Return to protonvpn.com Facebook   Twitter   Reddit   ProtonMail
Support Center / Troubleshooting / How to activate DNS leak protection?

How to activate DNS leak protection?

Whenever a web connection is made, a computer will first translate a domain name into an IP address. This lookup is done via DNS servers. Thus, DNS lookup records also contain a log of all websites visited.

To activate ProtonVPN’s DNS leak protection, please follow these steps:

 

  1. Open the ProtonVPN app
  2. Press Settings and select account
  3. Locate ‘DNS Option’, you can find it in the Preferences section on the right
  4. Click the box titled ‘Leak protection’

 

 

Related questions

How to change VPN protocols?

How to check for updates?

How to improve internet speed?

Does ProtonVPN store user information?

Post Comment

40 comments

  1. logan palmetto

    John’s fix for Firefox browser worked for me. Thanks!

  2. Syberkonda

    DNS leaks are present on both Windows 10 and Android. Using free account.

  3. ProtonVPN Team

    Hello, please contact our customer support team and we will do our best to investigate the issue and help you out. https://protonvpn.com/support-form

  4. Chicken Turtle

    Protonvpn is leaking my DNS.
    I am using the CLI under linux (galliumos). I tried to find the “DNS leak protection option.” It’s nowhere to be found.
    According to the protonvpn support page, to activate DNS leak protection, you’re supposed to
    Open the ProtonVPN app
    Press Settings and select account
    Locate ‘DNS Option’, you can find it in the Preferences section on the right
    Click the box titled ‘Leak protection’
    I logged in to account.protonvpn.com/settings and there’s nothing, no “DNS option.”
    Does protonvpn have DNS leak protection, and if so, how do I activate it?

  5. ProtonVPN Team

    Hello,

    Could you please contact our support with detailed information or screenshots of leaks ? We will provide steps to solving DNS leaks.
    https://protonvpn.com/support-form

  6. amanda

    i have this same problem. and also get this response in terminal no matter what I have configured for ipv6 or not

    Connecting…
    [!] Error connecting to VPN.
    [!] There are issues in managing IPv6 in the system. Please test the system for the root cause.
    Not being able to manage IPv6 by protonvpn-cli might cause issues in leaking the system’s IPv6 address.

  7. ProtonVPN Team

    Hello Amanda, what linux distribution are you currently using? Do you use any third party host blockers? As we know that one host-blocker somehow interferes with the openvpn linux client too.

  8. amanda

    The latest Mint. NO host blocker.

  9. ProtonVPN Team

    Hello Amanda, are you sure you have all of the latest updates and packages required for the cli-tool installed? There could be something simply missing on your OS that interferes with the connection being established.

  10. Bartosz

    In my case this works for me – no leaks –
    in – resolve.conf
    ———————————————
    nameserver – 192.168.0.120 # local IP Address
    nameserver – 10.8.8.1
    ———————————————

    # openvpn –config se-04.protonvpn.com.udp1194.ovpn

    /etc/openvpn/update-resolv-conf tun0 1500 1585 10.8.8.47 255.255.255.0 init
    dhcp-option DNS 10.8.8.1

    /sbin/ip route add 185.159.156.6/32 via 192.168.0.1
    /sbin/ip route add 0.0.0.0/1 via 10.8.8.1
    /sbin/ip route add 128.0.0.0/1 via 10.8.8.1
    Initialization Sequence Completed
    ———————————————
    # route -n
    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    0.0.0.0 10.8.8.1 128.0.0.0 UG 0 0 0 tun0
    0.0.0.0 192.168.0.1 0.0.0.0 UG 100 0 0 eth0
    10.8.8.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
    128.0.0.0 10.8.8.1 128.0.0.0 UG 0 0 0 tun0
    185.159.156.6 192.168.0.1 255.255.255.255 UGH 0 0 0 eth0
    192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0

    Minus of this settings – no connection if not on VPN – As there are No Public DNS Servers in resolve.conf.
    I dont use public DNS anyway – works for me.

  11. wohoo

    Friends, results from dnsleaktest.com were great, using Networkmanager, Opensuse distribution, surprisingly, without command line. I don’t know why exactly, but browser did pass extended test (which meant only 1 server was found, that one of ProtonVpn). Yeah

  12. Vincent

    Is it possible that the DNS leak protection actually slows down the DNS loopup by several seconds? I did some test with the developer options in Opera and a DNS loopup of 5 Secs is not unusual with the VPN enabled. I am connected to the server in my country.

  13. wow

    In the script you can just add “block-outside-dns” if user run OpenVPN v2.3.9+ it’s working for me

  14. Chicken Turtle

    what script?

  15. EquinoxMist

    Any update on the DNS leak situation?

  16. ProtonVPN

    We see limited options to stop DNS leaks while using network manager. We’ll have linux specific config files which will include necessary commands to prevent DNS leak when running from the command line soon, stay tuned

  17. J

    Still leaking.

  18. ProtonVPN Team

    Hello, please try using our command line tool and tell us if it still leaks or not. https://protonvpn.com/support/linux-vpn-tool/

  19. Luigi

    I can confirm that 16.04 with network manager does not look like its leaking on dnsleaktest.com

  20. sam

    When will the new ovpn scripts be released?

  21. sam

    I just downloaded the new scripts dated 04/26. Are these the corrected update scripts?

  22. sam

    What is the status of these updates? When can we expect them?

  23. UltraViolet

    so after all these comments on leaking DNS on Linux how do i get this to work on Mint 18 in the network manager?

  24. ProtonVPN

    for now, the best fix is to append the below lines to your ovpn config file
    script-security 2
    up /etc/openvpn/update-resolv-conf
    down /etc/openvpn/update-resolv-conf

    and then running it through the command line using
    sudo openvpn --config name_of_your_file.ovpn
    To be clear, the network manager does _not_ execute these properly.
    We’ll be releasing properly adjusted linux ovpn files and instructions soon.

  25. Tod

    On Ubuntu 16.4, this solution does not seem to execute properly either. A test will show the VPN’s servers as well as the ISP’s. Thanks

  26. Nathan Meadows

    bash script to update all ovpn files (copy&paste into terminal next to your ovpn files):

    echo ”
    script-security 2
    up /etc/openvpn/update-resolv-conf
    down /etc/openvpn/update-resolv-conf
    ” | tee -a *.ovpn

  27. V

    Thanks for this. Any word on when these files will be updated to prevent the dns leak via nm?
    FWIW, I run my own VPNs and have no dns leaks — but I connect via the command line. I never use nm. I’d love to, though, so if you figure out how to make the nm configs work, I’m all ears!

  28. ProtonVPN

    currently the best bet looks like running it via CLI with the necessary script security lines included. Config generator will be available for launch

  29. Mario

    Under Ubuntu 16.04 LTS, there is indeed a DNS leak when using Ubuntu’s network manager.
    When i add

    script-security 2
    up /etc/openvpn/update-resolv-conf
    down /etc/openvpn/update-resolv-conf

    to the end of the .ovpn file and launch it via the terminal:

    sudo openvpn ch-01.protonvpn.com.udp1194.ovpn

    everything is fine (checked via dnsleaktest.com).

    However, if I start the same .ovpn with the Ubuntu Network manager (edit connections…), the DNS leaks…

  30. Anon

    I’m using linux and its network manager. I just tested the “is-nl-01” config file with OpenVPN and then went to : https://www.dnsleaktest.com/ and performed an “extended test”.
    The previously mentioned website states :
    “If you are connected to a VPN service and ANY of the servers listed above are not provided by the VPN service then you have a DNS leak and are choosing to trust the owners of the above servers with your private data.”

    I get a server in NL, and one… In Germany. I guess this is not normal behaviour, right ?
    The german DNS : 78.46.223.24 static.78-46-223-24.clients.your-server.de Hetzner Online GmbH

    Side note : I can tell you it’s not likely a misconfiguration on my part since my usual VPN works the same way as yours (using a config file in NW Manager) and I have no such behavior.
    Also it doesn’t happen all the time. Sometimes, only the NL one shows up.

  31. anonimo-x

    if I use ubuntu and I connect using ubuntu network manager, I have DNS leak protection? thank you

  32. ProtonVPN

    Hi Anonimo-X, yes you will have DNS leak protection when using the Ubunutu Network Manager.

  33. fewter

    I don’t believe this is correct. At least it doesn’t work for me on the latest version of Linux Mint. If I use the standard .ovpn files, DNS requests are still resolved by my ISP. (Tested using https://www.dnsleaktest.com.) I need to do two things to stop this.

    First, add the following to the .ovpn file, just before the … block:

    script-security 2
    up /etc/openvpn/update-resolv-conf
    down /etc/openvpn/update-resolv-conf

    Second, don’t use Network Manager but run the script from the command line:

    sudo openvpn –config [path to config file]

  34. ProtonVPN

    Hi fewter, could you please contact our support team using the support form. We’ll be happy to take a look at your DNS situation.

  35. Casey

    I have the same issue. Was there a fix?

  36. John

    I can confirm the DNS leak and that this fix partly resolves it, but it will still fail the webrtc leak at ipleak.net

    How to disable WebRTC

    If you use Chrome:
    – Download the extension Block WebRTC

    If you use Firefox
    – Type about:config in the address bar
    – Click on “I’ll be careful”
    – In the searchbar type: media.peerconnection.enabled
    – Doubletap it so the value changes to “false”.

    The best solution however would probably be to use the VPN at your router if you can.

  37. anonyme

    Hi fewter same issue for me with mint, Dns leaks is ok only if if I use the terminal to start vpn

  38. mark

    Strange doesn’t seems to have dns leak protection on ubuntu 16.10 using network manager (conf imported).
    Checked on https://ipleak.net and https://dnsleaktest.com/.
    Could you please confirm ?

  39. ProtonVPN

    Hi mark, please contact our support team and we’ll be happy to have a look. Thanks

  40. protonuser

    I can confirm fewters comment.

    When connecting with the default ProtonVPN files, both from terminal and Network Manager, tests show the DNS servers that I use.

    After changing the .ovpn as specified by fewter and connecting from terminal, the test shows only the Proton server.
    Using the modified .ovpn file in Network Manager does not work. That still shows my DNS servers.

Leave a Reply

Your email address will not be published. Required fields are marked *

Don't find your answer? We're happy to help you!     Contact Our Support Team

Secure Your Internet Today

Get ProtonVPN