← Back to Blog
Threats & Safety2025-11-296 min

DNS Leaks Explained: How to Test and Fix Them

DNS leaks can expose the sites you try to visit even while your VPN is connected. Here’s how leaks happen, how to test, and how to fix them.

DNS leaks can expose the sites you try to visit even while your VPN is connected. Here’s how leaks happen, how to test, and how to fix them.

This article is built to answer the real questions people ask, not to sell you a fairy tale. If you want quick takeaways, skim the headings. If you want the details, the paragraphs are there because reality is longer than a slogan.

What a DNS leak is (and why it matters)

DNS is how your device turns a domain name (like a website) into an IP address. If your DNS requests go outside the VPN tunnel, you can leak browsing intent even when the rest of your traffic is encrypted.

That means a VPN can hide your IP to the destination, but your DNS may still reveal what sites you’re trying to reach to your ISP or network operator.

  • DNS = where your device asks “where is this site?”
  • A leak happens when DNS bypasses your VPN tunnel
  • Result: partial visibility even when using a VPN

Common causes of DNS leaks

Leaks happen for boring reasons: misconfigured VPN apps, OS behavior, split tunneling without care, or a VPN drop without kill switch protection.

IPv6 handling can also cause leaks if the VPN isn’t set up to route or safely disable it.

  • VPN app not forcing DNS through the tunnel
  • Kill switch disabled and the tunnel drops
  • Split tunneling misconfiguration
  • IPv6 traffic bypassing the tunnel

How to test for DNS leaks

Testing is simple: connect to the VPN, then run a DNS leak test using a reputable test page. The goal is that DNS resolvers shown should match the VPN’s expected setup, not your ISP.

If you see your ISP or local network resolver while connected, you probably have a leak.

  • Test with VPN on
  • Check resolvers shown: should not be your ISP
  • Repeat after switching servers to confirm consistency

How to prevent DNS leaks

Prevention is mostly about good defaults: a VPN that properly routes DNS, plus a kill switch, plus correct IPv6 handling.

If you’re advanced, be careful with custom DNS settings, split tunneling, and multiple network adapters.

  • Use a VPN with proper DNS handling
  • Enable kill switch
  • Avoid sloppy split tunneling
  • Make sure IPv6 is handled safely

The honest takeaway

DNS leaks are one of the easiest ways to ruin the privacy benefits of a VPN while thinking you’re protected. The fix is not paranoia, it’s verification: test once, then check again after major updates.

If your VPN provider doesn’t talk about DNS behavior, that’s not “mysterious security,” it’s a red flag.

Get Stellar VPN

Want Swiss-based privacy without the marketing nonsense? Use Stellar VPN and protect your connection in seconds.

Get Stellar VPN
Ready to lock down your connection?
Swiss no-logs privacy. Fast connections. Simple apps.