Private DNS Servers — Encrypted DNS to Prevent ISP Snooping

There is a common misconception that HTTPS provides complete privacy. While HTTPS encrypts the data exchanged between your browser and a website, the DNS query that initiates the connection typically happens in plain text.

Every time you type a URL or click a link, your device sends a DNS query to convert the domain name to an IP address. Without VPN protection, this query goes to your ISP's DNS servers in plain text. Your ISP sees every domain you visit, when you visit it, and how often — even though they cannot see the specific pages or content.

DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) encrypt DNS queries, but they only protect the DNS path, not other traffic metadata. A VPN encrypts everything — DNS queries, connection metadata, and all traffic content — providing comprehensive privacy.

FreeGuard's DNS protection is integrated into the VPN tunnel. When connected, all DNS queries are automatically routed through the encrypted tunnel to trusted DNS resolvers, with no additional configuration needed.

DNS hijacking occurs when an attacker redirects your DNS queries to a server they control. This can happen at the router level (compromised home routers), ISP level (some ISPs redirect failed DNS queries to ad pages), or through malware that changes your DNS settings.

DNS poisoning inserts fake DNS responses into a resolver's cache, causing it to return the wrong IP address for a domain. Users are then directed to phishing sites even when they type the correct URL.

DNS filtering is used by ISPs and governments to block access to specific domains by refusing to resolve them. This is a common censorship mechanism that private DNS bypasses.

FreeGuard's DNS protection prevents all three threats. DNS queries travel through the encrypted VPN tunnel to trusted resolvers with DNSSEC validation enabled. No third party can intercept, redirect, or filter your DNS requests.