What Is a DNS Leak?
When you use a VPN, all your internet traffic should route through the VPN's encrypted tunnel — including DNS queries. A DNS leak occurs when these queries bypass the VPN tunnel and go directly to your ISP's DNS server instead.
The result: your ISP can see every domain you visit even though your traffic appears encrypted. Test right now: DNS Leak Test →
How DNS Works
Every time you visit a website your browser looks up the IP address for that domain. By default your device sends these queries to your ISP's DNS server — logging every site you visit. A VPN should route DNS queries through its own servers. When it fails to do this, you have a DNS leak.
What Causes DNS Leaks?
- VPN misconfiguration — The VPN failed to override your system DNS settings
- IPv6 bypass — VPN handles IPv4 but your IPv6 DNS remains exposed
- Windows Smart Multi-Homed Name Resolution — Sends DNS queries to all available servers simultaneously
- VPN reconnect gap — Brief moment when DNS reverts to ISP during reconnection
How to Test for a DNS Leak
Use our DNS Leak Test with your VPN active. A clean result shows DNS servers belonging to your VPN provider or a trusted public resolver. A leaked result shows servers belonging to your ISP.
How to Fix a DNS Leak
Fix 1: Use a VPN With Built-In DNS Leak Protection
The easiest fix. Mullvad and ProtonVPN include automatic DNS leak protection. See our recommended VPNs.
Fix 2: Change Your DNS Server
- Cloudflare — 1.1.1.1 and 1.0.0.1
- Google — 8.8.8.8 and 8.8.4.4
- Quad9 — 9.9.9.9 (also blocks malware domains)
Fix 3: Disable IPv6 on Windows
Network Adapter Settings → right-click your adapter → Properties → uncheck Internet Protocol Version 6 (TCP/IPv6).
Also Check These
- WebRTC Leak Test — VPNs can also leak your real IP through WebRTC
- What Is My IP — Confirm your VPN IP is showing, not your real IP
- IP Blacklist Checker — Check if your IP is on spam blacklists
