Skip to main content

What Is DNS? How the Domain Name System Works

DNS translates domain names into IP addresses — and by default, your ISP can see every domain you look up. Here is how DNS works and how a VPN protects it.

Quick Answer

DNS (Domain Name System) is the internet's phone book. It converts domain names like "google.com" into IP addresses like "142.250.80.46" so your browser knows where to connect. By default, DNS queries are unencrypted and visible to your ISP — a VPN routes them through private servers inside an encrypted tunnel.

  • • Every website visit starts with a DNS query — your browser asks "what IP is this domain?"
  • • Standard DNS (port 53) is unencrypted — your ISP sees every domain you visit
  • • DNS over HTTPS (DoH) encrypts queries, but a VPN provides stronger protection
  • • LimeVPN routes all DNS through private servers — invisible to your ISP

The Simple Explanation

DNS is the internet's phone book. When you type "google.com" into your browser, your device asks a DNS server: "What IP address does google.com use?" The DNS server replies with something like "142.250.80.46" and your browser connects to that IP.

Without DNS, you would need to remember IP addresses for every website you visit. DNS makes the web human-readable — but it also creates a privacy problem, because those queries reveal which sites you visit to whoever runs your DNS resolver.

How a DNS Lookup Works

1 You type "limevpn.com" browser asks OS for the IP
2 OS queries DNS resolver usually your ISP's server
3 Resolver queries nameservers finds authoritative answer
4 IP returned to browser browser connects → page loads

Your ISP's DNS resolver sees every domain in step 2 — unless you use a VPN or encrypted DNS.

Why DNS Privacy Matters

Most internet users do not realize their ISP can see every website they visit through DNS — even if the site uses HTTPS. DNS queries are separate from the encrypted page content.

ISP monitoring

Every DNS query reveals the domain you are visiting to your DNS resolver — usually your ISP. ISPs in many countries log, sell, or share this data with advertisers and government agencies.

Government surveillance

Many governments mandate ISPs to log DNS query data for surveillance purposes. DNS is one of the most common data sources for lawful intercept programs.

Unencrypted by default

Standard DNS queries travel over plain UDP on port 53 — visible to anyone on your network, your router, your ISP, and any network observer between you and the resolver.

Network-level tracking

DNS queries can be used to build a detailed profile of your browsing habits — which news sites you read, which services you use, even what time you are online.

DNS over HTTPS & DNS over TLS

Encrypted DNS alternatives — and why a VPN goes further.

DNS over HTTPS (DoH)

Port 443

Encrypts DNS queries inside HTTPS traffic. Queries look identical to normal web browsing — ISPs and network observers cannot distinguish DNS from regular HTTPS traffic.

Used by Firefox, Chrome, and major browsers when enabled.

DNS over TLS (DoT)

Port 853

Encrypts DNS queries inside a TLS connection on a dedicated port. More transparent than DoH (easily identified and potentially blocked) but still prevents content snooping.

Used by Android Private DNS and some routers.

DoH and DoT vs VPN: Encrypted DNS prevents your ISP from reading DNS queries, but it does not hide your traffic or IP address. A VPN encrypts all your traffic — including DNS — inside a private tunnel, providing significantly stronger protection. LimeVPN routes all DNS through private servers inside the encrypted tunnel.

How a VPN Protects Your DNS

When you connect to LimeVPN, all DNS queries are automatically routed through the VPN's private DNS servers inside the encrypted tunnel — your ISP cannot see them.

01

All DNS routes through VPN servers

Your device sends DNS queries to the VPN's own private DNS resolvers, not your ISP's. Your ISP only sees encrypted VPN traffic — not which domains you are querying.

02

Queries travel inside the encrypted tunnel

DNS queries are wrapped inside the same AES-256 encrypted tunnel as all your other traffic. Anyone monitoring the network sees only the encrypted VPN connection.

03

IPv6 blocked to prevent DNS leaks

LimeVPN blocks IPv6 traffic to prevent a common DNS leak vector where IPv6 DNS queries bypass the VPN tunnel and reach your ISP's resolver directly.

04

Kill switch closes the gap

If the VPN drops, the kill switch blocks all traffic — including DNS queries — until the VPN reconnects. No DNS leak can occur during the reconnection gap.

DNS — Frequently Asked Questions

What is DNS?
DNS (Domain Name System) is the internet's address book. It translates human-readable domain names (like "google.com") into the numerical IP addresses that computers use to connect to each other. Without DNS, you would need to memorize IP addresses for every website.
What is a DNS server?
A DNS server is a computer that stores DNS records and answers queries. When you type a web address, your device contacts a DNS resolver (usually provided by your ISP or router) which finds the IP address by querying authoritative nameservers. Popular public DNS servers include Cloudflare (1.1.1.1) and Google (8.8.8.8).
Can my ISP see my DNS queries?
Yes — if you're not using a VPN or encrypted DNS. Standard DNS queries are unencrypted (plain UDP on port 53) and visible to your ISP, router, and anyone monitoring your network. Your ISP can log every domain you look up. Using a VPN routes all DNS through the VPN's private servers — invisible to your ISP.
What is a DNS leak?
A DNS leak occurs when your DNS queries bypass the VPN tunnel and go directly to your ISP's DNS servers — even though your traffic is encrypted. This means your ISP can still see every domain you visit. LimeVPN prevents DNS leaks by forcing all queries through its own private DNS servers.
What is DNS over HTTPS (DoH)?
DNS over HTTPS (DoH) encrypts DNS queries inside regular HTTPS traffic (port 443), making them indistinguishable from normal web browsing. This prevents ISPs and network observers from reading your DNS queries. However, a VPN provides stronger protection by encrypting all traffic — not just DNS — inside a secure tunnel.

Protect Your DNS with LimeVPN

LimeVPN routes all DNS through private servers, inside an encrypted tunnel. No ISP snooping. From $5.99/mo.

Get LimeVPN — From $5.99/mo

AES-256 Encryption · No-Logs Policy · 30+ Locations · Kill Switch

Learn More

DNS Leak Test

Check instantly if your VPN is leaking DNS to your ISP.

VPN Kill Switch

How kill switches prevent your real IP from leaking.

WireGuard vs OpenVPN

Which protocol has better DNS protection built in.

LimeVPN Security Features

DNS protection, kill switch, AES-256 encryption explained.