Home/DNS Leak Test

DNS leak test & secure-DNS check

A DNS leak sends your domain lookups to your ISP even while a VPN protects everything else — revealing every site you visit. Check your browser's DNS posture below and learn how to plug leaks.

Your public IP & ISP
 
DNS-over-HTTPS reachable from your browser
Checking…
Cloudflare & Google secure resolvers
Running checks…

Why a browser can't fully test a DNS leak

A complete DNS-leak test needs servers under many different resolver IPs to see which resolver your request arrives from. That's server-side work no web page can do alone, so be wary of any single-click "you're safe" badge. What a browser can do honestly is check whether your environment supports encrypted DNS — the real fix for leaks — which is what the check above does.

For a definitive multi-server DNS leak test, also run a dedicated service after connecting your VPN, and compare the resolver locations it reports against your VPN's country.

What is a DNS leak?

Every time you visit a site, your device asks a DNS resolver to translate the domain into an IP address. If that query goes to your ISP's resolver instead of through your VPN tunnel, your ISP — and anyone watching it — sees a timestamped list of every domain you load, even though the page content is encrypted. That's a DNS leak.

How to stop DNS leaks

  • Use a VPN that runs its own DNS and forces all queries through the tunnel.
  • Enable encrypted DNS (DoH/DoT) in your browser or OS — in Chrome: Settings → Privacy → Use secure DNS; in Firefox: Settings → Privacy → DNS over HTTPS.
  • Point your system at a privacy resolver such as Cloudflare (1.1.1.1) or Quad9 (9.9.9.9).
  • Disable IPv6 if your VPN doesn't tunnel it, to avoid IPv6 DNS slipping out.

Read the deep-dive: Understanding DNS leaks and how to prevent them.

Frequently Asked Questions

What's the difference between a DNS leak and a WebRTC leak?

A DNS leak exposes which domains you look up via an unprotected resolver. A WebRTC leak exposes your IP address directly through the browser. Both can undermine a VPN; test for both.

Does enabling secure DNS hide my browsing from my ISP?

It encrypts the DNS lookup so your ISP can't read or tamper with it. They can still see the IPs you connect to, so it's one layer — combine it with a VPN for full coverage.

My browser supports DoH but I'm still leaking — why?

Apps and your OS may bypass the browser's resolver. Configure encrypted DNS at the operating-system level, or let your VPN handle all DNS, to close those gaps.

Also check for WebRTC leaks

DNS isn't the only way a VPN can leak. Verify your IP isn't exposed through WebRTC.

Run WebRTC Leak Test