DNS Leak Test: What It Is and How to Run One for Free

Most people who use a VPN focus on one thing: hiding their IP address. They check that their visible IP has changed, see it has, and assume everything is fine. But there is another type of leak that most VPN users never check for, and it can expose everything they do online without changing their visible IP one bit. It is called a DNS leak, and a simple free test can tell you whether you have one right now.

What Is DNS in Plain Terms?

When you type a website address into your browser, your device needs to find the actual server that hosts that site. It does this by sending a request to a DNS server, which works like a directory that converts names into addresses. Without DNS, your device would not know where to send your request.

By default, your device uses the DNS servers provided by your internet provider. That means every website you visit generates a lookup request that goes to your provider. Your provider keeps a record of those lookups. They can see a detailed log of every site you visit just from this alone, even if they cannot read the actual content of your visits.

What Is a DNS Leak?

When you use a VPN, those DNS lookups should go through the VPN's own servers, hidden inside the encrypted tunnel. A DNS leak is what happens when those lookups bypass the tunnel and go to your internet provider's servers instead. Your IP address looks hidden. Your traffic looks encrypted. But your provider still gets a full list of every website you visit.

The worst part is that nothing looks wrong. Your VPN app shows connected. Your IP test passes. Everything seems fine. But your provider is quietly logging your entire browsing history on the other side.

How to Run a DNS Leak Test

You have two options. The fastest is to use our VPN checker on the homepage. It automatically checks your DNS provider alongside everything else. If your internet provider's name appears in the results while your VPN is connected, you have a DNS leak.

For a more detailed breakdown of exactly which DNS servers are being used, visit a dedicated DNS leak testing site and run their extended test. This sends a larger number of test queries and is more likely to catch occasional or intermittent DNS leaks that only happen some of the time.

How to Read DNS Leak Test Results

After running a DNS test, you will see a list of DNS servers that answered your lookups. Here is how to interpret what you see:

• Good result: All servers listed belong to your VPN provider or a neutral privacy-focused service. You will often see names that include the VPN company's name or generic data centre names.
• Bad result: One or more servers belong to your home internet provider. You will recognise their name in the server list. Any result showing your provider means DNS lookups are escaping the VPN tunnel.
• Mixed result: Some servers belong to your VPN and some belong to your provider. This indicates an intermittent leak, which can be just as damaging as a full leak over time.

Why Do DNS Leaks Happen?

DNS leaks have several causes. The most common is that the VPN app does not override your operating system's DNS settings when it connects. Your device keeps using the DNS servers it had before the VPN started.

On Windows specifically, a feature called Smart Multi-Homed Name Resolution can send DNS requests to multiple interfaces at once, including your regular internet connection. This feature is meant to make browsing faster, but it bypasses VPN DNS protection completely.

DNS leaks also happen during brief VPN disconnections. When a VPN drops and reconnects, there is a gap where your device reverts to its default DNS settings. Without a kill switch enabled, both your traffic and your DNS lookups are exposed during that gap.

How to Fix a DNS Leak

Option 1: Enable DNS Leak Protection in Your VPN App

Most reputable VPN providers include a DNS leak protection setting. Open your VPN app, go to settings, and look for options labelled DNS leak protection, private DNS, or custom DNS. Turn it on. This forces all DNS requests through the VPN's own servers.

Option 2: Set a Custom DNS Server

You can manually tell your device to use a specific DNS server that is not your internet provider. Privacy-focused options include Cloudflare at 1.1.1.1 and Quad9 at 9.9.9.9. This does not fully solve a VPN tunnel leak, but it ensures DNS requests at least do not go to your broadband provider even if they briefly escape the tunnel.

Option 3: Disable IPv6 if Your VPN Does Not Support It

If your network uses IPv6 addresses and your VPN only handles IPv4, your IPv6 DNS requests can leak outside the tunnel. Disabling IPv6 on your network adapter removes this risk. This is done in your operating system's network settings.

Option 4: Switch to a VPN That Handles DNS Properly

If you have tried the above and still see your internet provider's servers in the results, the VPN itself may have a structural problem with how it handles DNS. The VPNs we recommend below all have strong DNS leak protection built into their apps.

How Often Should You Test?

Run a DNS leak test whenever you update your VPN app, switch to a new network, connect to a VPN for something important, or notice that websites seem to know your real location. It takes under a minute and gives you real confidence that your browsing history stays private.

Recommended VPN Providers

Affiliate Disclosure: We may earn a commission from these links at no cost to you.