Skip to main content

DNS Leak Test — Check If Your VPN Is Leaking DNS Requests

Check if your DNS queries are leaking outside your VPN or proxy

Last updated: April 1, 2026

Running DNS leak test...

How this test works — and its limit: it compares the IP address that independent services see for your connection. Inconsistent IPs reveal traffic escaping your VPN, but the test cannot directly observe which DNS resolver your operating system queries. For full certainty, also check your OS/VPN DNS settings against your VPN provider's own tooling.

What is a DNS leak?

When you use a VPN or proxy, all your internet traffic — including DNS queries — should go through the encrypted tunnel. A DNS leak happens when your DNS requests bypass the tunnel and are sent directly to your ISP's DNS servers instead.

This means your ISP (or anyone monitoring your connection) can see which websites you're visiting — even if the rest of your traffic is encrypted. DNS leaks effectively defeat the privacy benefits of a VPN.

How this test works

This test makes requests to multiple independent services and compares the IP addresses they see. If all services see the same IP, your connection appears consistent. If different IPs are detected, some requests may be taking different network paths — a potential indicator of a DNS leak.

Connect to multiple test endpoints
Compare responding IPs across services
Flag inconsistencies as potential leaks

Why DNS Leaks Matter

DNS (Domain Name System) is the phone book of the internet — it translates human-readable domain names like "google.com" into IP addresses your device can connect to. Every website you visit starts with a DNS query, creating a detailed record of your browsing activity.

When you use a VPN, your DNS queries should travel through the encrypted tunnel alongside all other traffic. But misconfigurations in your OS, router, or VPN client can cause some or all DNS requests to bypass the tunnel and go directly to your ISP's DNS servers.

The result? Your ISP — and potentially anyone monitoring your connection — gets a complete list of every website you visit, even though the rest of your traffic is encrypted. This is a DNS leak, and it's one of the most common ways VPN users unknowingly compromise their privacy.

DNS leaks are especially dangerous because they're invisible. You won't notice any change in browsing speed or behavior. The only way to detect them is with a test like this one, which queries multiple independent endpoints and compares the responding IP addresses.

Go Beyond DNS — Test Your Full Privacy

DNS leaks are just one way your identity can be exposed. Run ipdrop's complete suite of privacy tests to understand exactly what the internet sees about you.

IP Lookup — See your public IP address, ISP, location, and network details as they appear to every website you visit.

WebRTC Leak Test — Check if your browser is revealing your real IP address through WebRTC, a protocol that can bypass VPN tunnels.

Browser Fingerprint — Discover how uniquely identifiable your browser is based on fonts, GPU, screen resolution, and dozens of other attributes.

Speed Test — Measure your connection speed to see how much overhead your VPN adds and whether your provider is throttling you.

How to Fix DNS Leaks

If your DNS leak test reveals a leak, don't panic — most leaks are caused by misconfigured settings that are straightforward to fix. Below are step-by-step instructions for each major platform. Always re-run the DNS leak test after making changes to confirm the fix worked.

Windows

1. Open Settings > Network & Internet > Advanced network settings > Change adapter options. 2. Right-click your active network adapter and select Properties. 3. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties. 4. Select "Use the following DNS server addresses" and enter a privacy-focused DNS like 1.1.1.1 (Cloudflare) or 9.9.9.9 (Quad9). 5. Repeat for IPv6 — or disable IPv6 entirely if your VPN doesn't support it. 6. Open Command Prompt as administrator and run: ipconfig /flushdns. 7. Reconnect your VPN and re-run the DNS leak test. Windows is especially prone to DNS leaks due to its Smart Multi-Homed Name Resolution feature — disable it via Group Policy Editor if leaks persist.

macOS

1. Open System Settings > Network. 2. Select your active connection (Wi-Fi or Ethernet) and click Details. 3. Go to the DNS tab. 4. Remove any existing DNS servers by selecting them and clicking the minus button. 5. Add privacy-focused DNS servers: 1.1.1.1 and 1.0.0.1 (Cloudflare) or 9.9.9.9 and 149.112.112.112 (Quad9). 6. Click OK, then Apply. 7. Open Terminal and run: sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder. 8. Reconnect your VPN and re-run the DNS leak test. If leaks persist, check if your VPN app has a "DNS leak protection" toggle — enable it to force all DNS queries through the VPN tunnel.

Linux

1. Check your current DNS configuration: cat /etc/resolv.conf. 2. If using systemd-resolved (most modern distros), edit /etc/systemd/resolved.conf and set DNS=1.1.1.1 and FallbackDNS=9.9.9.9. 3. Restart the service: sudo systemctl restart systemd-resolved. 4. If using NetworkManager, edit your connection: nmcli con mod "Your Connection" ipv4.dns "1.1.1.1 9.9.9.9" and nmcli con mod "Your Connection" ipv4.ignore-auto-dns yes. 5. To prevent DNS leaks with OpenVPN, add these lines to your .ovpn config file: script-security 2 and up /etc/openvpn/update-resolv-conf and down /etc/openvpn/update-resolv-conf. 6. Reconnect your VPN and re-test.

Router Level

1. Log in to your router's admin panel (typically 192.168.1.1 or 192.168.0.1). 2. Navigate to WAN or Internet settings and find the DNS configuration section. 3. Change from "Obtain DNS automatically" to manual. 4. Enter privacy-focused DNS servers: Primary 1.1.1.1, Secondary 1.0.0.1 (Cloudflare) or 9.9.9.9 / 149.112.112.112 (Quad9). 5. Save and reboot the router. This protects every device on your network. For maximum protection, configure your VPN at the router level — this ensures all traffic, including DNS, is encrypted before it leaves your network.

Frequently Asked Questions

What is a DNS leak and why should I care?
A DNS leak occurs when your DNS queries bypass your VPN tunnel and are sent directly to your ISP's DNS servers. This means your ISP can see every website you visit, completely undermining the privacy you expect from a VPN. DNS leaks are invisible during normal browsing — this test is the only reliable way to detect them.
How do DNS leaks happen?
DNS leaks can be caused by misconfigured VPN clients, operating system DNS settings that override the VPN, IPv6 traffic not being routed through the tunnel, or the VPN disconnecting briefly and your OS falling back to default DNS. Windows is particularly prone to DNS leaks due to its multi-homed DNS resolution behavior.
How do I fix a DNS leak?
Use a VPN that includes built-in DNS leak protection (most reputable VPNs do). You can also manually set your DNS servers to a privacy-focused provider like Quad9 (9.9.9.9) or Cloudflare (1.1.1.1), disable IPv6 if your VPN doesn't support it, and enable your VPN's kill switch to prevent leaks during disconnections.
Can my ISP see my browsing history if I use a VPN?
If your VPN is configured correctly and there are no DNS leaks, your ISP can only see that you're connected to a VPN server — not which websites you visit. However, if DNS queries leak outside the tunnel, your ISP can see your full browsing history. That's why running a DNS leak test is essential.
What's the difference between a DNS leak and a WebRTC leak?
A DNS leak exposes the websites you visit by sending DNS queries outside your VPN tunnel. A WebRTC leak exposes your real IP address through browser APIs used for video calling. Both bypass your VPN but in different ways. You should test for both to ensure complete privacy.

All tests run from your browser. No data is stored or sent to our servers.

Privacy Tools

What Is My IP?

VPN Check

WebRTC Leak Test

Fingerprint

What Is a VPN?

Proton VPN