DNS leaks expose your online activity to third parties. Every time you visit a website, your device asks a DNS server to translate the domain name into an IP address. If your system bypasses Control D and uses your ISP's default DNS, they can still log every site you attempt to visit. That means your browsing habits, interests, and even timestamps can be collected and monetized. A DNS leak undermines the privacy and control you thought you had. That's why leak testing is crucial.
A DNS leak happens when your operating system or network configuration routes DNS requests outside of your designated resolver. This often occurs when a device reverts to a default resolver (like your ISP or Google DNS) due to network hiccups, misconfigured settings, or software that ignores custom DNS preferences. Some routers also override DNS settings entirely, forcing all traffic through their own resolvers. If you're on public Wi-Fi, you're even more vulnerable. Without DNS over HTTPS or DNS over TLS enforcing encrypted routes, your device might silently leak DNS requests to whoever's running the network.
Not directly — DNS leaks don't reveal your IP in the same way a web tracker might. But they do expose where your DNS queries are going, and that's a big deal. If those queries are routed through your ISP or another third party, they can tie those requests back to your subscriber account, which does lead to your real-world identity. Even if your browsing traffic is encrypted (via HTTPS), a DNS leak creates a metadata trail that can be used to profile you.
First, use a DNS leak test (like the one on this page) to confirm whether you're leaking. If you are, the fix is simple: make sure your device or router is correctly configured to use only Control D's DNS resolvers. Use DNS-over-HTTPS (DoH) or DNS-over-TLS (DoT) to encrypt and lock your DNS traffic so it can't be hijacked or redirected. If you're using Control D on a router, disable DNS rebind protection or DNS override features that force default resolvers. For more robust protection, enable "Secure DNS" options in your browser to enforce system-wide rules.
DNS leaks don't just put your privacy at risk, they can expose you to surveillance, targeted ads, censorship, and even cyberattacks. ISPs and governments can log your DNS requests to build profiles, throttle content, or block access to specific websites. Ad networks can track which services you use based on your DNS history. In corporate environments, DNS leaks can unintentionally reveal internal infrastructure or employee activity to outsiders. And if DNS requests go unencrypted or to an untrusted resolver, attackers can spoof responses and redirect you to phishing sites or malware. Control D prevents all of this.