ExpressVPN protects your internet traffic and your DNS queries by running its own encrypted DNS on every VPN server.
Exposed DNS requests threaten your privacy. ExpressVPN’s private, encrypted DNS is both safer and faster. Here's how:
Every machine on the internet is identified by a string of numbers called an IP address. Your computer has an IP address, and so do all other computers, phones, servers, and networked devices. Some IP addresses are fixed, and some change periodically, and they are difficult for humans to remember.
That’s why IP addresses of websites need to be translated into words and phrases better suited for humans. We call these words URLs (Uniform Resource Locators).
DNS (Domain Name System) is a directory of all websites and services. If you have a URL, you can use DNS to look up its corresponding IP address.
Anyone can take part in the Domain Name System by running a server, but most people use a free DNS service. These services are usually run by internet service providers, content delivery networks, advertising networks, or, occasionally, volunteers.
Because free DNS services know which sites you are trying to visit and which services you subscribe to, the operators of these services can learn a lot about you.
Some free DNS services make money by building and selling profiles of their users. This information is mainly used for advertising. For example, it can be used to assess the marketing value of a website by determining how popular it is and where its visitors come from.
Innovations like DoH (DNS over HTTPS) and DoT (DNS over TLS) can protect DNS requests. Most free DNS services, however, still do not use DoH, DoT, or any other means of encryption. Not only can these services see your activity, but so can anyone listening in on your connection.
Many VPN services protect only your internet traffic and leave your DNS requests exposed and vulnerable. ExpressVPN solves this problem by running its own private, encrypted DNS on every VPN server.
When you use ExpressVPN, your DNS requests are handled directly by ExpressVPN, with no exposure to third parties. You don’t need to opt in to use ExpressVPN’s private DNS. The ExpressVPN app protects all DNS requests automatically, with the same encryption and tunneling protocols as all your other online activity.
Connecting through ExpressVPN means your DNS requests won’t fall into the hands of public Wi-Fi operators, marketers, hackers, or other third parties.
ExpressVPN does not keep activity or connection logs. This data can never be seen or exploited by third parties, because it was never stored in the first place.
Your DNS requests use ExpressVPN’s constantly optimized network and never leave the VPN tunnel, meaning you’re likely to get even quicker response times.
ExpressVPN protects both your DNS requests and the rest of your internet traffic from attacks and manipulations with the same best-in-class encryption.
The connection between you and the ExpressVPN server is automatically encrypted and authenticated, so DNS queries cannot be observed or altered.
Blocking DNS records is a common way for censors to filter your internet activity. ExpressVPN never blocks or limits your freedom to access websites and services.