What is a DNS leak and why is it a privacy risk?

A DNS leak occurs when your DNS queries are sent to your ISP's DNS servers instead of your VPN provider's servers, even when you are connected to a VPN. This means your ISP can see every domain name you look up, revealing your browsing activity despite the VPN being active.

How does the DNS leak test work?

The test sends a series of DNS queries to unique subdomains on our test server and checks which DNS resolvers respond. If resolvers belonging to your ISP appear in the results while you are using a VPN, your VPN has a DNS leak.

My VPN is on but the test shows my ISP's DNS — what should I do?

First, disconnect and reconnect your VPN. If the leak persists, check your VPN client settings for a DNS leak protection or kill switch option and enable it. You can also manually configure your system to use your VPN provider's DNS servers rather than your router's default.

Privacy Tool

DNS Leak Test

Check which DNS servers your browser is using and whether your VPN is properly routing DNS requests. A DNS leak means your ISP can see every website you visit — even when using a VPN.

Your Connection — Live Results

DNS leak test runs automatically. Results appear below in real time.

Your IP Address

127.0.0.1

Detected via HTTP

DNS Servers Detected

Testing…

Via DNS leak test

ISP / Provider

Detecting…

—

DNS Servers in Use

Checking…

Running DNS leak test…

This may take a few seconds

🔍 What is a DNS leak?

When your DNS queries bypass your VPN tunnel and go directly to your ISP's DNS servers, your ISP can log every website you visit — even if you use a VPN.

🌐 How DNS works

Every time you visit a website, your browser asks a DNS server to translate the domain name (google.com) to an IP address. This lookup reveals your browsing.

⚠️ Why it matters

DNS leaks expose your real location and browsing habits to your ISP — even when you think you're protected by a VPN. Some VPNs have poor DNS leak protection.

🛡️ How to fix it

Use a VPN with built-in DNS leak protection, or manually set your DNS to 1.1.1.1 (Cloudflare), 9.9.9.9 (Quad9), or 8.8.8.8 (Google). Enable DNS over HTTPS in your browser.

🛡️ Privacy-Friendly DNS Servers — Recommended

Cloudflare

1.1.1.1 / 1.0.0.1

Fastest public DNS — privacy-first, no logging

USA

Quad9

9.9.9.9 / 149.112.112.112

Malware blocking + privacy — DNSSEC

Switzerland

NextDNS

Customizable

Ad blocking + logging controls — free tier

Global

AdGuard DNS

94.140.14.14

Ad & tracker blocking via DNS

Russia/EU

OpenDNS

208.67.222.222

Family filter option, Cisco owned

USA

Google Public DNS

8.8.8.8 / 8.8.4.4

Fast and reliable — Google has some logging

USA

Frequently Asked Questions

What is a DNS leak?

A DNS leak occurs when your DNS requests (domain name lookups) are sent outside your VPN tunnel — typically to your ISP's default DNS servers. This lets your ISP see every website you visit even if you think you're protected by a VPN.

My VPN is on — why am I still leaking?

Some VPN clients don't properly configure the system to use the VPN's DNS servers. Windows Split Tunneling, Smart Multi-Homed Name Resolution, and incorrect routing tables can all cause DNS requests to bypass the VPN tunnel.

What does it mean if I see multiple DNS servers?

Seeing multiple DNS servers is normal — your device may query several. The concern is whether those DNS servers are controlled by your ISP (leak) or by a privacy-focused provider (good).

How do I fix a DNS leak on Windows?

Go to Network Settings → Change Adapter Options → Right-click your VPN adapter → Properties → Internet Protocol Version 4 → Use these DNS servers → Enter 1.1.1.1 and 1.0.0.1. Also disable Smart Multi-Homed Name Resolution in Group Policy.

Does DNS over HTTPS prevent leaks?

DNS over HTTPS (DoH) encrypts your DNS queries and sends them to a specific provider over HTTPS, preventing ISP interception. Enable it in Chrome (Settings → Privacy → Security → Use secure DNS) or Firefox (Settings → Network Settings → DNS over HTTPS).

Is my ISP DNS always a leak risk?

Your ISP DNS being used is only a risk if you intended to use a VPN or different DNS provider. If you're not using a VPN, seeing your ISP's DNS is normal and expected.