A DNS leak test checks whether your Internet traffic is sending DNS queries (domain name lookups) outside of your intended DNS server—usually your VPN, proxy, or secure DNS provider.
When a DNS leak occurs, your device continues to use your ISP's DNS instead of your private or encrypted one, allowing your browsing activity to be logged, tracked, or censored.
Try it now: run a live DNS Leak Test using our DNS detection tool to see which resolver your traffic uses.
When you connect to a VPN or proxy, all your Internet requests should be securely tunneled—including DNS lookups. If your operating system or app continues to resolve domain names via your ISP's DNS, this is called a DNS leak.
You connect to a VPN in Germany.
You visit a website.
Instead of your VPN's DNS, your computer queries your ISP's DNS in Turkey.
→ Your ISP can still see which domains you visit.
Related entities: DNS Resolver, ISP, VPN, Proxy Server, DNS Request, Encryption, Privacy Leak.
A DNS leak test identifies the DNS resolvers that are actually processing your DNS queries.
The tool loads a series of domain names with unique identifiers.
It checks which DNS servers resolved those names.
If the IPs belong to your VPN provider → safe.
If they belong to your ISP → leak detected.
Related entities: DNS Resolver IP, VPN Tunnel, DNS Query, Anycast Routing, DNS over HTTPS (DoH), DNS over TLS (DoT).
DNS leaks can compromise your:
ISPs or third parties can see your browsing activity.
DNS requests reveal your real geographic location.
Attackers can intercept unencrypted DNS traffic.
Some websites may be blocked or filtered via ISP DNS.
Even with a VPN, a DNS leak means your online identity isn't fully protected.
| Cause | Description |
|---|---|
| VPN Misconfiguration | The VPN doesn't enforce DNS routing. |
| IPv6 Queries | VPN only routes IPv4, leaving IPv6 DNS exposed. |
| Smart Multi-homed Name Resolution (Windows) | Windows queries all available network adapters. |
| Manual DNS Settings | User-configured DNS overrides VPN settings. |
| Transparent DNS Proxy | Some ISPs intercept DNS traffic forcibly. |
| Public Wi-Fi Gateways | Network hijacks DNS for captive portals. |
Disconnect from your VPN → note your original IP and DNS via DNS Lookup Tool.
Connect to your VPN.
Visit a DNS Leak Test tool (like dnslookup.pro).
Start the test — the tool resolves multiple hostnames.
Compare results:
✅ If DNS IP = your VPN provider → Safe
⚠️ If DNS IP = your ISP → Leak detected
You can also test manually:
nslookup example.com
Look at the Server and Address values — it shows which DNS server is used.
| Fix | Description |
|---|---|
| Enable VPN DNS Protection | Use VPNs that provide their own DNS servers. |
| Use Encrypted DNS (DoH / DoT) | Secure queries from interception. |
| Disable IPv6 | Prevent dual-stack leaks if your VPN doesn't support it. |
| Manually Set Trusted DNS | Configure Cloudflare (1.1.1.1) or Quad9 (9.9.9.9). |
| Turn Off Smart Multi-homed Resolution (Windows) | Prevent simultaneous DNS queries. |
| Flush DNS Cache | Clear outdated entries using Flush DNS Guide. |
| Provider | IPv4 | IPv6 | Features |
|---|---|---|---|
| Cloudflare | 1.1.1.1 / 1.0.0.1 |
2606:4700:4700::1111 |
Fast, privacy-first |
| Quad9 | 9.9.9.9 / 149.112.112.112 |
2620:fe::fe |
Security filtering |
| Google DNS | 8.8.8.8 / 8.8.4.4 |
2001:4860:4860::8888 |
Global reliability |
| AdGuard DNS | 94.140.14.14 / 94.140.15.15 |
2a10:50c0::ad1:ff |
Blocks ads & trackers |
See DNS Server List for more secure options.
| VPN Behavior | DNS Routing | Example Providers |
|---|---|---|
| Private DNS Servers | Routes all queries internally | NordVPN, ProtonVPN |
| Split Tunneling | Some apps bypass VPN DNS | Windows built-in VPN |
| DoH / DoT Forwarding | Encrypts all DNS traffic | Cloudflare WARP, NextDNS |
Tip: Always choose VPNs that support DNS Leak Protection or Secure DNS over TLS.
Modern browsers support secure DNS settings independent of system DNS.
chrome://settings/security or edge://settings/privacy.about:preferences#general.After changing settings, re-run your DNS Leak Test to confirm.
dig +short whoami.akamai.net @resolver1.opendns.com
If the returned IP = your VPN IP → no leak.
nslookup myip.opendns.com resolver1.opendns.com
scutil --dns | grep nameserver
It means your DNS queries are going through your ISP instead of your VPN or secure DNS.
Use an online DNS Leak Test tool or run nslookup to see which DNS server resolves queries.
Yes — they reveal your ISP's DNS IP, which identifies your country or city.
Yes, DoH encrypts DNS requests so ISPs or attackers can't intercept them.
Yes, by using a VPN with DNS leak protection, enabling DoH/DoT, disabling IPv6 if needed, and manually configuring trusted DNS servers.
Check if your VPN or network is leaking DNS requests. Test now to ensure your privacy is protected.
We may log anonymized request data for diagnostics. Read our Privacy Policy.
© 2025 DNS Lookup. All rights reserved. Proudly Hosted on MonoVM VPS Hosting
We use HTTPS, HSTS, and regular security reviews. Report issues at [email protected]
If you believe a tool is being misused, report it at [email protected]