Today we’re going to talk about a security risk that can happen even when you’re being careful about your online privacy: DNS leaks. A DNS leak is when information about your third party requests leaks out of your VPN. But before we get into the details of how DNS leaks happen — and what you can do to prevent them and detect them — let’s talk about all of the individual components involved.

First, DNS, which stands for domain name system. Domain names are the addresses you type in when you want to access a website. For example, if you want to go to the Tenta website you type in tenta.com or https://tenta.com. Those are all domain names for Tenta. Pretty clear, right?

But it’s not so clear to a computer because computers don’t “speak” English — or Spanish or Mandarin or Swahili. Instead, they “talk” in numbers. Instead of domain names, the internet and other networks use internet protocol (or “IP”) addresses that are written out in numbers. It’s in translating the human name for a site to the computer name for the site that DNS servers come into the picture.

When you type in the human-language name of a website, your device reaches out to the DNS server to figure out the IP address associated with that human name. Once it finds the IP address, it connects you and brings you to the website you’re trying to access. And, of course, all of this happens in just a couple of seconds.

There would be no problem with this process, except cyber criminals have figured out a way to take advantage of it. It’s possible to infect devices with malware in order to intercept this exchange of information and redirect them to sites that look exactly like the sites people are trying to access, but are actually dummy sites. So, for example, they could clone your bank’s website and get all of your login info when you try to access your account. Or they could clone your email server and do the same. See the problem here?

One way to protect against this kind of threat is to utilize a VPN or Virtual Private Network. A VPN is a piece of software that creates a private, encrypted network for your computer, protecting any data that’s sent to or from your device over the internet. It creates a secure connection between you and the server, making an encrypted tunnel that data flows through.

In theory, that’s all you’d need to do to protect yourself against DNS cyber criminals intercepting your traffic. If the data is encrypted, after all, then it should be protected from any third-party requests.

And this is where DNS leaks come in. Some VPNs allow that information to slip out. This happens for one of a couple reasons, the first being that your VPN just doesn’t offer DNS protection. (If that’s the case, you can pretty much guarantee your data is being sent to third parties.) The second is that your VPN does offer DNS protection, but it’s just not very well built. Think of these as like a house with a leaky roof. You’re getting some protection, but you’re still getting dripped on.) And the final reason could be that your VPN doesn’t notify you when it disconnects, which exposes your DNS requests without you realizing it.

So what’s a security-conscious user to do? First, make sure you’re only using a high quality VPN. The Tenta VPN, for example, guarantees real encryption, without leaks. Tenta even offers a free Browser Privacy Test so you can see exactly what information is being revealed every time your device makes a DNS request.

Additionally, Tenta offers Tenta DNS, which is a privacy-first DNS solution that supports DNS over TLS and DNSSEC. Rather than defaulting to your device’s automatic DNS server — which exposes you not only to cyber criminals but also to spying from your ISP and the government — Tenta DNS promises totally private browsing.

DNS leaks happen, even for people who think they’re protecting themselves with a VPN. Instead of taking the risk, get started with the Tenta VPN Browser and ensure that your browsing is always private, every time.