What is a DNS leak?
DNS is used to translate domain names into IP address, eg ovpn.com into 220.127.116.11. A simplification of DNS would be that it's the internet's address book.
Because of its role as that address book, DNS affects nearly everything that you do online since your browser, apps and other software use domain names to find the servers that they rely on.
A DNS leak is when a VPN fails to protect these lookups, even when the rest of your traffic is encrypted and protected by the VPN tunnel. As such, a DNS leak is a significant privacy risk since your device sends information regarding which domain names are requested.
How does OVPN prevent DNS leaks?
By default, your device typically uses a DNS server that is operated by your internet service provider (ISP). However, as soon as you connect to OVPN, your device will start using the log-free DNS servers that OVPN operates.
OVPN's desktop client uses several methods to ensure that you're fully protected:
Changes the settings of all available network adapters on your device to ensure that OVPN's DNS servers are used
Checks the DNS settings on the adapters every second to ensure no installed software attempts to change the used DNS servers
Sends all DNS queries through the VPN connection to ensure the requests are encrypted
OVPN's iOS and Android apps also prevents DNS leaks by:
Ensuring the WireGuard connection uses OVPN's DNS servers
Sending all DNS queries through the VPN connection to ensure the requests are encrypted
What can cause DNS leakage when using a VPN?
DNS leaks may happen for several reasons - which is why we've integrated DNS leak checks in our desktop client as well as on our dashboard. Here are a few reasons why DNS leaks might occur:
- Manual VPN configuration: if you're using the native OpenVPN integrations, there might not be any DNS leak prevention measures included.
- Manual DNS setup: if you or software on your device has changed the DNS servers your device uses.
- Web browsers: if you use Firefox, their default setting is to force all DNS requests to predefined DNS servers. Follow this guide to prevent DNS leaks in Firefox.
- Antivirus: AVG, Avast & MalwareBytes hijack all DNS requests sent independent of DNS servers specified. The settings for these antivirus programs must be altered.
Using OVPN's desktop client and apps removes the vast majority of risks and is highly recommended.
Connected to OVPN but still seeing a leak?
Check out our FAQ or contact our support and we'll solve that quickly.