A DNS leak is a security issue that occurs when Internet service providers inadvertently receive domain name system requests that should have been concealed by a virtual private network. Typically, VPNs create a path for Internet users to send domain name requests privately. But occasionally, some DNS requests will not use the VPN and instead route directly to the Internet service provider’s DNS resolver (which processes all DNS requests). “Split tunnel” VPNs in particular are vulnerable to DNS leaks.
A DNS leak can open users to potential Internet traffic surveillance, not only from their Internet service provider but also potentially from the government or hackers. It can also reveal a user’s IP address that they’ve specifically tried to keep hidden for security. VPNs create private network pathways for this very reason: avoiding domain name system surveillance. Although some VPN providers are very reliable, a few types of VPNs are susceptible to DNS leaks. There are ways to test for DNS leaks; many websites offer simple tests to users. Another way to do this is to search your IP address; it’s geographically tracked, but it shouldn’t show up if your VPN is protecting it. If your VPN is active but your IP address is public knowledge on a simple Google search, then your VPN has failed to secure it.
Preventing DNS leaks
There are a few ways to protect against DNS leaks, and using a highly reputable VPN is one of them. Using DNS over HTTPS can also help: this encrypts HTTPS traffic between domain name systems. Using a totally anonymous browser like Tor can also hide some Internet traffic from nosy public Internet service providers. Also, finding a DNS resolver that isn’t provided by a public internet service provider might be an investment worth making if you are concerned about regular DNS monitoring.