DNS Leak Test

Check if your VPN or proxy is leaking DNS queries to your ISP

Run DNS Leak Test

This test queries multiple DNS test servers to detect if your DNS queries are going through your VPN or leaking to your ISP.

What is a DNS Leak?

DNS (Domain Name System) is like the internet's phone book - it translates domain names (like myip.foo) into IP addresses that computers can understand.

When you use a VPN, all your traffic (including DNS queries) should go through the VPN tunnel. However, a DNS leak occurs when:

Your ISP sees DNS queries: DNS requests bypass the VPN and go to your ISP's DNS servers
Privacy is compromised: Your ISP can see which websites you visit, even with a VPN
Location revealed: DNS queries may reveal your real geographic location
Defeats VPN purpose: You're paying for privacy, but your browsing history is still exposed

Privacy Risk: Even with HTTPS, a DNS leak allows your ISP to see which domains you visit, building a profile of your browsing habits.

How This Test Works

Our DNS leak test uses a unique approach to detect leaks:

Multiple Test Servers: We query several test endpoints to detect DNS resolution patterns
IP Tracking: Each server reports which IP address made the request
Comparison: We compare the IPs to your current VPN IP
ISP Detection: We identify if any DNS queries are going through your ISP
Geographic Analysis: We check if DNS servers are in your VPN's location or your real location

Expected result when using VPN: All DNS queries should come from your VPN provider's DNS servers, which should appear to be from the same IP/location as your VPN connection.

DNS leak detected when: Some DNS queries come from your ISP's DNS servers or from IP addresses in your real location (not VPN location).

How to Fix DNS Leaks

1. Use VPN's Built-in DNS (Recommended)

The best way to prevent DNS leaks is to use a VPN with automatic DNS leak protection. We recommend:

NordVPN - Automatic DNS leak protection, threat protection, and dedicated DNS servers. No configuration needed.

Other VPN providers with DNS leak protection:

ExpressVPN: Settings → Advanced → DNS Settings → "Use ExpressVPN DNS"
ProtonVPN: Automatic (no configuration needed)
Mullvad: Settings → DNS → "Use Mullvad DNS"

2. Configure System DNS

Windows:

Settings → Network & Internet → Change adapter options
Right-click VPN adapter → Properties
Internet Protocol Version 4 (TCP/IPv4) → Properties
Use these DNS servers:
- Preferred: 1.1.1.1 (Cloudflare)
- Alternate: 1.0.0.1 (Cloudflare)

macOS:

System Preferences → Network
Select VPN connection → Advanced
DNS tab → Add DNS servers:
- 1.1.1.1
- 1.0.0.1

Linux:

# Edit /etc/resolv.conf
nameserver 1.1.1.1
nameserver 1.0.0.1

3. Use Encrypted DNS

DNS over HTTPS (DoH):

Firefox: Settings → Privacy & Security → DNS over HTTPS → Enable
Chrome: Settings → Privacy and security → Security → Use secure DNS
Edge: Settings → Privacy, search, and services → Use secure DNS

DNS over TLS (DoT):

Supported by Android 9+ (Private DNS)
Requires DNS provider that supports DoT (Cloudflare, Google)

4. Third-Party DNS Services

Reliable DNS providers with privacy focus:

Cloudflare DNS: 1.1.1.1 / 1.0.0.1 (Fast, privacy-focused)
Google DNS: 8.8.8.8 / 8.8.4.4 (Fast, reliable)
Quad9: 9.9.9.9 (Blocks malware)
OpenDNS: 208.67.222.222 / 208.67.220.220 (Filtering options)

Pro Tip: Using your VPN provider's DNS is usually best, as it ensures all traffic stays within the VPN tunnel. Third-party DNS (like Cloudflare) is better than your ISP's DNS, but still not as private as VPN DNS.

Frequently Asked Questions

Can DNS leaks happen even with a good VPN?

Yes, DNS leaks can occur with any VPN if not configured properly. Common causes include: Windows using ISP DNS by default, browser DNS settings overriding VPN, or IPv6 DNS leaks when VPN only tunnels IPv4.

What's the difference between DNS leak and IP leak?

An IP leak (like WebRTC) exposes your real IP address. A DNS leak doesn't expose your IP, but it shows your ISP which websites you visit. Both are privacy risks, but in different ways.

Is DNS over HTTPS (DoH) the same as VPN DNS?

No. DoH encrypts DNS queries between your browser and DNS provider, preventing ISP snooping. However, the DNS provider (e.g., Cloudflare) can still see your queries. VPN DNS routes queries through the VPN tunnel, keeping them private from both ISP and DNS provider.

Why does my test show multiple DNS servers?

This is normal. Your system may use multiple DNS servers for redundancy and load balancing. As long as they're all VPN/privacy DNS servers (not your ISP's), you're safe.

Can I use this test on mobile?

Yes! This test works on mobile browsers (iOS Safari, Android Chrome). Mobile VPNs are especially prone to DNS leaks, so regular testing is recommended.

Check for WebRTC leaks too

DNS isn't the only way your privacy can leak. Test for WebRTC IP leaks as well:

Run WebRTC Leak Test

Learn more about DNS privacy: