VPNs are marketed as a one-click privacy solution, which is probably why most people never think about double-checking after setting them up. As long as it says “Connected,” most of us just assume our browsing activity is completely hidden and secure. But that’s not always true.

There are several things that can still affect your privacy, and one of them is DNS leaks. It’s something that can expose your entire browsing activity to your ISP, network admin, or someone monitoring your network, even while your VPN appears to be working normally. The good thing is that it’s quite easy to detect and prevent DNS leaks and protect your privacy.

DNS leaks defeat the purpose of using a VPN

Your VPN may not be as private as you think

Most people think turning on a VPN is like pulling down a privacy curtain. Your IP changes, your traffic gets encrypted, and suddenly you’re invisible online. That’s what I thought too. But the default VPN setup usually has one critical weakness: DNS leaks. And if your VPN is leaking DNS requests, it means your connection is not as private as you think.

To understand DNS leaks, you first need to understand what DNS actually does. Every time you type in the name of a website like “makeuseof.com” into your browser, your device first asks the DNS server to translate that website address into an IP address computers understand. Normally, a properly configured VPN will always route those requests through its own encrypted DNS servers.

But when a DNS leak happens, those requests bypass the VPN entirely and go straight to your default DNS server, which is usually operated by your ISP. When that happens, your internet provider can still see which websites you’re visiting, even though you’re connected to a VPN.

For most users, this completely undermines the point of using a VPN in the first place. Your VPN app may still show “Connected,” but your DNS requests may be exposing your browsing history the entire time. What makes this scary is DNS leaks aren’t obvious, and you won’t realize it’s happening unless you check for them manually.

A quick DNS leak test can reveal a lot

Check who’s actually handling your traffic

The first thing I did after learning about DNS leaks was check whether my VPN was actually protecting me. This was surprisingly easy to do. All I had to do was visit DNS Test Leak and run a quick test. This site sends your device a series of domain lookup requests within its own testing domain. Your system then resolves those requests using whichever DNS server it’s currently configured to use.

There are two testing options available. The Standard test runs one round of six DNS queries, which is usually enough to confirm if your VPN is leaking your DNS requests. There’s also the Extended test, where it runs six rounds of six queries, which means a total of 36 requests. This obviously takes a little longer, but it’s designed to uncover every DNS server involved in the process.

Once the results appear, they should display DNS servers operated by your VPN provider, or at least servers located in the same region as your VPN connection. If you see your ISP’s name staring back at you, though, you’ve got a problem. It means your DNS requests are bypassing the VPN tunnel entirely, creating a DNS leak.

A few tweaks can stop DNS leaks completely

Better safe than sorry

In my case, there wasn’t actually a DNS leak, but I still wanted to ensure my connection stayed protected from future leaks. The easiest way to do this is by making sure my VPN has built-in DNS leak protection. I’m using Proton VPN, which automatically protects from DNS leaks by default. Some VPN providers, however, treat it as an optional setting, so it’s worth making sure options like “DNS Leak Protection” are turned on. This will force your device to always send DNS requests through the VPN tunnel instead of your ISP’s DNS servers.

Another feature I enabled was the VPN’s kill switch, and it works exactly the way it sounds. If the VPN suddenly ever disconnects, even for a few seconds, the kill switch cuts off the internet until the secure connection is restored. Without this, your device can still reconnect through your normal connection and potentially expose DNS requests any time the VPN connection drops.

Finally, I changed my device’s default DNS servers. This way, even when I’m not using a VPN or if it ever leaks DNS, my device still won’t use the ISP’s DNS. Instead, it’ll use a privacy-focused service that I’ve set up, like Cloudflare DNS or Quad9.

Like most people, I used to treat it as a one-click solution — something you turn on and forget about until you need to turn it off. But the truth is, a VPN is only as good as its configuration. DNS leak is just one example. There are several other important VPN settings that can affect how private, secure, and reliable your connection actually is.