EcoVPN Help Centre
DNS Leak Mitigation

DNS Leak Mitigation

DNS resolution can quietly reveal your location, ISP, and jurisdiction - even when your IP is masked. This guide explains how DNS leaks occur and how EcoVPN safeguards metadata exposure via resolver isolation and encrypted logic.

What Is a DNS Leak?

A DNS leak happens when your system sends domain queries to your ISP’s resolver, bypassing the VPN tunnel. Even with an encrypted connection, this leaks:

  • Your actual ISP name and jurisdiction
  • Signal timestamps and domain fingerprint patterns
  • Regional metadata based on resolver proximity

EcoVPN’s Mitigation Layers

  • All tunnels override system DNS using secure embedded resolvers
  • Config glyphs auto-inject DNS settings compatible with platform-specific clients
  • Public resolver use is restricted to vetted encrypted endpoints
  • Advanced deployments support DoH (DNS over HTTPS) and DoT (DNS over TLS)

Testing for DNS Leaks

  • Visit dnsleaktest.com and run the Extended Test
  • Ensure all resolvers listed belong to EcoVPN tunnel jurisdictions
  • If a third-party ISP appears, contact support to regenerate your config glyph

Platform-Specific Notes

  • Windows: Use the official WireGuard client with DNS override enabled
  • macOS: Ensure resolver.conf entries match tunnel scope
  • Linux: Set DNS = in your .conf or use resolvectl to confirm override
  • Mobile: EcoVPN QR includes platform-native DNS routing

“You can mask your IP - but if your DNS still whispers, the metadata hears everything.”

Resolver still exposed?

Request a config audit or enhanced DNS routing tunnel via support.

Create A Support Ticket