DNS is what turns a domain name into an IP address. If your DNS queries leak outside the tunnel, your ISP or anyone monitoring the network can see what sites you're visiting even when the actual traffic is encrypted.
What we do
- The tunnel hijacks the system's DNS so every lookup goes through our resolver inside the VPN.
- Our resolver returns answers over DoH (DNS over HTTPS) and adds no logging.
- On Android, the no-fallback flag prevents the system from racing the VPN DNS against the carrier DNS.
- On iOS, NEVPN's DNS configuration overrides system defaults at the kernel routing level.
Verify it works
Visit Free Tools → DNS Leak Test while connected. You should see only SecureFox resolvers — no Google, Cloudflare, or your ISP.