Is Your VPN Actually Working? How to Run a DNS Leak Test
A lot of businesses and individuals in Jamaica use a VPN. Some use it to access content that is restricted by region. Others use it to protect sensitive communications or secure access to remote systems. A smaller number understand what is actually happening under the hood — and that is where things get risky.
One of the most common VPN problems is a DNS leak. You might have a VPN turned on, think you are protected, and still be sending your browsing activity directly to your ISP's servers. This article explains what that means, why it happens, and how to check whether it is happening to you right now.
What Is a DNS Leak?
Before you can understand a DNS leak, you need to understand what DNS does.
Every time you type a website address into your browser — say, ncb.com.jm or scotiabankonline.com — your device has to translate that human-readable name into an IP address. That translation is handled by a DNS server, which works like a phonebook: you give it a name, it gives you a number.
By default, your DNS queries go to servers run by your ISP. If you are on Flow, your queries go to Flow's DNS servers. If you are on Digicel, same deal. This means your ISP has a complete log of every domain you have attempted to visit, even if the actual content of those visits is encrypted.
When you connect to a VPN, the expectation is that your DNS queries are handled by the VPN provider's own servers, routed through the encrypted tunnel. Your ISP should no longer be able to see what you are looking up.
A DNS leak is when that does not happen. Your device establishes the VPN connection for regular traffic, but DNS queries slip outside the tunnel and continue going to your ISP's servers. From a privacy standpoint, you have a VPN that is not doing the most important part of its job.
How DNS Requests Can Bypass Your VPN Tunnel
This is not a theoretical problem. It happens regularly, and there are a few common causes.
Operating system DNS settings: Windows, in particular, has a feature where it queries multiple DNS servers simultaneously to speed up lookups and falls back to whichever responds first. If your VPN is not specifically blocking this behaviour, your ISP's DNS servers will often win the race, and the query never goes through the tunnel.
IPv6 traffic: Many VPNs handle IPv4 traffic correctly but either ignore IPv6 entirely or handle it inconsistently. If your connection supports IPv6 — and both Flow and Digicel are rolling it out — your DNS queries over IPv6 may bypass the VPN completely. The VPN dashboard says "connected" because the IPv4 tunnel is up, but your IPv6 activity is fully visible to your ISP.
Misconfigured VPN software: Some VPN clients — particularly older or cheaper ones — have bugs or configuration gaps that allow DNS to leak. Free VPN apps are especially prone to this. Even paid services are not immune if the client software has not been maintained properly.
Split tunnelling: Some VPNs offer split tunnelling, where only certain traffic goes through the VPN and other traffic goes directly to the internet. If DNS is not handled correctly in a split-tunnel setup, every DNS query for the "direct" traffic side exposes your browsing to your ISP.
VPN disconnections: When a VPN drops unexpectedly, there is often a brief window where your device reverts to its default DNS settings. Traffic during that window is fully exposed. Better VPN clients include a "kill switch" that blocks all traffic if the tunnel drops, preventing this. Cheaper ones often do not.
Real-World Consequences
If you run a business in Jamaica and use a VPN for any of the following, a DNS leak is a real risk worth addressing.
Financial services access: If your team connects to banking systems, payment processors, or accounting platforms through a VPN for security, a leak means your ISP can see which financial services you are accessing. That is a meaningful exposure.
Client confidentiality: Law firms, accountants, consultants, and healthcare providers all have obligations around client confidentiality. Browsing habits tied to specific client matters leaking through DNS are a professional risk, not just a technical one.
Staff privacy on remote connections: If your team works remotely and uses VPN to connect back to office systems, their browsing activity during work hours should not be visible to their home ISP. With a DNS leak, it is.
Competitive intelligence exposure: If you are researching competitors, suppliers, or acquisition targets, those searches going through your ISP's logs is not ideal.
None of this requires your ISP to be acting maliciously. ISPs are subject to data retention requirements and legal requests. Whatever they log can be accessed.
How to Test for a DNS Leak
Testing is simple and takes less than two minutes. Here is the process.
Step 1: Connect to your VPN. Use whatever VPN service or client you normally use. Make sure it shows as connected.
Step 2: Run the test. Go to run a free DNS leak test and run the test. It will show you which DNS servers your device is actually using for lookups.
Step 3: Check the results. Look at the server names and locations in the results.
- If you see servers associated with your VPN provider — that is the expected result. The tunnel is working correctly for DNS.
- If you see servers associated with Flow, Digicel, or any other ISP, you have a DNS leak. Your queries are bypassing the VPN tunnel.
You can also check your public IP and ISP before and after connecting to your VPN. If your IP address and ISP name have not changed after connecting, your VPN is not working at all — let alone handling DNS correctly.
Run both checks. The IP check tells you whether the VPN tunnel is active. The DNS leak test tells you whether DNS traffic is going through that tunnel.
What to Do If You Have a Leak
If the test confirms a DNS leak, here are the steps to work through.
Update your VPN client software. Outdated VPN clients are a common source of leaks. Check whether your provider has a newer version and update to it. This alone fixes many issues.
Enable DNS leak protection in your VPN settings. Most reputable VPN clients have a DNS leak protection toggle. Look for it in settings. If your VPN does not have this option, that is a meaningful product deficiency.
Disable IPv6 if your VPN does not support it. If your VPN only handles IPv4 traffic, the safest workaround is to disable IPv6 on the affected devices until you have a VPN that handles it properly. On Windows, this is done through Network Adapter settings. On macOS, it is in Network preferences. It is not ideal, but it closes the leak.
Enable the kill switch. If your VPN client has a kill switch option, turn it on. This blocks all internet traffic if the VPN connection drops, preventing the brief exposure window between a disconnection and reconnection.
Consider switching VPN providers. If you are using a free VPN or a low-cost service with a history of leaks, it may be worth moving to a provider with a stronger technical track record. There are guides comparing best VPNs for Jamaica based on local performance and leak test results.
For businesses: consider a hardware VPN or managed solution. Consumer VPN apps are fine for personal use, but businesses handling sensitive data should consider a managed VPN solution — either a hardware firewall appliance with site-to-site VPN capabilities, or a cloud-managed zero-trust access platform. These give you proper logging, reliable DNS handling, and centralized management rather than relying on each staff member's VPN client being configured correctly.
A Note on What VPNs Do Not Do
While we are here, it is worth being clear about what a VPN does not protect against.
A VPN hides your traffic from your ISP and encrypts data in transit. It does not protect you from malware on your device, phishing attacks, weak passwords, or breaches at the services you connect to. VPNs are one layer in a broader security posture, not a complete solution on their own.
For businesses, the full picture includes endpoint protection, multi-factor authentication, email security, and security awareness training for staff — not just a VPN. If your team has not done any formal training yet, CheckMiIP's Security Essentials guide is a free starting point that covers phishing recognition, password hygiene, and safe browsing habits. If your team is using personal devices with no endpoint management and relying on a VPN as the primary security control, you have gaps worth addressing.
Run a DNS leak test at CheckMiIP.com right now — it takes under 30 seconds and will tell you whether your VPN is actually doing its job.
If you want a proper assessment of your business's security setup — VPN, endpoints, email, access controls — contact the Systems Rubix team. We work with businesses across Jamaica and can tell you quickly where the real risks are.