DNS leak test

DNS translates domain names (e.g. netflix.com) into IP addresses. If your DNS queries escape the VPN tunnel, your ISP can see every site you visit, even with the VPN active.

⏳ Detecting…

How to interpret the result

Our tool detects your public IP and compares it with the DNS resolution performed. For a thorough test (with dozens of queries to dedicated resolvers), we also recommend:

A DNS leak is confirmed if the detected resolvers belong to your ISP (Comcast, BT, Free, Orange…) and not to your VPN.

How do I fix a DNS leak?

Option 1 — Use a VPN with its own DNS resolvers:

Option 2 — Force a secure public DNS at the system level:

Why is a DNS leak a problem?

When you type netflix.com, your computer sends a DNS query to obtain Netflix's IP. That query contains the name of the site you want to visit. If it goes outside the VPN tunnel, your ISP sees that query — and thus every site you visit.

Result: even if all your browsing content is encrypted by the VPN, your ISP can build a list of every site you visit. It's one of the most common and most invisible leaks.

Related tools