DNS Leak Test
This test checks whether your DNS queries are leaking outside your VPN tunnel. We generate unique test subdomains, resolve them through your browser, and identify which DNS resolvers handled the requests.
What Is a DNS Leak?
A DNS leak happens when your browser sends domain name lookups outside the encrypted VPN tunnel, letting your ISP - or anyone watching the network - see every website you visit. Even if your IP address is hidden, an exposed DNS request reveals your browsing activity in plain text.
How Does This DNS Leak Test Work?
We generate several unique random subdomains and ask your browser to resolve them. When a DNS resolver queries our authoritative name server for those subdomains, we log its IP address. If any resolver belongs to your ISP rather than your VPN provider, you have a DNS leak. The entire process runs client-side and takes only a few seconds.
Why DNS Leaks Are Dangerous
- Your ISP can log every domain you visit and sell that data to advertisers.
- Network-level censorship filters can block specific domains.
- Man-in-the-middle attackers on public Wi-Fi can redirect your DNS queries.
- Government surveillance programs routinely collect DNS metadata.
How to Fix DNS Leaks
- Enable DNS leak protection in your VPN client settings.
- Switch to your VPN provider’s own DNS servers.
- Use encrypted DNS protocols - DNS-over-HTTPS (DoH) or DNS-over-TLS (DoT) - from a trusted resolver like 1.1.1.1 or 9.9.9.9.
- Disable IPv6 if your VPN does not tunnel it (check with our IPv6 Leak Test).
- Disable WebRTC to prevent IP leaks through browser APIs (check with our WebRTC Leak Test).
For a step-by-step walkthrough, read our full guide: How to Prevent DNS Leaks.
Related Tools & Guides
- IPv6 Leak Test - check if IPv6 traffic bypasses your VPN tunnel.
- WebRTC Leak Test - detect if WebRTC exposes your real IP address.
- Forward DNS Lookup - resolve any domain to its A, AAAA, MX, and other DNS records.
- IP Lookup - find geolocation, ASN, and risk data for any IP address.
Frequently Asked Questions
Can my ISP still see my traffic if I use DNS-over-HTTPS?
DNS-over-HTTPS (DoH) encrypts your DNS queries so your ISP cannot read them. However, your ISP can still see the IP addresses you connect to unless you also use a VPN. DoH protects DNS specifically - it does not replace a full VPN tunnel.
Why does this test show my ISP’s DNS even though my VPN is on?
Common causes include split-tunneling settings that route DNS outside the tunnel, IPv6 leaks on dual-stack networks, or your operating system falling back to its default DNS resolver. Check your VPN’s DNS leak protection toggle and disable IPv6 if your VPN does not support it.
How often should I run a DNS leak test?
Run a test every time you connect to a new network, switch VPN servers, or update your VPN client. Network configuration changes can silently reintroduce DNS leaks even if your setup was previously secure.