What is DNS block handling on Windows?

DNS block handling is a setting on the Proton VPN Windows app that allows you to choose between two methods of resolving DNS requests:

• Use Proton VPN’s NRPT policy: This is best option for most people and gives you the fastest possible VPN connection, especially on high-speed networks. (In some cases, your Windows device might not support this option.)
• Use default blocking method: This gives you the ability to use names like My-printer or router.local for devices on your local network instead of their IP addresses. This option works on all Windows devices.

What is DNS block handling?

DNS translates human-friendly domain names to computer-friendly IP addresses.

Learn more about DNS and how it works

Windows supports multicast DNS (mDNS). This feature lets you connect to devices on your local network (such as printers, routers, NAS drives, and smart TVs) using names like My-printer or router.local instead of their IP addresses. Much like regular DNS, Windows automatically translates the human-friendly text name into an IP address that computers understand.

By default, the Proton VPN Windows app routes all DNS requests through the VPN tunnel to be resolved either by us or your chosen third-party DNS service (if you’re using custom DNS), and blocks all DNS requests made outside the VPN tunnel.

The problem with this is that it bypasses Windows’ multicast DNS support, meaning that Windows can’t resolve text names for devices on your local network (such as My-printer or router.local). You can still connect to these devices, but you’ll need to do this using their IP addresses.

DNS block handling on the Proton VPN Windows app

You can customize how the Proton VPN Windows app handles DNS requests to devices on your local network. To do this, open the Proton VPN app and go to Settings → Connection → Advanced settings → DNS block handling and choose between:

• Use Proton VPN’s NRPT policy — This is the default setting used by the Proton VPN app. It routes all DNS requests through the VPN tunnel. This optimizes VPN speeds but prevents Windows multicast DNS support from working, so you’ll need to connect to local devices using their IP addresses. Note that some Windows devices don’t support this setting.
• Use default blocking method — This allows Windows to resolve DNS requests to local devices, allowing you to identify them using human-friendly text names (such as My-printer or router.local). Using this setting might result in lower speeds on high-speed networks, but it is compatible with all Windows devices.

Once you’ve changed the DNS block handling setting, you’ll need to reconnect the VPN for it take effect.

DNS block handling has no effect on how secure your VPN connection is. Both settings are equally secure.

Note that if Use Proton VPN’s NRPT policy is selected,  mDNS will fail even if the Allow local LAN connections setting is turned on. You can still connect to local devices using their IP addresses.