DNS Leak Test
DNS resolver reachability check — a full leak test is in development
Honest disclaimer: this tool currently tests whether your browser can reach public DNS-over-HTTPS resolvers (Cloudflare, Google). It CANNOT determine which DNS resolver your system actually uses, so it cannot detect or rule out a DNS leak. A real leak test needs wildcard-subdomain infrastructure, which is planned.
Frequently Asked Questions
What is a DNS leak?
A DNS leak occurs when your DNS queries are sent outside of your VPN tunnel, typically to your ISP's DNS servers instead of your VPN provider's servers. This exposes your browsing activity to your ISP or other third parties even though you think you're protected by a VPN. DNS leaks are one of the most common privacy vulnerabilities for VPN users.
How do I fix a DNS leak?
To fix a DNS leak: enable your VPN's built-in DNS leak protection, manually configure your system to use secure DNS servers like 1.1.1.1 (Cloudflare) or 9.9.9.9 (Quad9), use DNS over HTTPS (DoH) or DNS over TLS (DoT) in your browser settings, disable WebRTC in your browser, and make sure your VPN client is properly configured to route all DNS traffic through the tunnel.
Does my VPN have a DNS leak?
You can check for DNS leaks by running this test while connected to your VPN. If the detected DNS servers belong to your ISP instead of your VPN provider, you have a DNS leak. A properly configured VPN should route all DNS queries through its own servers, so you should only see your VPN provider's DNS servers in the results.