Your DNS requests, which are like asking for directions to a website, often travel outside your VPN's protection. With OllaVPN, your DNS requests are encrypted and stay inside the secure tunnel, all the way to our private, zero-log DNS servers. This means your internet provider can't see what sites you're trying to visit, even if your connection briefly drops.
Many VPNs rely on your operating system's default DNS settings, which can leave you vulnerable to leaks or manipulation. We've built DNS directly into the OllaVPN tunnel. This ensures all your requests are handled securely and privately from the moment you connect, without you needing to do any extra configuration.
This in-tunnel DNS is a core feature for all OllaVPN users, whether you're on our free 10 Mbps plan or OllaVPN Plus. It works seamlessly with our post-quantum ready encryption and the always-on kill switch to provide comprehensive privacy and security, helping us deliver on our promise of a truly free and private internet experience.
What is in-tunnel DNS and why is it so important?
In-tunnel DNS means your requests to translate website names into IP addresses happen securely within the VPN's encrypted tunnel, preventing your internet service provider (ISP) from seeing your browsing activity.
Normally, when you type a website address like "ollavpn.com" into your browser, your device sends a request to a Domain Name System (DNS) server, usually operated by your internet service provider (ISP), to find the corresponding numerical IP address. This happens *before* your connection to the website is made. If you're using a VPN but your DNS requests aren't handled by the VPN itself, your ISP can still see every website you try to visit, even if the content of those websites is encrypted by your VPN. This is what's known as a DNS leak, and it pretty much defeats the purpose of using a VPN for privacy. OllaVPN solves this by routing all your DNS requests directly through the encrypted VPN tunnel. This means your device asks OllaVPN's DNS servers for IP addresses, not your ISP's. Because this request travels inside the secure tunnel, your ISP can't see what websites you're looking up. It's fully encrypted from your device to our network, ensuring your browsing habits remain private from anyone who might be monitoring your internet connection. This in-tunnel DNS is a fundamental part of our privacy-first approach. It's not just about encrypting your data; it's about protecting the metadata too — the information *about* your data. Without it, even with a strong VPN, a significant part of your online activity could still be exposed. It's automatically enabled and always on with OllaVPN, so you don't have to worry about configuring it or accidentally exposing yourself to a DNS leak.How does OllaVPN's in-tunnel DNS work, step-by-step?
OllaVPN intercepts your DNS requests on your device, encrypts them, and sends them through the secure VPN tunnel to our private, no-log DNS resolvers, which then fetch the IP addresses for the websites you want to visit.
When you connect to OllaVPN, our app takes over your device's DNS settings. This means that instead of sending your domain name requests (like "ollavpn.com") to your internet provider's DNS servers, all those requests are immediately redirected to OllaVPN. From the moment you hit "connect," every bit of traffic, including your DNS queries, travels through our encrypted tunnel, making it impossible for your ISP or anyone else to see what sites you're trying to reach.
Once inside the tunnel, your DNS queries are sent directly to OllaVPN's private DNS resolvers. These aren't just any public DNS servers; they're infrastructure we operate ourselves, specifically designed to uphold our strict no-logs policy. They don't keep records of your activity, ensuring your browsing habits remain private. Using our own resolvers, rather than relying on third parties, is a critical part of how we protect your privacy end-to-end. Your requests stay within our trusted network until the very last step.
After our resolvers look up the IP address for the website you're visiting, that information is sent back to your device, still protected within the secure tunnel. Only then does your device know where to send the actual request for the website's content. This whole process happens incredibly fast, thanks to the efficiency of the WireGuard protocol that OllaVPN uses. Even in restrictive network environments, our QUIC option helps ensure your DNS queries and regular traffic continue to flow smoothly and securely, bypassing common blocking techniques.
What do other VPNs often get wrong with DNS, and how is OllaVPN different?
Many VPNs leave your DNS requests vulnerable to leaks or use third-party servers, while OllaVPN encrypts and routes all your DNS traffic directly through its own secure, private resolvers inside the VPN tunnel.
A lot of VPNs, especially the free ones from ad-funded free VPNs or freemium throttled VPNs, often overlook DNS security or cut corners. What happens is that even if your internet traffic is encrypted, your DNS requests – which are basically the phonebook lookups for websites – might still go through your internet provider or some third-party DNS server. This means your ISP can still see what sites you're trying to visit, even if they can't see the content of those sites. This is a pretty significant privacy hole, and it's called a DNS leak. Some VPNs try to fix this by using publicly available DNS resolvers like Cloudflare or Google. While these are often faster than your ISP's, they're still external entities that see your DNS traffic. Plus, if the VPN client doesn't properly force all DNS traffic through the tunnel, your operating system might default to its own OS-level DNS settings, leading to leaks. Imagine having a secure tunnel for your car, but the map you're using is still being read by someone outside the tunnel – that's what a DNS leak feels like. OllaVPN takes a different, more secure path. We operate our own private, zero-log DNS resolvers that are physically located within our VPN infrastructure. When you connect to OllaVPN, all your DNS requests are not only encrypted, but they're also routed exclusively through these resolvers, staying entirely within the secure VPN tunnel. This means your ISP, advertisers, or anyone else monitoring your network can't see your DNS lookups. There's no risk of DNS hijacking or accidental leaks because your operating system simply isn't allowed to use external DNS servers while OllaVPN is active. It's a complete, end-to-end privacy solution for your internet activity.What real-world threats does in-tunnel DNS protect you against?
In-tunnel DNS protects your online activity from being snooped on by your internet provider, bypasses government or corporate content filters, and helps prevent you from landing on malicious websites.
When you type a website address like "ollavpn.com" into your browser, your computer needs to translate that into an IP address (like 192.0.2.1) to find the server. This translation is handled by something called a Domain Name System, or DNS. Normally, your internet service provider (ISP) handles this for you, and because they do, they see every single website you try to visit. That's a huge privacy hole, letting them build a detailed profile of your online habits.
ISP tracking is a big concern for many people, especially when ISPs can legally sell anonymized browsing data in some regions. When you use OllaVPN, your DNS requests don't go to your ISP at all. Instead, they travel securely inside the encrypted VPN tunnel to OllaVPN's own DNS servers, which are designed to be privacy-friendly. This means your ISP only sees encrypted traffic going to our servers, not the specific sites you're visiting.
Beyond privacy, in-tunnel DNS is crucial for bypassing DNS censorship, which is when governments or corporations block access to certain websites by manipulating DNS requests. Because your requests are resolved within our network, you can often access content that would otherwise be blocked in your location. It also adds a layer of defense against phishing attacks. If you accidentally click on a link to a fake website designed to steal your login credentials, our DNS servers can sometimes identify and block access to known malicious domains, preventing you from ever reaching the dangerous site. Couple this with our always-on kill switch, and your connection is really buttoned up.
Are OllaVPN's DNS features on by default, and can you customize them?
Yes, OllaVPN's in-tunnel DNS is on by default, and while we handle the secure defaults, you retain control over your DNS server choice.
OllaVPN routes all your DNS queries through our secure, encrypted tunnels by default. This means you don't need to configure anything yourself; it just works. This setup prevents DNS leaks, which is a common vulnerability where your internet provider could still see the websites you're trying to visit, even if your actual traffic is encrypted by the VPN. We believe that true privacy means protecting *all* your data, and that includes your DNS requests. Our system is designed to provide this protection silently in the background, requiring no user input to keep you safe. While we manage the secure defaults, we also understand that some users prefer more user control over their network settings. If you want to use a specific DNS provider, like a privacy-focused public DNS or a content-filtering service, you absolutely can. You'll find the option to customize your DNS servers within the OllaVPN app settings. Just enter the IPs of your preferred DNS servers, and your OllaVPN connection will use those instead, still routing them securely through our tunnel. It's worth noting that our in-tunnel DNS works hand-in-hand with the kill switch, which is also on by default. If your VPN connection ever drops unexpectedly, the kill switch immediately blocks all internet traffic, preventing any data — including DNS requests — from leaking outside the secure tunnel. This combination ensures your online activity remains private and protected, whether you stick with our defaults or choose to customize them.How can you verify that OllaVPN's in-tunnel DNS is working?
You can verify OllaVPN's in-tunnel DNS by running a DNS leak test and checking that your DNS requests resolve to your chosen OllaVPN server location, not your real IP address.
The easiest way to confirm our in-tunnel DNS is doing its job is to use a DNS leak test website. Before connecting to OllaVPN, visit one of these sites and make a note of the IP addresses and locations shown for your DNS servers. They'll likely be from your internet service provider (ISP).
Now, connect to OllaVPN. Choose any server location you like. Once you're connected, go back to the DNS leak test website and refresh the page. What you should see is that all the DNS servers listed now match the country of your chosen OllaVPN server location, and the IP addresses should be different from what you saw before — they'll be OllaVPN's DNS resolvers. If you still see your ISP's DNS servers or any others from your actual location, you might have a DNS leak, but our app's always-on kill switch should prevent this.
This test confirms that your device is sending all DNS queries through the encrypted OllaVPN tunnel, preventing your ISP or anyone else from seeing what websites you're trying to visit. It's a quick and effective way to ensure your privacy is intact and that our in-tunnel DNS is fully functional.
What are the limitations of in-tunnel DNS, and what doesn't it solve?
In-tunnel DNS protects your DNS requests from being spied on by your ISP or local network, but it doesn't solve broader privacy issues like browser fingerprinting, website tracking, or malware.
While in-tunnel DNS is a powerful privacy tool, it's not a magic bullet for all online privacy concerns. Its primary job is to encrypt your domain name requests and route them through the VPN tunnel, preventing your Internet Service Provider (ISP) or anyone on your local network from seeing which websites you're trying to visit. This stops them from collecting data on your browsing habits or censoring access to specific sites based on DNS lookups.
However, it doesn't prevent websites themselves from tracking you. Once your connection is established, the website you visit can still use various methods like website tracking (cookies), supercookies, or browser storage to identify you and monitor your activity. Your browser's unique configuration and settings can also lead to browser fingerprinting, where websites gather enough information about your device and software to create a unique profile, even without traditional cookies. In-tunnel DNS simply doesn't touch these layers of interaction.
Think of it this way: in-tunnel DNS gets you to the front door of a website securely and privately, but it doesn't change what happens once you're inside. It won't protect you from malware if you download a malicious file, nor will it obscure your user behavior on a site once you've logged in or started interacting with its content. For those broader protections, you'd need additional tools and practices, like using privacy-focused browsers, ad blockers, and exercising caution about what you click and where you share personal information.
How does in-tunnel DNS integrate with OllaVPN's other privacy features?
OllaVPN's in-tunnel DNS is a fundamental part of our comprehensive privacy approach, working with features like post-quantum ready encryption, the kill switch, and 4-layer peer isolation to ensure your online activity remains truly private.
Think of in-tunnel DNS as making sure no part of your internet request ever leaves the secure VPN tunnel unprotected. When you type a website address, your device needs to translate that human-readable name (like ollavpn.com) into an IP address (like 104.26.1.189) that computers understand. This translation is handled by a DNS server. If that request goes outside the VPN, even for a split second, it's a privacy leak. With OllaVPN, your DNS requests travel securely inside the encrypted tunnel to our own private, zero-log DNS servers, meaning your ISP or anyone else can't see what sites you're trying to reach.
This integration is crucial for comprehensive privacy. For instance, the kill switch ensures that if your VPN connection ever drops unexpectedly, your internet access is immediately cut off. This prevents any data, including those sensitive DNS requests, from being sent over your unencrypted connection even for a moment. Combine that with our post-quantum ready encryption, which secures all data — including DNS traffic — against even future, more powerful computers, and you have a robust defense against various snooping attempts.
Furthermore, in-tunnel DNS works hand-in-hand with our 4-layer peer isolation. This advanced security measure ensures that even within our own network, your traffic is kept completely separate from other users. So, not only are your DNS requests hidden from external observers, but they're also isolated from anyone else using our service. It's all about building layers of protection, where each feature reinforces the others to create a genuinely private online experience, whether you're on our free plan or enjoying 10 Gbps on OllaVPN Plus.
Does in-tunnel DNS impact my connection speed or latency?
No, OllaVPN's in-tunnel DNS has a minimal impact on your connection speed or latency.
When you use OllaVPN, your DNS requests are handled securely within the VPN tunnel itself, rather than by your internet provider's DNS server. This means your DNS queries are encrypted and routed through our network, preventing your ISP from seeing what sites you're trying to visit. You might think adding this step would slow things down, but it's designed for efficiency. We use highly optimized DNS resolvers that are physically close to our VPN servers. This setup ensures fast DNS resolution, meaning the time it takes to look up a website's IP address is incredibly short. The overhead introduced by handling DNS within the tunnel is truly minimal, often unnoticeable for most everyday use. For OllaVPN's free plan, where your speed is capped at 10 Mbps, this barely registers. Even if there were a fractional delay, it wouldn't impact your overall experience because your bandwidth is the primary limiting factor. If you're on the 10 Gbps OllaVPN Plus plan, you're looking at speeds where the extra milliseconds for secure DNS are still negligible compared to the massive bandwidth available.Is OllaVPN's in-tunnel DNS future-proof against evolving threats?
Yes, OllaVPN's in-tunnel DNS is designed with future-proofing in mind, especially when combined with our post-quantum ready encryption.
When you use OllaVPN, your DNS requests don't just go to a public DNS server; they travel securely within the encrypted VPN tunnel. This means that even if a public DNS provider were compromised, or if your local network tried to snoop on your DNS lookups, that information remains private. This approach is inherently more secure than relying on external DNS resolvers, as it ensures your entire connection, from your device to the VPN server, is under our protection.
Our commitment to long-term privacy extends to how we handle the encryption protecting that tunnel. We're already post-quantum ready, meaning we've implemented quantum-resistant algorithms alongside traditional encryption. This makes your connection more resilient against potential future attacks from advanced adversaries, including those who might develop quantum computers capable of breaking current encryption standards. So, even as evolving threats emerge, your DNS traffic, along with all your other data, stays secure.
This combined approach ensures that your browsing history and online activity, which can often be inferred from DNS requests, are shielded not just today, but also well into the future. It's about making sure your connection remains forward-secure, meaning that even if an encryption key were somehow compromised in the future, past communications would remain protected. We believe this proactive stance is crucial for true online privacy.
Is in-tunnel DNS available on OllaVPN's free plan?
Yes, in-tunnel DNS is fully available on OllaVPN's free plan, just like every other core privacy feature.
You don't have to worry about your DNS requests leaking outside the VPN tunnel, even if you're using our free plan. In-tunnel DNS is a fundamental part of how OllaVPN protects your privacy, ensuring that all your internet traffic—including those initial requests to look up websites—stays encrypted and routed through our secure servers. It's not an add-on or a premium feature; it's just how we do things.
We believe core privacy shouldn't be paywalled. That's why features like in-tunnel DNS, the kill switch, and our post-quantum-ready encryption are available to everyone, whether you're on the $0 forever plan with its 10 Mbps speed cap, or you've upgraded to Plus. There's no card required to get started, and no hidden features locked behind a paywall; what you see is what you get.
Frequently asked questions
What does in-tunnel DNS protect me against in plain terms?
It stops your internet provider, or anyone else on your local network, from seeing what websites you're trying to visit. Think of it like putting your request to find 'ollavpn.com' into a sealed, encrypted envelope that only OllaVPN can open, preventing anyone from peeking at the address you're going to. It's a key privacy layer.
Is in-tunnel DNS on by default with OllaVPN?
Yes, absolutely! It's a core privacy feature, so we've made sure it's enabled by default for everyone, right out of the box. You don't need to configure anything to get this critical protection. We believe fundamental privacy shouldn't be something you have to hunt for in settings.
Can I turn off in-tunnel DNS in OllaVPN?
No, you can't turn it off. It's an integral part of how OllaVPN protects your privacy and prevents DNS leaks. Disabling it would compromise your security and defeat a major purpose of using a VPN. We keep it on to ensure you're always protected, whether you're on the free plan or Plus.
How can I verify that in-tunnel DNS is working?
You can use a third-party DNS leak test website. Connect to OllaVPN, then visit one of these sites. It should show that your DNS requests are being handled by OllaVPN's servers, not your internet provider's. This confirms your DNS traffic is securely routed through our tunnel, just as intended.
Does in-tunnel DNS slow down my internet connection?
Not noticeably. The overhead is minimal, and our private DNS resolvers are optimized for speed. You won't feel a difference in your 10 Mbps free plan speed, or even on the 10 Gbps OllaVPN Plus plan. It's designed to be fast and invisible, keeping your browsing fluid.
Will in-tunnel DNS break my smart-home devices or LAN access?
No, it shouldn't. In-tunnel DNS primarily handles external website resolution. Your local network access for smart devices or file sharing within your LAN should continue to function normally. Those requests typically don't go through the VPN tunnel, so your home setup stays connected.
Is OllaVPN's in-tunnel DNS implementation open source or audited?
While the specific implementation isn't open source externally, our entire system is built on well-vetted, open-source components like WireGuard. We're committed to transparency and plan for independent audits of our infrastructure as we grow. We want you to trust that it works as advertised.
How does OllaVPN's in-tunnel DNS compare to what other VPNs do?
Many VPNs rely on your operating system's default DNS, which can leak your activity. OllaVPN builds DNS directly into the encrypted tunnel, ensuring your requests never leave our secure environment. This crucial difference means your DNS queries are protected from the moment they leave your device.
What does in-tunnel DNS NOT protect against?
It won't stop websites from tracking you with cookies or browser fingerprinting. It also doesn't protect against malware or phishing attacks if you click a malicious link. It's a crucial layer for privacy by hiding your destination, but it's not a silver bullet for all online risks you might encounter.
Will in-tunnel DNS still work in 5 or 10 years?
Yes, we're building for the long term. Our DNS infrastructure is designed to be robust and secure. Coupled with our post-quantum-ready encryption, we're confident it will remain a strong privacy primitive for years to come, protecting your data against future threats.
Does the free plan include in-tunnel DNS?
Absolutely! Every OllaVPN user, whether you're on our free plan or OllaVPN Plus, gets the full benefit of in-tunnel DNS. We believe fundamental privacy shouldn't be behind a paywall, and you don't even need a card on file for it. It's part of our "free forever" promise.
How is in-tunnel DNS related to OllaVPN's post-quantum readiness?
In-tunnel DNS ensures your DNS queries are encrypted within the tunnel. Our post-quantum-ready encryption then protects that entire tunnel, including the DNS traffic, against future quantum computing threats. This offers end-to-end forward security for your privacy, future-proofing your connection.