DNS Leak Test
Check if your DNS requests are secure. This tool detects your public IP address, identifies your ISP, tests which DNS resolvers respond to your queries, and determines whether your DNS configuration might be leaking information outside your VPN or custom DNS setup.
How Does the DNS Leak Test Work?
The DNS Leak Test is a free browser-based diagnostic tool that analyzes your DNS configuration to determine whether your DNS requests might be exposing your browsing activity. DNS (Domain Name System) is the internet's address book that translates human-readable domain names like example.com into IP addresses that computers use to communicate. Every time you visit a website, your device sends a DNS query to a resolver, and whoever operates that resolver can see which websites you are trying to visit.
When you click the test button, the tool performs several checks simultaneously. First, it fetches your public IP address and ISP information from a geolocation API. This tells you what IP address the outside world sees when you connect to the internet, and which Internet Service Provider is handling your connection. If you are using a VPN, this should show your VPN provider's IP address rather than your actual ISP.
Next, the tool sends DNS resolution requests to multiple well-known DNS-over-HTTPS (DoH) providers including Cloudflare DNS and Google DNS. By testing whether these resolvers respond to your queries, the tool can determine which DNS infrastructure is accessible from your network. The response patterns help identify whether you are using your ISP's default DNS, a custom DNS service like Cloudflare (1.1.1.1) or Google (8.8.8.8), or whether your DNS is being routed through a VPN tunnel.
The tool then compares your IP address and ISP information with the DNS resolver data to assess potential leaks. If your IP belongs to a VPN provider but your DNS resolves through your actual ISP, that indicates a DNS leak — your VPN is encrypting your traffic but your DNS queries are still going through your ISP, allowing them to see which websites you visit. Conversely, if your DNS resolver does not match your ISP, it suggests you are using custom DNS or a VPN that properly routes DNS queries.
What Is a DNS Leak?
A DNS leak occurs when your DNS queries are sent outside your encrypted VPN tunnel, typically to your ISP's default DNS servers. Even though your actual internet traffic is encrypted and routed through the VPN, the DNS queries reveal which domain names you are accessing. This means your ISP can log which websites you visit, potentially undermining the privacy benefits of using a VPN. DNS leaks can happen due to misconfigured VPN software, operating system DNS settings that override the VPN, split-tunneling configurations, or WebRTC leaks.
Why DNS Privacy Matters
Your DNS queries create a detailed log of every website you visit, every service you use, and every app that connects to the internet. Without DNS encryption, these queries travel in plain text and can be read by anyone on the network path between your device and the DNS resolver, including your ISP, network administrators, and potentially malicious actors on public WiFi networks. Using encrypted DNS protocols like DNS-over-HTTPS (DoH) or DNS-over-TLS (DoT) prevents this eavesdropping. Many modern browsers now support DoH and can automatically encrypt DNS queries.
How to Fix DNS Leaks
If the test indicates a potential DNS leak, there are several steps you can take. Enable your VPN's built-in DNS leak protection feature, which most reputable VPN providers offer. Configure your operating system to use your VPN's DNS servers rather than your ISP's default servers. Disable IPv6 if your VPN does not support it, as IPv6 traffic might bypass the VPN tunnel. Use a DNS-over-HTTPS provider like Cloudflare or Google in your browser settings for an additional layer of DNS encryption. For comprehensive network security scanning on mobile devices, consider using the DeviceGPT app which provides deeper analysis.