What is a DNS leak?
Sometimes a VPN can fail to protect your device’s DNS queries even when the rest of your traffic is concealed by the VPN tunnel. This is called a “DNS leak.” If your DNS leaks, unauthorized entities, like your internet service provider or DNS server operator, can see which websites you visit and any apps you use.
Because of its role as the internet’s address book, DNS affects nearly everything you do online. Your browser and other apps use it to find the servers that operate the websites and services that you rely on. Your device sends its queries to a DNS server, and the server sends back directions to what you’re looking for. This is what makes DNS a significant privacy risk.
How can I check if my VPN is protecting me?
ExpressVPN will protect you from DNS leaks if it’s configured properly. The DNS Leak Test on this page will help you confirm that ExpressVPN is working as it should.
How does ExpressVPN prevent DNS leaks?
Without a VPN, your device typically uses a DNS service provided by your ISP. But when you connect to ExpressVPN, your device will only use DNS servers operated entirely by ExpressVPN. This benefits you because:
- ExpressVPN DNS servers are fast
- ExpressVPN doesn’t keep activity or connection logs
- All traffic between your device and DNS servers is encrypted end-to-end
Here’s how it works. To visit a webpage, you enter a URL or click a link in your browser. That URL is sent via ExpressVPN’s encrypted tunnel to a DNS server run by ExpressVPN. The DNS server looks up the IP address and sends it to ExpressVPN, which accesses the site. In an instant, ExpressVPN returns that webpage to you. No traffic escapes the security of the tunnel.
If I already have a VPN, why do I need to check for DNS leaks?
Sometimes, one of two things might go wrong:
- Your device might send DNS traffic outside of the VPN tunnel.
- Your device might send DNS traffic through the VPN tunnel, but to a third-party DNS server.
In both cases, unauthorized third parties might see the list of websites and apps you use.
What causes VPN leakage of DNS?
DNS leaks can happen for many reasons. Here are just a few:
- Your VPN is manually configured. If you’re manually configuring a VPN connection, the risk of DNS leaks is higher and depends on your exact operating system configuration. Using the ExpressVPN apps will eliminate many of these risks.
- An attacker controls your router, such as a malicious Wi-Fi operator at a coffee shop. An attacker may be able to trick your device into sending DNS traffic outside of the VPN tunnel. ExpressVPN apps offer DNS leak protection, but other apps and manual configurations might be vulnerable.
- Manual DNS setup. You (or software on your device) specifically told the operating system not to use DNS servers operated by ExpressVPN. Power users might require a particular DNS service, but for security reasons, it’s probably undesired for most people.