If you’re a person who cares about internet privacy, then you probably already use a VPN and you know why it’s important to encrypt your traffic and to disguise your IP address. However, not all VPNs are created equal. Some VPNs let some information about their users leak out, meaning that these VPNs are not as fully anonymous as they should be.
A study published in the academic journal Proceedings on Privacy Enhancing Technologies in 2015 raised this issue into the mainstream. It found that many VPNs, even well known and well respected ones, leaked information that could be used to identify their users. This caused a big shake up as VPN providers rushed to patch the security holes and make sure that their DNS services did not leak information.
Today, most reputable VPN services are careful to avoid the possibility of DNS leaks. But if you’re serious about security, then you might want to test for yourself whether your VPN is leaking DNS information. In this article, we’ll explain how to test for DNS leaks and talk about how you can find a VPN provider which does not leak DNS.
What Is DNS?
To understand what a DNS leak is, you need to understand what DNS means. DNS stands for domain name system, and it is the system that links website URLs (like addictivetips.com) to specific IP addresses where that website is hosted. Think of it like an address book: DNS links the URL that you type into your browser to the actual content of the website which is stored on a server.
To use this address book, you need to access a DNS server. Usually, you use the DNS server that is automatically assigned to your by your ISP. This means that your ISP can see what sites you are visiting, as they have a record of the requests that you send to their DNS server whenever you type a URL into your browser.
When you use a VPN, the service should perform a few key operations to protect your privacy: it should encrypt all of your traffic, it should hide your IP address, and it should make use of the VPN provider’s DNS servers instead of your ISP provider’s servers. This way, your ISP cannot track the websites that you visit as the DNS requests are sent to your VPN’s server instead of your ISP’s server.
What Is A DNS Leak?
A DNS leak occurs when you are connected to a VPN but your device ignores the VPN’s DNS server and connects to your ISP’s DNS server instead. Your OS should know to use the VPN provider’s DNS server instead of your ISP’s DNS server, but some software gets this wrong. It’s common for Windows to make this error, for example, though it can also happen on macOS and Linux. The DNS error happens because the operating system uses the default connection settings to connect to your ISP’s DNS servers instead of acknowledging your VPN’s instructions to connect to the VPN provider’s servers. It can also happen when you have set up your VPN manually, or if you are using and older or poorly constructed VPN service which does not offer adequate protection. When your system accidentally connects to your ISP’s DNS servers even though you have a VPN active, this is a DNS leak.
Why Test For DNS Leaks?
So why is this a problem? What’s the big deal about leaking DNS information, and why would you want to test for this? The issue is that when your VPN leaks DNS information, your ISP will be able to see and collect information about your internet use. They may be able to see which sites you are visiting, whether you are downloading files, and what apps or services you are using. Worst of all, users will usually not be aware that they are leaking DNS information, and therefore think that they can browse freely without any record. So, a user may choose to download a file, thinking that they are protected by their VPN. But in fact, their ISP can see that they are downloading, and could hit them with a fine or with legal consequences due to their download.
If you use a VPN, it’s highly advisable to test for DNS leaks at least once – or better yet, to test regularly just to be sure. This way, you can be confident that your VPN is working and protecting you in all the ways that it should, and you can know that your ISP won’t be able to see any of your internet activity.
Testing For DNS Leaks: Method #1
One of the most popular ways to test for DNS leaks is to use the website dnsleakstest.com. This site is independent from VPN providers or security services, so you can trust that it gives objective results. The information provided by the test is a useful way to learn about whether your VPN is leaking DNS, however, it takes a bit of getting used to to read the results. Here is how to use this site:
- Start up the VPN service that you want test and connect to a server in the location of your choice
- Go to https://dnsleaktest.com/ in your browser
- You will see a page with your IP address and a map showing where the server that you are currently connected to is located. This information should refer to the IP address and location of your VPN server – not your real IP address and location! If your real location is shown, then double check that your VPN is on and is connected. If the VPN is on but your real location is displayed on the website, then you have a serious problem as your VPN is not currently disguising your location. We’ll assume that everything is working okay though, so you see the location of the server you’ve connected to
- You’ll see buttons below the map: one for Standard test and one for Extended test
- Click on Standard test
- You’ll see a spinning wheel and a loading message for just a second while the test is performed
- Now you’ll see a notice that the test is complete and the results will appear
- The results have four sections: IP, Hostname, ISP, and Country
- The most important column that you need to look at is the ISP column. Look at your results in this column
- If the name in the ISP column shows a company you don’t know, then you are fine. If the data in the ISP column shows your actual ISP though, then you have a DNS leak. For example, if your ISP is O2 UK, your results page might list your ISP as Leaseweb Deutschland GmbH. This means that you are protected and everything is okay. However, if you see O2 UK on the results page, then your DNS data is leaking and you have a potential security issue that you need to address
Testing For DNS Leaks: Method #2
There is another way that you can test for DNS leaks using a tool on the ExpressVPN website. This tool is provided by a VPN company, ExpressVPN, so it is primarly for users of that VPN but it can be used to test all VPN types. The results are more visual and a bit easier to understand than the results from dnsleaktest.com, which is why we recommend this method for newer VPN users who are on ExpressVPN. Here’s how to use this tool to test for DNS leaks:
- Start up your VPN program and connect to a server anywhere in the world
- Open your browser and go to https://www.expressvpn.com/dns-leak-test
- Wait for just a second while your browser performs the test
- Then you’ll see your results page, which will have information about your IP address, Provider, and Country
- On the left hand side of the page, you’ll see a green tick in a shield if you are connected to ExpressVPN, with information about the server you are connected to. If you are using a different VPN, you’ll see a red cross in the shield and a note saying that ExpressVPN is not connected. That’s okay though, as you can still look at the DNS information
- Look at the columns in the middle of the page. If you’re on ExpressVPN, you should see a note saying No DNS leaks detected, and the information in the Provider column should say ExpressVPN. This means that everything is working okay and you are not leaking DNS data
- If the information in the Provider column matches your actual ISP, then you are leaking DNS information and you need to take steps to fix this security issue
Recommended VPNs That Do Not Leak DNS Data
If you’re looking for a VPN that does not leak DNS information, then we have some recommendations for providers that we have checked and confirmed to be DNS leak-free. These are our top VPN recommendations that do not leak DNS data:
ExpressVPN is one of the biggest and most trusted names in VPN technology thanks to it excellent reliability and good speeds. It has super fast connections for blazing fast internet use with no slow down. And the security is also excellent with 256-bit encryption and a no logging policy. The server network covers a massive 1000 servers in 145 different locations in 94 countries, so you connect to servers from all over the world to access truly global content from the intenet. The software is available for Windows, Mac OS, Android, iOS, and Linux. ExpressVPN does not leak DNS information and has a leak test which you can try to reassure yourself at https://www.expressvpn.com/dns-leak-test
When you want the top level of security from your VPN, then you need NordVPN. It has the usual security features like strong 256-bit encryption and a no logging policy, but in addition to this is also has a unique security feature in the form of double encryption. This means that your data is encrypted on your device and sent to a server, then it is encrypted again and sent to a second server for decryption. This means that it is essentially impossible for anyone to crack your encryption. The connections are fast, and the server network covers more than 1000 servers in over 60 different countries. The software is available for Windows, Mac OS, Linux, iOS, Chrome OS, Android, and Windows Phone, plus the Chrome and Firefox web browsers. NordVPN does not leak DNS information, and you can see more information about DNS leaks at https://nordvpn.com/features/dns-leak-test/
If you want a massive network of servers that will let you access content from many different countries, then we recommend CyberGhost. It has an amazing 1300 servers in 30 different countries for maximum flexibility. It has the essential security features, like 256-bit AES encryption and a no logging policy. The service uses 2048-bit keys which are generated randomly for each session, which makes intercepting a connection extremely difficult. The connection speeds are good so your browsing won’t be slowed down, and you can install the software on platforms including Windows, MacOS, iOS, and Android. CyberGhost does not leak DNS information, and they have a page of advice on how to avoid anonymity leaks on their website at: https://support.cyberghostvpn.com/hc/en-us/articles/213353589-How-to-avoid-anonymity-leaks
DNS leaks are a threat to the anonymity and security of VPN services. This was a major problem a few years ago, but by now most reputable VPNs have rolled out fixes for the issue so DNS leaks should no longer be so common. Even so, it’s a good idea to test out your VPN connection periodically to ensure that you are not leaking DNS information – as leaks can majorly compromise your security by letting your ISP see what sites your are visiting and more.
We’ve shown you a couple of methods for testing whether your VPN is leaking DNS information, and recommended three of our top VPNs that have been confirmed to not leak DNS data. Any of these VPNs will keep your safe and protect your privacy, including keeping your DNS data safe. For an alternative approach to security, check out our piece on VPNs vs. Smart DNS.
Have you had experiences with VPNs that do leak DNS data? Which VPN have you found to have the best level of security? Let us know in the comments below.