What is a DNS Leak, and how can it be Prevented?

Studies suggest as many as one in four people use a VPN, but how many of them know what a DNS leak is – or the ways it can be prevented?

When the device you’re using sends protected DNS queries to your ISP’s DNS servers, a security breach, known as a ‘DNS leak’, can often occur. In many cases, the user isn’t even aware it happens. You connect to your VPN and then you’re safe, right? Well, not always. Rather than route your requests through the VPN, they go straight to the ISP’s DNS servers and bypass the VPN entirely. In other words, you’ve exposed yourself to eavesdropping – when browsing is visible to hackers and your ISP. Assuming you’re concerned with online anonymity – on a business or personal level – then this poses a problem. We touch upon the ways to solve these issues further on, but first let’s understand why it happens.

There are two basic types of VPN: the Remote Access VPN and the Site-to-Site VPN. The remote access VPN is the first choice for business and home users. It’s what allows employees to connect privately to their company’s resources from anywhere, and gives personal users access to geo-restricted content. A Site-to-Site VPN is used mostly by corporates to connect the networks of offices in different locations. Depending on the VPN you use and its configuration, you’re more likely to experience DNS leaks.

Types of tunneling

Users have different requirements for VPNs, which is why they need to be flexible. It’s through the use of ‘tunneling’ that people can make the traffic modifications they need.

Split Tunneling – Split tunneling is the name for when a user personalizes what traffic runs through the VPN, and what runs directly to the ISP DNS servers. This would be used by those who wish to route privately to internal resources, and allow for more basic applications to go direct to the internet.

From a security perspective, it makes sense to direct all traffic through the VPN so everything can be monitored and protected. But people who access the system may want to prevent putting too much stress on the VPN, to conserve bandwidth and productivity. While they’ll experience higher network performance, they’re at risk of nefarious activity, and DNS leaks, so split tunneling is kind of a double-edged sword.

Full Tunneling – This refers to when all traffic is sent directly through the VPN. In many cases, this configuration is essential. For example, it’s the ideal choice for remote corporate workers on client PCs. It means all access is made through their company gateway, and it tracks all data traffic – including everything from web browsing to email access.

The disadvantage of using this method leads to what’s known as ‘bottlenecking’. As all traffic flows through the VPN, constraints on bandwidth slow the entire system down, as all information is crammed through the same portal. The plus to using full tunneling, however, is that it won’t lead to DNS leaks.

How to Prevent DNS Leaks

There are a number of methods to identify and prevent DNS leaks. Some are more effective than others, but we’ve listed below just a few of the ways you can keep your browsing safe and undetected.

Obtain a Static IP by Changing DNS Servers – One way of preventing leaks to your ISP is by routing to your VPN’s servers, or using public servers like Google Public DNS. You can find out how to do this here, but this method prevents your ISP from seeing what you’re doing. It doesn’t fix the leak issue, but it does mean your privacy can still remain intact.

Use a VPN with Built in DNS protection – The best service providers offer a built-in DNS leak protection feature. Obviously the simplest method of prevention, but not all VPNs offer it. TorGuard is an example of one of the VPN providers who do offer the feature, and here it comes enabled by default. If you’re VPN is equipped with it, it’ll most likely have a ‘kill switch feature’ too – something we touched upon in a different article.

Use our Free Tool – If you’re reading this, unsure of whether you’ve ever been or are now at risk of DNS leaks, we have a handy, free tool right here at the VPNPros website. Not only is it simple to use, but the results are easy to understand too. It’ll show you instances where your security has been compromised, and just how vulnerable or robust your VPN actually is.

Windows 10 Users are at Risk

Back in 2015, when Windows 10 was released, it came with a new feature that meant all DNS requests were being directed through the local network, as well as the VPN. This was done in an attempt to improve the user’s web performance, but had a detrimental effect on safety too.

No doubt this exposed plenty of people on the internet. Not just in that it allows the ISP to see what you’ve browsed, but it makes way for hackers to access your DNS requests too. If you’re using Windows 10, be sure to check to see if you’re actually protected.


Just because you’re connected to your VPN, doesn’t always mean you’re safe. In the event of a DNS leak, are you sure you’ll catch it?

There are plenty of free tools available on the internet – you’ll find ours here – to see whether your VPN has been breached, the extent to which it’s been breached, and how you can prevent it from happening again. The best thing a user can do is, when choosing a VPN, make sure to check that it provides DNS leak protection. Many services offer this feature – and at the right price too.

If you’re someone who needs to make use of split tunneling, consider the risks involved when configuring what traffic goes through your VPN. It’s up to you to decide where to draw the line between bandwidth performance and online safety.