A DNS leak occurs when your DNS queries bypass your VPN tunnel and go directly to your ISP's DNS servers, exposing which websites you visit even while connected to a VPN.

Why does my VPN have a DNS leak?

Common causes include: your OS using ISP DNS servers by default, IPv6 traffic not being routed through the VPN, misconfigured VPN settings, or your VPN not forcing DNS through its tunnel.

How do I fix a DNS leak?

Force your VPN to use its own DNS servers, disable IPv6 if your VPN doesn't support it, enable the VPN's kill switch feature, or manually configure your system to use privacy-focused DNS like 1.1.1.1 or 9.9.9.9.

Can I run a DNS leak test on mobile?

Yes, this DNS leak test works on both desktop and mobile browsers. Simply visit this page on your phone or tablet while connected to your VPN and click Run DNS Leak Test.

What DNS servers should I see if my VPN is working?

If your VPN is working correctly, you should see DNS servers owned by your VPN provider or privacy-focused DNS services-not your ISP's DNS servers.

DNS Leak Test: What It Is & How to Fix Leaks (Fast Guide)

Your IP Address

216.73.216.119

Takes about 10-15 seconds

Checking...

Detected DNS Resolvers

What This Means

DNS Leak: When your DNS queries go to a server outside your VPN tunnel, exposing which websites you visit to your ISP or other third parties.

Privacy DNS: Services like Cloudflare (1.1.1.1) or Quad9 that don't log your queries and provide encrypted DNS.

ISP Resolver: Your Internet Service Provider's DNS server, which can see and log all your DNS queries.

Disclaimer: DNS leak tests aren't perfect. Results can vary based on VPN settings, browser behavior, and network configuration. If you see unexpected results, try clearing your browser cache and running the test again.

Debug Console

Waiting for test to start...

No data yet

How This Test Works

We generate unique hostnames under our test domain (leak.zend2.com)
Your browser makes requests to these hostnames, triggering DNS lookups
Our authoritative DNS server logs which resolvers query for these hostnames
We analyze the resolver IPs to identify who handles your DNS queries
If we see ISP resolvers when you're on a VPN, that indicates a DNS leak

What is DNS and Why Does It Matter?

DNS (Domain Name System) is often called the "phonebook of the internet." When you type a website address like google.com, your device needs to find the actual IP address of that server. It does this by asking a DNS resolver-and that query reveals exactly which website you're trying to visit.

Here's the privacy problem: by default, your DNS queries go to your Internet Service Provider. This means your ISP maintains a complete log of every website you visit, even if you're using HTTPS encryption. They can see you visited netflix.com or reddit.com, even if they can't see what you watched or read.

How DNS leaks happen

When you connect to a VPN, all your internet traffic should flow through an encrypted tunnel to the VPN server. A properly configured VPN also routes your DNS queries through this tunnel, typically using the VPN provider's own DNS servers.

A DNS leak occurs when some or all of your DNS queries bypass this tunnel and go directly to another DNS server-usually your ISP's. This can happen for several reasons:

Operating system behavior - Windows, in particular, may send DNS queries outside the VPN tunnel as a "fallback"
IPv6 traffic - If your VPN only handles IPv4, DNS queries over IPv6 might leak
Smart Multi-Homed Name Resolution - A Windows feature that queries multiple DNS servers simultaneously
Misconfigured VPN - Some VPNs don't force DNS through the tunnel by default
Browser DNS settings - Browsers like Firefox can use their own DNS (DoH) independent of system settings

Why DNS Leaks Are a Privacy Risk

You might think: "I'm using a VPN, so I'm protected." But if your DNS is leaking, you're giving away a significant amount of information:

Your ISP sees your browsing

Every website you visit is logged by your ISP through DNS queries, even with a VPN active.

Location exposure

DNS queries to your ISP reveal your real geographic location, defeating VPN geo-spoofing.

Data retention

In many countries, ISPs are required to store DNS logs for months or years.

False sense of security

You believe you're protected when you're actually exposed-the worst kind of vulnerability.

How to Fix DNS Leaks

If our test detected a DNS leak, here's how to fix it:

1. Enable DNS leak protection in your VPN

Most quality VPNs have a "DNS leak protection" or "Use VPN DNS" setting. Make sure it's enabled. This forces all DNS queries through the VPN tunnel.

2. Disable IPv6 (if your VPN doesn't support it)

Many VPNs still don't fully support IPv6. If yours doesn't, disable IPv6 on your device to prevent leaks through that channel.

3. Use a VPN with a kill switch

A kill switch blocks all internet traffic if the VPN connection drops, preventing DNS queries from leaking during reconnection.

4. Configure privacy-focused DNS manually

As a backup, set your system DNS to a privacy-respecting service:

Cloudflare: 1.1.1.1 and 1.0.0.1
Quad9: 9.9.9.9 and 149.112.112.112
NextDNS: Custom DNS with filtering options

5. Check browser DNS-over-HTTPS settings

Firefox and Chrome can use encrypted DNS independently. While this improves privacy from your ISP, it might bypass your VPN's DNS. Check your browser's network settings to ensure consistency.

DNS Leak FAQ

Technically, "DNS leak" refers specifically to DNS queries escaping a VPN tunnel. Without a VPN, your DNS queries naturally go to your configured DNS server (usually your ISP's). That's not a "leak"-it's just how DNS works. However, you can still improve your privacy by using encrypted DNS services like Cloudflare's 1.1.1.1 with DNS-over-HTTPS.

This is normal. DNS infrastructure is distributed, so your queries might be handled by multiple servers. What matters is who owns those servers:

Good: Multiple servers all belonging to your VPN provider or a privacy DNS service
Bad: A mix of VPN servers and ISP servers (indicates a leak)
Concerning: Only ISP servers when you're supposed to be on a VPN

DoH encrypts your DNS queries, which prevents your ISP from seeing them in transit. However, the DoH provider (like Cloudflare or Google) can still see your queries. If you're using a VPN for privacy, you generally want DNS to go through the VPN tunnel, not to a separate DoH provider. Some VPNs offer their own DoH servers for the best of both worlds.

Good instinct! DNS is just one potential leak. Also check for:

WebRTC leaks - Your browser might expose your real IP through WebRTC
IP address leaks - Verify your VPN is actually masking your IP
IPv6 leaks - Your IPv6 address might be exposed even if IPv4 is protected

Complete Your Privacy Check

DNS leaks are just one way your privacy can be compromised. Run these additional tests:

IP Check Verify your IP is hidden

WebRTC Leak Browser IP exposure

Browser Privacy Fingerprint analysis

VPN Finder Find a leak-free VPN

DNS Leak Test