Beginner 9 min read
security

What Is a WebRTC Leak? When Your Browser Exposes Your Real IP

WebRTC can leak your real IP address even when using a VPN. Learn how WebRTC leaks work, how to test …

Intermediate 5 min read
dns

What Is DNS? The Internet's Phone Book (Sort Of)

DNS (Domain Name System) translates domain names into IP addresses. Learn how DNS works, types of …

Beginner 8 min read
dns

What Is DNS over HTTPS (DoH)? Encrypted DNS Explained

DNS over HTTPS encrypts DNS queries inside HTTPS traffic, preventing ISPs and network operators from …

Intermediate 6 min read