Check which DNS servers your browser is using and whether your VPN is properly routing DNS requests. A DNS leak means your ISP can see every website you visit — even when using a VPN.
🔒 100% private — this test runs in your browser and queries DNS directly. We don’t log, store, or share your IP or DNS results.
DNS leak test runs automatically. Results appear below in real time.
When your DNS queries bypass your VPN tunnel and go directly to your ISP's DNS servers, your ISP can log every website you visit — even if you use a VPN.
Every time you visit a website, your browser asks a DNS server to translate the domain name (google.com) to an IP address. This lookup reveals your browsing.
DNS leaks expose your real location and browsing habits to your ISP — even when you think you're protected by a VPN. Some VPNs have poor DNS leak protection.
Use a VPN with built-in DNS leak protection, or manually set your DNS to 1.1.1.1 (Cloudflare), 9.9.9.9 (Quad9), or 8.8.8.8 (Google). Enable DNS over HTTPS in your browser.
A DNS leak happens when your device sends DNS queries — the lookups that turn a domain like example.com into an IP address — outside your encrypted VPN tunnel. When that happens, your ISP (or whoever runs the DNS server) can see every website you visit, even though your actual traffic is encrypted. The most common causes are an operating system that ignores the VPN’s DNS settings, a manually configured DNS that overrides the tunnel, or Windows’ "smart multi-homed name resolution" sending queries to every available interface at once.
The test above shows exactly which DNS servers are answering for you right now and who operates them. If you see your ISP’s servers while connected to a VPN, that is a live DNS leak.
To confirm your VPN is routing DNS correctly, test with it connected and watch which servers appear:
IPv6 is a frequent hidden source of DNS leaks. Many VPNs only tunnel IPv4 traffic, so if your network has IPv6 enabled, DNS queries can escape over IPv6 and reveal your real location — even when the IPv4 side looks perfectly protected. If this test flags IPv6 servers you don’t recognise, the safest fixes are to enable your VPN’s IPv6-leak protection, or disable IPv6 on your device until your provider fully supports it.
Switching to a privacy-focused resolver like Cloudflare’s 1.1.1.1 or Quad9’s 9.9.9.9 stops your ISP from seeing your lookups, but it is not a substitute for a proper VPN DNS setup — the query still needs to travel inside the tunnel. After changing your resolver, re-run this test: you should see Cloudflare or Quad9 answering, not your ISP. If your ISP still appears, something on your system is overriding the resolver and needs fixing.