DNS leak test

DNS translates domain names (e.g. netflix.com) into IP addresses. If your DNS queries escape the VPN tunnel, your ISP can see every site you visit, even with the VPN active.

How to interpret the result

Our tool detects your public IP and compares it with the DNS resolution performed. For a thorough test (with dozens of queries to dedicated resolvers), we also recommend:

• dnsleaktest.com — the reference test (Extended Test)
• browserleaks.com/dns — comprehensive alternative

A DNS leak is confirmed if the detected resolvers belong to your ISP (Comcast, BT, Free, Orange…) and not to your VPN.

How do I fix a DNS leak?

Option 1 — Use a VPN with its own DNS resolvers:

• NordVPN — private DNS enabled by default
• ExpressVPN — encrypted DNS on every server
• Proton VPN — built-in secure DNS
• Mullvad — RAM-only DNS on every server
• PIA — encrypted DNS + MACE (DNS-level ad blocker)

Option 2 — Force a secure public DNS at the system level:

• Cloudflare: 1.1.1.1 and 1.0.0.1 (fastest, no-log)
• Quad9: 9.9.9.9 (filters malicious domains)
• NextDNS: configurable (free up to 300k queries/month)
• Configure them in your network adapter (Windows / macOS / Linux) or directly on your router to cover all devices.

Why is a DNS leak a problem?

When you type netflix.com, your computer sends a DNS query to obtain Netflix's IP. That query contains the name of the site you want to visit. If it goes outside the VPN tunnel, your ISP sees that query — and thus every site you visit.

Result: even if all your browsing content is encrypted by the VPN, your ISP can build a list of every site you visit. It's one of the most common and most invisible leaks.

Related tools

• What is my IP? — detect your public IP
• WebRTC leak test — check your real IP isn't exposed
• IPv6 leak test — check no IPv6 bypasses the VPN