What is a DNS leak?
DNS is an acronym for domain name system and is used to translate domain names to IP addresses. When your device connects to a server on the Internet, it will first send a request to a DNS server to check which IP address it should direct you to.
Your internet service provider usually offers to use their DNS servers and then use the information directed there to monitor internet habits of their customers.
A DNS leak occurs when you are connected to a VPN service but still using a DNS server from your ISP or another third-party DNS server.
What does OVPN do to fix DNS leaks?
Our VPN tunnels automatically route your traffic to use our public DNS servers, where absolutely no logs are kept in order to make sure that you are not connected to your ISP’s DNS servers where your activity otherwise would be monitored.
Unfortunately, there is a problem with Windows, causing the DNS servers to remain unchanged when connected to OVPN. However, this problem does not exist on Mac OS X computers or on most Linux systems.
If you are using Windows, you can:
- Use the client we've developed, which automatically changes your DNS servers
- Manually change DNS server setup to be routed to ours. Read our article on how to do this.
- Follow the instructions in the link to fix the problem.
How do I know if I have a DNS leak?
When signed in to OVPN, you have access to your account dashboard. When visiting the dashboard, we automatically run tests for you so you can easily determine if you have a DNS leak or not.
You can also visit out DNS leak tool that displays all DNS servers that you use.You are exposed to a DNS leak if you, anywhere on the website, see the name of your ISP.
You are not exposed if you see something like this:
Do you have a DNS leak even though you are on Mac OS X or Linux? This probably means you have a sneaky ISP that uses a transparent DNS proxy.
Transparent DNS proxies
Some ISPs use a technology called transparent DNS proxy, meaning your ISP catches any DNS calls on TCP/UDP port 53, even if you’ve entered other DNS servers or not.
Fortunately, this is not very common for ISPs to implement. But if you find that your ISP has adopted this, please contact us and we’ll try to help you work around the problem.