DNS Leak

How to Test for a DNS Leak

Last updated on December 22, 2020

VPNs are designed to protect your anonymity, but even some of the best providers are not immune to vulnerabilities. A DNS leak can expose your identity and leave you vulnerable to being tracked and having your online activities recorded by your internet service provider. Learn how to test your VPN for DNS leaks and what it takes to fix the problem easily with this easy-to-follow guide.

What is a DNS Leak, and How Does it Affect Me?

The DNS (domain name system) is a protocol that connects a website’s URL with their IP address. DNS pairs a long string of numbers (such as with an easier to remember a string of letters like www.website.com. Without it, we’d have to remember each website’s unique numeric address, making it significantly harder to browse the web.

However, DNS isn’t without its flaws, as it is controlled by ISPs, and computers can’t access websites with it. This gives ISPs the ability to monitor who is making requests and lets them keep detailed records of IP addresses and which websites they visit.

When you connect to the internet through a virtual private network (or VPN), your internet traffic is routed through their servers before it reaches its destination, masking your identity and IP address. When this traffic makes the DNS request, an ISP only sees the VPN’s IP address, and not yours. This way, even if your ISP keeps tabs on the request, they won’t know it was made by you.

The system works well, but isn’t always fully secure. Sometimes, either because of your operating system, a fault in the VPN itself, or some other factor, a DNS request will bypass your VPN and reach the ISP directly, letting them know it was you who made the request. This is known as a DNS leak.

A DNS leak exposes your IP address and your browsing activity to your ISP, and means they can share your records with anyone from marketers to government agencies who request them. More importantly, if you value your privacy, an ISP knowing where on the web you visit is a major issue. For torrenters along with individuals who love to stream TV shows and movies, it can also increase the risk of being caught and hit with lawsuits.

What Causes a DNS Leak?

Despite VPNs’ best efforts to keep all internet traffic flowing exclusively through their tunneled connections and servers, sometimes external factors can lead to leakages. These developments can also go unnoticed until it’s too late, or until a user decides to test their VPN connection. A VPN may leak your DNS for any of the following reasons:

  • Your DNS was set up manually: In some cases, users will either set up their own DNS servers, or an application they installed did it. In this case, even VPN connections may not be secure as traffic is being routed through a predetermined channel.
  • Your router has been breached: If you’re browsing on a public Wi-Fi connection or even an unsecured one, a hacker could command your device to send DNS requests through a specific path.
  • You configured a VPN manually: Some tech-savvy users prefer to set up their own VPN connections and pathways for assorted reasons, but if done incorrectly, these connections can be problematic. If a VPN isn’t configured properly, it can leak easily and without detection.

How to Test for a DNS Leak

Fortunately, it’s easy to determine if your VPN is not working properly. With a simple DNS test leaks become clear and you can move to eliminate them when identified. There are a few alternatives, and each strategy takes only a few minutes to complete. Here are some of the easiest and most common ways you can test your VPN for DNS leaks:

  • Visiting a leak test website. One of the more straightforward ways to determine if your identity has been leaked to your ISP is by going to a website like dnsleaktest.com. Simply go to the URL, and choose between a standard and extended test.
  • Use your VPN’s detection tools. Many of the best VPN providers offer their own toolkits and resources to test their service for DNS leaks. ExpressVPN, for example, hosts a set of tools and an informative guide designed to help users with testing and resolving any issues that may arise.

You can also tell by visiting a geo-restricted website through your VPN. If you still cannot access the content, it is likely the DNS request was made directly from your computer or device, and not through your VPN’s tunneled connection.

My Connection is Exposed! How Do I Stop a DNS Leak?

If you find that your VPN connection is not secure, and your DNS has been leaked, the first thing to keep in mind is to remain calm. While it is a significant issue to resolve quickly, your identity will be safe if you follow a few simple steps.

  1. The first thing you should do is immediately sever your VPN connection. Many providers offer ‘kill switch’ features on their VPNs, which sever a connection as soon as a leak is detected. Otherwise, you can simply disconnect your VPN and quickly turn off your Wi-Fi and reconnect.
  2. Change your DNS server. In most cases, this simply requires you to choose a different server and location from your VPN’s list, and your connection should be restored securely.
  3. If you are confident in your computer skills, you can also choose a static DNS server, although this can result in more DNS leaks when done improperly, so it’s best to avoid this step unless you’re an expert.
  4. Test your new connection. Even if you follow these steps, you should make sure your new connection is secure and not also leaking before you relax.

How Can I Avoid DNS Leaks in the Future?

The most important thing to keep in mind to avoid DNS leaks is to always remain vigilant. Even if you always use a VPN, testing for DNS leaks periodically can help you avoid them in the future. Getting a VPN is also a good first step towards protecting yourself, but it’s important to make sure you choose the right one. Look for VPN services that offer DNS leak protection as one of their key features. This means that their servers are designed to tunnel all internet traffic, and they employ a firewall to prevent any stray requests from making their way to your ISP.

Additionally, setting up stronger firewalls is a great way to complement a VPN, as it can further protect your connection. If you feel confident in your computer knowledge, you can visit your computer’s IP configuration, though this should only be considered if you’re an expert, as it can have some unintended consequences when not handled properly.


For those who value their privacy and anonymity when browsing the web, a DNS leak can have significant negative consequences. Even for users who are less concerned, having ISPs tracking their every move online can be dangerous and can expose them to greater threats like hacks, identity theft, and even having their records turned over to authorities.

Protecting yourself is vital, meaning that using the right VPN can help you secure against prying eyes and ISPs’ invasive record-keeping measures. Make sure you’re always using a safe and anonymous connection by testing for DNS leaks and find a provider like ExpressVPN, which has built-in DNS leak protection. By remaining vigilant and using the right tools, you’ll be able to avoid DNS leaks and enjoy the web the way you want!

Article comments