A DNS leak happens when your DNS lookups travel outside your VPN tunnel — directly to your ISP — even though the rest of your traffic is encrypted. Your ISP can then see every domain you visit.

How does this DNS leak test work?

We make DNS lookups from your browser and report which servers responded. If the responding server belongs to your ISP rather than your VPN provider, you have a DNS leak.

My VPN is on but I see my ISP's DNS — is that a leak?

Yes. A correctly configured VPN should route DNS through its own resolvers (or a privacy-respecting third party like Cloudflare 1.1.1.1). Seeing your ISP means DNS is bypassing the tunnel.

How do I fix a DNS leak?

Enable your VPN provider's built-in DNS leak protection (most have a setting). On Windows, disable Smart Multi-Homed Name Resolution. On Linux, set your VPN's DNS in resolv.conf or use systemd-resolved.

Is a DNS leak dangerous?

It defeats the point of using a VPN for browsing privacy. Your ISP, government, or anyone monitoring the network can still build a profile of every domain you visit, even though page contents are encrypted.

What Is My IP?Fingerprint DNS Leak Test WebRTC Leak Test Speed Test VPN Check IPv6 Leak Test Privacy Test What Is a VPN?Are VPNs Legal?Proton VPN vs NordVPN VPN vs Proxy vs Tor What Is 2FA?Public Wi-Fi Security Encrypted Email Encrypted Storage How to Hide Your IP Privacy Checklist Proton VPN Proton Drive NordVPN Proton Pass Privacy Policy Terms of Service Contact Us All Articles Best VPN for iPhone & Android Most Private Desktop OS (2026)Phishing Protection Guide Most Private Browser (2026)Proton Drive vs Google Drive Proton Pass vs Bitwarden Signal Private Messenger

JavaScript is required for interactive tools (IP Lookup, Speed Test, DNS & WebRTC Leak Tests, Fingerprint). Articles and guides work without it. Learn how to enable JavaScript

DNS Leak Test — Check If Your VPN Is Leaking DNS Requests

Check if your DNS queries are leaking outside your VPN or proxy

Last updated: April 1, 2026

Running DNS leak test...

What is a DNS leak?

When you use a VPN or proxy, all your internet traffic — including DNS queries — should go through the encrypted tunnel. A DNS leak happens when your DNS requests bypass the tunnel and are sent directly to your ISP's DNS servers instead.

This means your ISP (or anyone monitoring your connection) can see which websites you're visiting — even if the rest of your traffic is encrypted. DNS leaks effectively defeat the privacy benefits of a VPN.

How this test works

This test makes requests to multiple independent services and compares the IP addresses they see. If all services see the same IP, your connection appears consistent. If different IPs are detected, some requests may be taking different network paths — a potential indicator of a DNS leak.

Connect to multiple test endpoints

Compare responding IPs across services

Flag inconsistencies as potential leaks

Why DNS Leaks Matter

DNS (Domain Name System) is the phone book of the internet — it translates human-readable domain names like "google.com" into IP addresses your device can connect to. Every website you visit starts with a DNS query, creating a detailed record of your browsing activity.

When you use a VPN, your DNS queries should travel through the encrypted tunnel alongside all other traffic. But misconfigurations in your OS, router, or VPN client can cause some or all DNS requests to bypass the tunnel and go directly to your ISP's DNS servers.

The result? Your ISP — and potentially anyone monitoring your connection — gets a complete list of every website you visit, even though the rest of your traffic is encrypted. This is a DNS leak, and it's one of the most common ways VPN users unknowingly compromise their privacy.

DNS leaks are especially dangerous because they're invisible. You won't notice any change in browsing speed or behavior. The only way to detect them is with a test like this one, which queries multiple independent endpoints and compares the responding IP addresses.

Go Beyond DNS — Test Your Full Privacy

DNS leaks are just one way your identity can be exposed. Run ipdrop's complete suite of privacy tests to understand exactly what the internet sees about you.

IP Lookup — See your public IP address, ISP, location, and network details as they appear to every website you visit.

WebRTC Leak Test — Check if your browser is revealing your real IP address through WebRTC, a protocol that can bypass VPN tunnels.

Browser Fingerprint — Discover how uniquely identifiable your browser is based on fonts, GPU, screen resolution, and dozens of other attributes.

Speed Test — Measure your connection speed to see how much overhead your VPN adds and whether your provider is throttling you.

How to Fix DNS Leaks

If your DNS leak test reveals a leak, don't panic — most leaks are caused by misconfigured settings that are straightforward to fix. Below are step-by-step instructions for each major platform. Always re-run the DNS leak test after making changes to confirm the fix worked.

Windows

1. Open Settings > Network & Internet > Advanced network settings > Change adapter options. 2. Right-click your active network adapter and select Properties. 3. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties. 4. Select "Use the following DNS server addresses" and enter a privacy-focused DNS like 1.1.1.1 (Cloudflare) or 9.9.9.9 (Quad9). 5. Repeat for IPv6 — or disable IPv6 entirely if your VPN doesn't support it. 6. Open Command Prompt as administrator and run: ipconfig /flushdns. 7. Reconnect your VPN and re-run the DNS leak test. Windows is especially prone to DNS leaks due to its Smart Multi-Homed Name Resolution feature — disable it via Group Policy Editor if leaks persist.

macOS

1. Open System Settings > Network. 2. Select your active connection (Wi-Fi or Ethernet) and click Details. 3. Go to the DNS tab. 4. Remove any existing DNS servers by selecting them and clicking the minus button. 5. Add privacy-focused DNS servers: 1.1.1.1 and 1.0.0.1 (Cloudflare) or 9.9.9.9 and 149.112.112.112 (Quad9). 6. Click OK, then Apply. 7. Open Terminal and run: sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder. 8. Reconnect your VPN and re-run the DNS leak test. If leaks persist, check if your VPN app has a "DNS leak protection" toggle — enable it to force all DNS queries through the VPN tunnel.

Linux

1. Check your current DNS configuration: cat /etc/resolv.conf. 2. If using systemd-resolved (most modern distros), edit /etc/systemd/resolved.conf and set DNS=1.1.1.1 and FallbackDNS=9.9.9.9. 3. Restart the service: sudo systemctl restart systemd-resolved. 4. If using NetworkManager, edit your connection: nmcli con mod "Your Connection" ipv4.dns "1.1.1.1 9.9.9.9" and nmcli con mod "Your Connection" ipv4.ignore-auto-dns yes. 5. To prevent DNS leaks with OpenVPN, add these lines to your .ovpn config file: script-security 2 and up /etc/openvpn/update-resolv-conf and down /etc/openvpn/update-resolv-conf. 6. Reconnect your VPN and re-test.

Router Level

1. Log in to your router's admin panel (typically 192.168.1.1 or 192.168.0.1). 2. Navigate to WAN or Internet settings and find the DNS configuration section. 3. Change from "Obtain DNS automatically" to manual. 4. Enter privacy-focused DNS servers: Primary 1.1.1.1, Secondary 1.0.0.1 (Cloudflare) or 9.9.9.9 / 149.112.112.112 (Quad9). 5. Save and reboot the router. This protects every device on your network. For maximum protection, configure your VPN at the router level — this ensures all traffic, including DNS, is encrypted before it leaves your network.

Frequently Asked Questions

All tests run from your browser. No data is stored or sent to our servers.

Privacy Tools

WebRTC Leak Test

Fingerprint

Speed Test

What Is a VPN?

Proton VPN