One of the main reasons people use a VPN, or Virtual Private Network, is for privacy purposes. Many people don’t want their ISP, or Internet Service Provider, from knowing or tracking what websites they are accessing. Even if you are using a VPN though, your ISP may still be able to track what websites you’re browsing to, through your use of a protocol called DNS.
DNS or Domain Name System is a protocol that is used to translate the human-readable URL that you enter into your browser, into the IP address of the web server you need to communicate with. Most devices default to using a DNS server that is provided by your ISP. Even if you change this though, to use a third-party DNS server such as Cloudflare’s 220.127.116.11 service, your ISP may still be able to see your DNS traffic for two important reasons.
The first reason that your ISP may still be able to monitor what websites you browse to, is that the DNS protocol is unencrypted. This means that any DNS traffic you make is readable to any device that it passes through, including your ISP. The second reason is that your DNS traffic can leak from your VPN connection. Sometimes this is because the VPN provider doesn’t support tunneling your DNS traffic over the VPN, other times it’s more accidental and related to things like temporary disconnections.
For whatever reason it happens though, it is possible for you to be using a VPN for privacy and have your DNS traffic leak to your ISP. This can allow your ISP to monitor the websites you access.
The information in your DNS traffic could be used to track your interests and hobbies or learn about life events. For instance, if you browse to a cycling website, your ISP can learn that you like cycling and may sell this data to potential advertisers.
The solution to this is to ensure that your VPN provider tunnels your DNS traffic over the VPN. Some VPN providers do this by default but for other providers, you may need to specifically enable a setting to route your DNS traffic over the VPN. Unfortunately, not all VPN providers support tunneling DNS traffic at all, as is generally the case for free VPNs.
It’s also recommended that you enable a VPN kill switch if your VPN provider offers it. A VPN kill switch is a tool that blocks all internet traffic on your device if it disconnects from the VPN. A kill switch provides strong protection from a range of accidental leaks, including DNS leaks and helps keep your browsing activity private.