DNS Leak Test — Check If Your VPN Is Actually Protecting Your Privacy

Security views

What Is a DNS Leak?

When using a VPN, all network requests — including DNS queries — should route through the VPN tunnel and use the VPN provider's DNS servers.

A DNS leak occurs when DNS queries bypass the VPN tunnel and go directly to your ISP's DNS servers instead. Consequences:

  • Your ISP can see every website you visit — even with VPN active
  • Your true location may be inferred from your ISP's DNS server geography
  • Websites can determine your real DNS resolver origin

Why Does DNS Leaking Happen?

  • OS DNS caching: Windows and macOS cache DNS settings that may persist after VPN connects
  • IPv6 leaks: Many VPNs only tunnel IPv4 — IPv6 DNS queries travel outside the tunnel
  • VPN misconfiguration: VPN client not configured to force all DNS traffic through the tunnel
  • Smart Multi-Homed Name Resolution: Windows sends DNS queries to all configured resolvers simultaneously — some bypass VPN
  • Browser DoH: Chrome and Firefox's DNS-over-HTTPS can bypass system DNS settings

How to Test for DNS Leaks

Use tool.tl's DNS leak test:

  1. Go to tool.tl/dns-leak-test with your VPN connected
  2. Click to run the test
  3. The tool shows which DNS servers your device is actually using
  4. If you see your ISP's DNS servers: you have a DNS leak
  5. If you see only your VPN provider's DNS servers: you're protected

How to Fix DNS Leaks

  • Use a VPN with built-in DNS leak protection: Quality VPN clients (Mullvad, ProtonVPN, ExpressVPN) force all DNS queries through the tunnel by default
  • Manually set DNS servers: Change your system DNS to a privacy-respecting provider: Cloudflare (1.1.1.1) or Google (8.8.8.8)
  • Enable DNS-over-HTTPS: DoH encrypts DNS queries, preventing ISP interception even if they bypass the VPN
  • Disable IPv6: If your VPN doesn't support IPv6, temporarily disabling it prevents IPv6 DNS leaks

DNS Leak vs WebRTC Leak

VPN users should check for both types of leaks:

  • DNS leak: Reveals which websites you visit by exposing your DNS queries to your ISP
  • WebRTC leak: Browser's WebRTC protocol may expose your real IP address despite the VPN

Check both with tool.tl's WebRTC leak test.

Frequently Asked Questions

The test shows my ISP DNS while VPN is on — what do I do?

Your VPN has a DNS leak. Fix options: (1) Enable DNS leak protection in your VPN settings; (2) Manually set system DNS to 1.1.1.1 or 8.8.8.8; (3) Switch to a VPN provider with reliable DNS leak protection built in.

Is there value in testing without a VPN?

Yes — it shows your current DNS resolver (usually your ISP's by default). If you want better privacy without a VPN, switching to Cloudflare's 1.1.1.1 (privacy-first, fast) is a simple improvement.

Is the test free?

Yes — tool.tl's DNS leak test is completely free, no account required, instant results.