Pinterest Stumbleupon Whatsapp

When you’re trying to stay anonymous online, a VPN is the simplest solution—with a click or two, your IP address, service provider, and location will be masked from any site that you go to and anyone trying to spy on your connection. But a DNS leak can totally undermine the purpose of a VPN. Here’s how to keep that from happening.

(A quick note before we go on: a DNS leak is only a privacy concern if you’re worried about your ISP monitoring your browsing. It has nothing to do with NSA surveillance Your Interest in Privacy Will Ensure You're Targeted By The NSA Your Interest in Privacy Will Ensure You're Targeted By The NSA Read More or other forms Could These NSA Cyber-Espionage Techniques Be Used Against You? Could These NSA Cyber-Espionage Techniques Be Used Against You? If the NSA can track you – and we know it can – so can cybercriminals. Here's how government-made tools will be used against you later. Read More of digital snooping.)

What’s a DNS Leak?

The domain name system (DNS) is a system for linking URLs (like and IP addresses ( When you use your browser to go to a website, it sends a request to a DNS server with the URL that you typed in, and it’s pointed to the correct IP address. This is a crucial piece of how the Internet works How The Internet Works [Technology Explained] How The Internet Works [Technology Explained] Read More .


Usually, DNS servers are assigned by your internet service provider (ISP), which means that they can monitor and record your online activities whenever you send a request to the server. When you use a virtual private network What Is The Definition Of A Virtual Private Network [Technology Explained] What Is The Definition Of A Virtual Private Network [Technology Explained] Read More (VPN), the DNS request should be directed to an anonymous DNS server through your VPN, and not directly from your browser; this keeps your ISP from monitoring your connection.

Unfortunately, sometimes your browser will just ignore that you have a VPN set up and will send the DNS request straight to your ISP. That’s called a DNS leak. This can lead to you think that you’ve stayed anonymous and that you’re safe from online surveillance, but you won’t be protected.


Obviously this is not good. So let’s take a look at diagnosing and stopping it.

Diagnosing the Leak

If your computer is using its default settings and not routing DNS requests through the VPN’s DNS server, it’s not going to be obvious; you’ll need to use a leak test. Fortunately, there’s an easy one to remember:


Just go to the site and click the “Standard test” button (if you’re really concerned about surveillance, you can click “Extended test”—it’s slightly more comprehensive, but takes a bit longer). If you see your own country and ISP listed on the results page, you’ll know that your ISP can monitor your connection. That’s not good.

Stopping the Leak

Okay, so we’ve diagnosed the leak. Now what? There are a few steps you can take to stop your DNS leak and prevent future ones. We’ll start with the simplest one.

Change DNS Servers

If your default DNS server is one that was assigned by your ISP, one of the easiest ways to keep them from seeing what you’re doing online is to change your DNS server. Even if you aren’t worried about DNS leaks, changing your default DNS server might be a good idea, as it might result in faster Internet speeds Find Fastest DNS and Optimize Your Internet Speed Find Fastest DNS and Optimize Your Internet Speed Read More .


The following DNS servers are well-maintained and will provide you with high performance and security:

  • Open DNS (preferred:, alternate:
  • Comodo Secure DNS (preferred:, alternate:
  • Google Public DNS (preferred:, alternate:

To learn how to change the DNS settings on your computer, check out Danny’s article, “How To Change Your DNS Servers & Improve Internet Security How To Change Your DNS Servers & Improve Internet Security How To Change Your DNS Servers & Improve Internet Security Imagine this - you wake up one beautiful morning, pour yourself a cup of coffee, and then sit down at your computer to get started with your work for the day. Before you actually get... Read More .”

Use a VPN with DNS Leak Protection

Some VPNs come with a feature that will monitor your DNS requests to make sure that they’re going through the VPN instead of directly to your ISP. To see if your VPN has this protection, open the settings; you should see an option that will check for and prevent DNS leaks.

So which VPNs include DNS leak protection? According to, Private Internet Access, TorGuard (both of which made it to our best VPNs list The Best VPN Services The Best VPN Services We've compiled a list of what we consider to be the best Virtual Private Network (VPN) service providers, grouped by premium, free, and torrent-friendly. Read More ), VPNArea, PureVPN, ExpressVPN, VPN.AC, and LiquidVPN all provide protection. If you’re using one of these VPNs, make sure your settings are set correctly. If you’re not, and you’re concerned about ISP surveillance, you might want to consider switching.

Using VPN Monitoring Software

Some VPN monitoring software also includes support for fixing DNS leaks. The pro version of VPNCheck will do this for you, as will OpenVPN Watchdog (if you’re using OpenVPN).


Because the options for fixing a leak this way are only with premium software, this likely won’t be the go-to strategy for many people, unless you’re already using VPN monitoring software to make sure your VPN connection is totally secure.

Disable Teredo

Teredo is a Windows-based techology that, in essence, allows communication across two IP protocols: IPv4 and IPv6. Both are present on the Internet, and in some cases, you’ll need to use something like Teredo to allow them to communicate (the specifics are pretty complicated, but you can learn more at the Teredo tunneling Wikipedia page). However, Teredo can sometimes cause DNS leaks, so you may want to disable it.

To disable Teredo, open the command line and type the following command:

netsh interface teredo set state disabled

If you need to re-enable Teredo at some point, you can use this command:

netsh interface teredo set state type=default

Plug Those Leaks

If you’re using a VPN, a DNS leak could be revealing more information than you’re aware of—so take the steps above to make sure that you’re not leaking information and, if you are, plug the leak.

Have you used any of the above strategies for diagnosing or stopping DNS leaks? Do you have any other recommendations? Share your best tips below!

Image credits: Leaky faucet (edited), United States network night map, Various connections implying a world map, Businesswoman with magnifier glass via Shutterstock.

Leave a Reply

Your email address will not be published. Required fields are marked *