Privacy & Security11 min read

What Is DNS and Why It Matters for Your Privacy

DNS is the internet phone book, but it can also expose your browsing activity. Learn how DNS works, what DNS leaks are, and how to secure your DNS queries for better privacy.

e
Huzaifa

What Is DNS?

The Domain Name System (DNS) is one of the most fundamental but least understood technologies powering the internet. Often called the "phone book of the internet," DNS translates human-readable domain names (like exevolv.io) into machine-readable IP addresses (like 192.168.1.1) that computers use to communicate with each other.

Every time you type a URL, click a link, or load an app that connects to the internet, a DNS query happens behind the scenes. Understanding how DNS works — and its privacy implications — is essential for anyone who values their online privacy.

How DNS Works

The DNS Lookup Process

When you type "exevolv.io" into your browser, here is what happens in milliseconds:

Step 1: Browser Cache Check Your browser first checks its own cache to see if it has recently looked up this domain. If found, the cached IP address is used immediately. Step 2: Operating System Cache If not in the browser cache, the query goes to your operating system's DNS resolver cache. Step 3: Router Check Your router may also have a DNS cache from previous lookups by any device on your network. Step 4: ISP DNS Server If no cached result is found, the query goes to your Internet Service Provider's DNS server (called a recursive resolver). This is where privacy concerns begin. Step 5: Root Name Servers If the ISP's DNS server does not have the answer, it queries one of the 13 root name server clusters that form the foundation of the DNS system. Step 6: TLD Name Servers The root server directs the query to the Top-Level Domain (TLD) server for the appropriate domain extension (.io, .com, .org, etc.). Step 7: Authoritative Name Server The TLD server directs the query to the authoritative name server for the specific domain, which returns the final IP address. Step 8: Response The IP address travels back through the chain: ISP DNS server, router, operating system, and finally to your browser, which can now connect to the website.

This entire process typically takes 20-120 milliseconds.

Why DNS Is a Privacy Problem

Your ISP Sees Everything

By default, your DNS queries go through your ISP's DNS servers. This means your ISP has a complete record of every website you visit, even if the website itself uses HTTPS encryption.

What your ISP can see from DNS queries:
  • Every domain name you access
  • When you accessed it (timestamps)
  • How frequently you visit certain sites
  • Patterns in your browsing behavior
What your ISP can do with this data:
  • Sell it to advertisers and data brokers
  • Use it for targeted advertising
  • Comply with government surveillance requests
  • Throttle certain types of traffic based on the domains you access

DNS Requests Are Unencrypted by Default

Standard DNS queries are sent in plain text over the internet. This means anyone who can observe your network traffic can see which websites you are looking up:

  • Your ISP
  • Public Wi-Fi operators
  • Network administrators
  • Government surveillance systems
  • Hackers on your local network (man-in-the-middle attacks)

DNS Leaks

A DNS leak occurs when your DNS queries are sent to your ISP's DNS servers instead of your intended DNS provider, often happening when you are using a VPN or proxy:

Common causes of DNS leaks:
  • VPN or proxy misconfiguration
  • WebRTC revealing your real DNS settings
  • Operating system DNS settings overriding VPN settings
  • IPv6 queries bypassing the VPN tunnel
  • Smart Multi-Homed Name Resolution on Windows
How to test for DNS leaks:
  1. Connect to your VPN or proxy
  2. Visit a DNS leak test website
  3. Check if the displayed DNS servers belong to your ISP or your VPN provider
  4. If you see your ISP's DNS servers, you have a DNS leak

Securing Your DNS

DNS over HTTPS (DoH)

DNS over HTTPS encrypts your DNS queries by sending them over the same HTTPS protocol used by secure websites:

Benefits:
  • Encrypts DNS queries, preventing ISP snooping
  • Prevents man-in-the-middle attacks on DNS
  • Bypasses DNS-based censorship
  • Works within the existing HTTPS infrastructure
How to enable DoH: Firefox:
  1. Open Settings, then Privacy and Security
  2. Scroll to DNS over HTTPS
  3. Select "Max Protection" or "Increased Protection"
  4. Choose a DNS provider (Cloudflare or NextDNS recommended)
Chrome:
  1. Open Settings, then Privacy and Security, then Security
  2. Enable "Use secure DNS"
  3. Choose a DNS provider
Windows 11:
  1. Open Settings, then Network and Internet, then Wi-Fi, then Hardware Properties
  2. Under DNS Server Assignment, click Edit
  3. Enable DNS over HTTPS

DNS over TLS (DoT)

DNS over TLS is an alternative encryption method that uses the TLS protocol directly:

DoH vs DoT:
FeatureDNS over HTTPS (DoH)DNS over TLS (DoT)
Port443 (same as HTTPS)853 (dedicated)
DetectabilityHard to distinguish from web trafficCan be identified and blocked
Browser supportBuilt into Chrome and FirefoxRequires system-level configuration
PerformanceSlightly more overheadSlightly faster

Choosing a DNS Provider

Not all DNS providers are equal. Here are key considerations:

Privacy-focused providers:
  • Cloudflare (1.1.1.1) — Fast, privacy-focused, audited no-log policy
  • Quad9 (9.9.9.9) — Non-profit, blocks malicious domains, privacy-focused
  • NextDNS — Customizable filters, detailed analytics, privacy controls
Providers to consider carefully:
  • Your ISP's default DNS servers (they log and may sell your data)
  • Google DNS (8.8.8.8) — Fast but Google logs queries for their use

DNS and Proxy/VPN Integration

When using a proxy or VPN for privacy, proper DNS configuration is crucial:

The Problem

Even with a VPN, your DNS queries might bypass the encrypted tunnel and go directly to your ISP. This reveals the websites you visit despite the VPN encryption.

The Solution

  • Ensure your VPN routes DNS queries through its own encrypted servers
  • Use a VPN with built-in DNS leak protection
  • Use proxy management tools that include DNS routing capabilities
  • Test for DNS leaks after connecting to your VPN

DNS-Based Content Filtering

DNS can also be used proactively to block unwanted content:

Blocking Malicious Websites

Services like Quad9 and OpenDNS automatically block known malicious domains at the DNS level, preventing your device from connecting to phishing sites, malware distribution servers, and command-and-control servers.

Blocking Ads and Trackers

DNS-level blocking services can block advertising and tracking domains:
  • Block ads across all devices on your network
  • No browser extension needed
  • Cannot be circumvented by website-level anti-adblock scripts
  • Works for apps, smart TVs, and IoT devices

Conclusion

DNS is a critical but often overlooked component of your online privacy. By default, your DNS queries are unencrypted and visible to your ISP, creating a detailed log of every website you visit. Securing your DNS with encrypted protocols like DNS over HTTPS, using privacy-focused DNS providers, and testing for DNS leaks are essential steps for protecting your online privacy.

Take action today: switch to a privacy-focused DNS provider, enable DNS over HTTPS in your browser, and test for DNS leaks if you use a VPN or proxy. These simple changes significantly reduce your digital footprint and protect your browsing activity from surveillance.

Tags

DNSPrivacySecurityNetworking
e

Written by Huzaifa

We build privacy-focused browser extensions and educational apps that empower users with better tools for a safer, smarter, and more productive digital experience.

Learn more about us

Continue Reading

All articles
exevolv.io
Privacy & Security

How to Protect Your Online Privacy in 2026: A Complete Guide

Your online privacy is more important than ever. Learn practical steps to safeguard your personal data, prevent tracking, and browse the internet securely in 2026.

exevolv.io
Privacy & Security

Understanding WebRTC Leaks: What They Are and How to Prevent Them

WebRTC leaks can expose your real IP address even when using a VPN. Learn what WebRTC is, how leaks happen, and effective ways to prevent them.

exevolv.io
Privacy & Security

The Complete Guide to Browser Extension Security: Stay Safe Online

Browser extensions are powerful tools, but they can also pose security risks. Learn how to evaluate, install, and manage extensions safely to protect your data.