What is DNS and How Does a VPN Protect Your Queries?

KelVPN
13 Mar
About
12 min read

Have you ever wondered what happens in the split second after you type a website address into your browser and press Enter? The site opens — and it seems like magic. But behind that instant lies a complex and surprisingly fast process in which a system called DNS plays a key role. And if you're using a VPN, this process becomes even more interesting and secure.

In this article, we'll break down in detail, but in simple terms, what DNS is, how it works, why protecting it is critically important, and what role a VPN plays in this. You'll learn why even with a working VPN, your data can be vulnerable if you don't pay attention to DNS, and how KelVPN solves this problem.

DNS is the Internet's Phonebook

DNS explained

Translates human-readable website names (google.com) into computer-readable IP addresses (142.250.185.46). Without DNS, you'd have to memorize numbers instead of words.

Standard DNS Queries Are Unprotected

Unprotected queries

Normally, DNS queries are sent in the open. This means your ISP, a hacker on the same Wi-Fi network, or someone else can see which sites you visit.

A VPN Protects Your DNS Queries

VPN and DNS

A quality VPN routes all your DNS queries through an encrypted tunnel to its own secure DNS servers, hiding them from prying eyes.

KelVPN Uses Its Own DNS

KelVPN DNS

We guarantee that your DNS queries are processed on our servers, are not logged, and are protected with quantum-resistant encryption throughout their journey.

Download VPN Buy Key

Part 1. What is DNS in Simple Terms? The Internet's Phonebook

DNS stands for Domain Name System. Simply put, it's the internet's phonebook.

Imagine you need to call a friend. You don't memorize their phone number (that's hard), you open your phone's contacts, find your friend's name, and hit call. The phone automatically dials the correct number. DNS works exactly the same way:

The contact name is the website address you type in your browser, for example, kelvpn.com or google.com. Humans find words easy to remember.
The phone number is the IP address, for example, 185.125.188.59. Computers and servers communicate with each other using these numerical addresses.

When you type a website address, your computer contacts a DNS server (looks in the "phonebook") and asks: "What is the IP address for this website?" The DNS server finds the answer and tells your computer. Only then can your browser connect to the website's server and load its content.

How This Process Works: The Journey of a DNS Query

This process, called DNS resolution, takes milliseconds and involves several steps:

Request from the browser: You entered www.example.com. The browser sends a request to a special program on your computer — the resolver (stub-resolver).
Checking the local cache: The resolver first checks if it has looked up this address recently. If so, it stores the answer in its cache. This is like your personal notepad with recently found numbers. If the address is found in the cache, the process stops, and you instantly reach the site.
Request to a recursive DNS server: If nothing is in the cache, the resolver contacts a recursive DNS server. Usually, this is your Internet Service Provider's (ISP) server. This server's job is to find the answer for you, even if it means querying several other servers.
Journey through the hierarchy: The recursive server starts asking further:
- First, it contacts one of the 13 root servers worldwide. They know where to find information about top-level domains (such as .com, .ru, .org).
- The root server replies: "I don't know the IP address for example.com, but ask the server responsible for the .com zone."
- The recursive server goes to the .com zone server, which directs it to the server responsible for the example.com zone.
- Finally, the server responsible for example.com (the authoritative server) knows the exact IP address and returns it.
Returning the answer: The recursive server sends the IP address back to your computer. Your browser remembers it (caches it) and connects to the desired server.

This entire complex path happens in a fraction of a second, and we don't notice it. But at each stage, there are potential vulnerabilities.

Part 2. Why Standard DNS Is a Problem for Privacy and Security

The problem is that traditional DNS queries are sent in the open, without encryption. It's like shouting your friend's name and asking for their phone number in a crowded room. Here are the risks this creates:

1. Surveillance by Your ISP

Your internet service provider sees every website you visit because all your DNS queries go through its servers. The ISP can collect this data, sell it to advertising companies, or use it for other purposes. They know much more about you than you think.

2. Traffic Interception and Spoofing (DNS Spoofing)

On a public Wi-Fi network, an attacker can easily intercept your unencrypted DNS queries. Even worse, they can spoof the DNS response and redirect you to a fake website. You think you're logging into your online bank, but you're actually on a fraudulent page designed to steal your password.

3. Content Filtering and Blocking

ISPs or government bodies can block access to websites at the DNS level. When you try to visit a certain resource, the ISP's DNS server simply doesn't return its IP address, and the site won't open.

Part 3. How a VPN Changes DNS Operation: A Tunnel for Your Queries

This is where a VPN comes into play. When you connect to a VPN service, an encrypted tunnel is created between your device and the VPN server. All your internet traffic, including DNS queries, goes through this tunnel.

Here are the key changes in how DNS works when you use a good VPN like KelVPN:

1. DNS Queries Are No Longer Visible to Your ISP

Because the queries are encrypted and hidden inside the tunnel, your ISP can no longer see which websites you visit. They only see that you are connected to a VPN server. This solves the problem of ISP surveillance.

2. Using the VPN's Own DNS Servers

A quality VPN service does not trust the ISP's DNS servers. Instead, it configures your device to use its own secure DNS servers, which are located at the other end of the tunnel.

Here's what this means:

Your queries go to the VPN's DNS servers: When you turn on KelVPN, your computer starts sending all DNS queries not to your ISP, but to our special secure DNS server.
Queries never leave the tunnel: The entire path of the query — from your device to KelVPN's DNS server — happens inside the encrypted tunnel. This eliminates the possibility of interception or spoofing along the way.

3. Protection Against DNS Leaks

Sometimes, due to a configuration error or incorrect setup, a DNS query can "leak" outside the VPN tunnel and go directly to your ISP. This is called a DNS leak. A good VPN client includes protection against such leaks, ensuring that all queries only go through the tunnel.

4. Bypassing Blocks and Censorship

By using VPN DNS servers located outside a country with internet restrictions, you can access websites blocked at the DNS level by your ISP. You're simply "asking for the address" from a server that doesn't comply with local censorship.

Part 4. Public DNS vs. VPN DNS: What's the Difference?

You may have heard of public DNS services like Google Public DNS, Cloudflare DNS (1.1.1.1), or Yandex DNS. They can also be faster and more secure than your ISP's DNS, but there's an important difference from DNS built into a VPN.

DNS Type	Pros	Cons
ISP DNS	Works "out of the box", usually fast for local resources.	No privacy (surveillance), potential for blocking and filtering, vulnerable to spoofing.
Public DNS (Google, Cloudflare, Yandex)	Often faster than ISP DNS, may be more secure (phishing blocking), some (Cloudflare) promise privacy.	Queries are still not fully protected end-to-end unless using DoH/DoT. The owning companies (except Cloudflare) may collect data. Do not hide your IP from websites.
VPN's Own DNS Servers (KelVPN)	Maximum privacy: queries hidden from ISP and third parties. Protected by encryption inside the VPN tunnel. No leaks. Bypasses blocks.	Dependent on the VPN service's operation.

Important note about DoH (DNS over HTTPS): Modern browsers like Firefox and Chrome support DoH technology, which encrypts DNS queries between the browser and a special DNS server. This is good for privacy within the browser, but it can create a conflict with a VPN. If DoH is enabled in your browser and the VPN uses its own DNS, queries might bypass the VPN tunnel. Firefox, for example, may use DoH by default, which sometimes requires disabling this feature for correct operation with corporate or VPN gateways.

Part 5. What Are DNS Records and What Do They Have to Do with VPN?

DNS is more than just a name-to-IP mapping. It's a database that stores different types of records for different purposes. A VPN typically doesn't interact with them directly, but it's helpful to know they exist:

A Record (Address Record): The most important record. Links a domain name to an IPv4 address.
AAAA Record: The same, but for IPv6 addresses.
CNAME (Canonical Name): Allows the use of aliases. For example, www.kelvpn.com could be an alias for the main name kelvpn.com.
MX Record (Mail Exchange): Specifies which mail server is responsible for receiving email for that domain.
TXT Record: A text record used for various purposes: verifying domain ownership, configuring anti-spam policies (SPF, DKIM), and others.

When you use a VPN, all these types of queries made by your device also pass through the secure tunnel and are handled by the VPN's DNS servers.

Part 6. Advantages of KelVPN's Approach to DNS

At KelVPN, we pay special attention to protecting every aspect of your internet connection, including DNS. Here's what we do for your security:

Our Own DNS Servers: Each KelVPN server is equipped with its own DNS resolver. This means your queries are handled by us and not passed on to third parties.
Strict Zero-Logs Policy: We do not log your DNS queries. We don't know and don't want to know which sites you visit. Your history is your own business.
Quantum-Resistant Encryption: All your traffic, including DNS queries, is protected inside the tunnel using advanced algorithms resistant to quantum computer attacks.
DNS Leak Protection: Our applications have built-in protection that ensures no DNS query leaves the secure tunnel.
Speed and Reliability: Our DNS servers are optimized for fast performance, and the network's decentralized architecture ensures high availability.

Part 7. FAQ: Frequently Asked Questions About DNS and VPN

What is a DNS leak and how can I check if I have one? ▼

A DNS leak is a situation where your DNS queries, despite having a VPN enabled, are sent directly to your ISP, revealing your activity. You can check this using special websites (e.g., dnsleaktest.com). Simply connect to your VPN and run a test on such a site. If it shows your ISP's IP addresses, there's a leak. With KelVPN, you can be confident this won't happen.

Is simply turning on a VPN enough to protect my DNS? ▼

Yes, if you're using a quality VPN service like KelVPN. Turning on the VPN automatically reconfigures your device's network settings, routing all DNS queries through the secure tunnel to our own DNS servers. This provides complete protection.

Do I need to manually change DNS servers in Windows if I have KelVPN? ▼

No, you don't. The KelVPN application automatically manages all network settings during connection. Manually changing DNS could even create a conflict. We recommend leaving your network settings at default and simply connecting through our app.

What's better: DNS over HTTPS (DoH) in the browser or DNS from a VPN? ▼

DNS from a VPN is preferable because it protects all applications on your device, not just the browser. DoH in the browser only protects queries from that browser. Moreover, they can conflict. The best strategy is to rely on your VPN provider's DNS and, if necessary, disable DoH in your browser settings to prevent potential issues.

Can a VPN speed up DNS resolution? ▼

In some cases, yes. ISP DNS servers can be overloaded and slow. VPN services like KelVPN use optimized DNS servers that are often faster. Additionally, caching on the VPN side can speed up repeated queries.

Does KelVPN collect information about my DNS queries? ▼

No. We adhere to a strict zero-logs policy. We do not store information about which websites you visit or what DNS queries you make. Your privacy is our top priority.

Why might some sites not open even with a VPN? ▼

This could be related to DNS. Sometimes DNS servers (even public ones) may not have up-to-date information about a site. In rare cases, changing the DNS server in your VPN client's settings (if the option is available) or connecting to a different VPN server might help. A conflict with DoH in the browser is also possible.

Download VPN Buy Key