A DNS leak occurs when your device sends DNS queries outside your VPN tunnel, exposing your browsing activity to your ISP or other third parties even when a VPN is active.

What DNS servers should I see if my VPN is working?

If your VPN is working correctly, you should see only DNS servers operated by your VPN provider. If you see DNS servers from your regular ISP, it may indicate a DNS leak.

DNS Leak Test — Check If Your VPN Is Leaking DNS

Results may vary based on your VPN configuration, browser, and network. A detected DNS server does not necessarily indicate a security risk. This tool displays technical data only — it does not diagnose, advise, or make security recommendations.

What is a DNS leak?

When you use a VPN, all your internet traffic — including DNS queries — should travel through the VPN's encrypted tunnel. A DNS leak occurs when your device sends DNS queries outside that tunnel, directly to your ISP's DNS servers instead. This means your ISP can see every domain you visit, even though you believe your VPN is protecting you.

DNS (Domain Name System) is the system that translates website names like "google.com" into IP addresses. Every time you visit a website, your device makes a DNS query. If those queries bypass your VPN, they reveal your browsing activity to whoever operates those DNS servers — typically your Internet Service Provider.

A DNS leak does not affect your browsing speed or appearance. Everything looks normal. The only way to detect it is with a test like this one — which is why many VPN users have leaks without ever knowing.

How to read your results

No DNS leak detected means this test found only DNS servers associated with your VPN provider or a privacy-focused DNS service. Your DNS traffic appears to be routing through your VPN tunnel as expected.

Possible DNS leak detected means this test found DNS servers that appear to belong to an ISP rather than a VPN provider. This may indicate that DNS queries are bypassing your VPN tunnel. It does not necessarily mean your connection is compromised — some VPN configurations route DNS differently by design. Check your VPN's DNS leak protection settings to confirm.

Your IP address shown above is the public IP address visible to websites you visit. If your VPN is active, this should show your VPN's exit IP address rather than your real home IP.

How to fix a DNS leak

Step 1 — Enable DNS leak protection. Most modern VPN apps include a DNS leak protection or "DNS leak fix" setting. Open your VPN application, go to Settings or Preferences, and enable it. This forces all DNS traffic through the VPN tunnel.

Step 2 — Use your VPN's DNS servers. In your network settings, manually set your DNS servers to those provided by your VPN service. This prevents your device from falling back to your ISP's DNS when the VPN connection drops or behaves unexpectedly.

Step 3 — Enable the kill switch. A VPN kill switch blocks all internet traffic if the VPN connection drops unexpectedly, preventing any unprotected DNS queries from reaching your ISP.

Step 4 — Test again. After making changes, run this test again to confirm the leak has been resolved. Repeat until you see only your VPN provider's DNS servers in the results.

Step 5 — Consider switching VPN providers. If your current VPN does not offer DNS leak protection or consistently leaks, consider switching to a provider that handles DNS entirely within its own infrastructure.

What DNS servers should I see?

If your VPN is working correctly, the DNS servers listed in your results should belong to your VPN provider — not to your home ISP. For example, if you use NordVPN, you should see NordVPN's DNS servers. If you use Cloudflare's 1.1.1.1 as your DNS, you should see Cloudflare listed.

Seeing your ISP's DNS servers while connected to a VPN is the most common indicator of a DNS leak. Common ISP DNS providers include BT, Comcast, AT&T, Verizon, Virgin Media, and similar regional providers. If you see these while your VPN is active, your DNS traffic is likely not being routed through your VPN.

Frequently asked questions

What is a DNS leak?

A DNS leak occurs when your device sends DNS queries outside your VPN's encrypted tunnel, directly to your ISP's DNS servers. This exposes the domain names of websites you visit to your ISP, even while your VPN is connected. It is one of the most common VPN privacy failures and often goes unnoticed because browsing appears completely normal.

How do I fix a DNS leak?

The most reliable fix is to enable DNS leak protection in your VPN application's settings. Most major VPN providers — including NordVPN, ExpressVPN, Surfshark, and ProtonVPN — include this option. You can also manually configure your device's DNS settings to use your VPN's DNS servers, or use a privacy-focused public DNS like Cloudflare (1.1.1.1) or Google (8.8.8.8) when not connected to a VPN.

Is my VPN working if DNS is leaking?

Partially. Your browsing traffic is still encrypted by the VPN, so your actual data remains protected. However, your ISP can see which websites you are visiting through the leaked DNS queries. For most privacy use cases, a DNS leak significantly undermines the purpose of using a VPN, since your ISP can reconstruct a complete picture of your browsing activity from DNS records alone.

Why does my VPN have a DNS leak?

DNS leaks typically happen because your operating system is configured to use fallback DNS servers when the primary server is slow or unavailable. If your VPN connection drops briefly or is slow to handle a DNS request, your device may quietly send the query to your ISP's DNS server instead. This can also happen on Windows due to a feature called "smart multi-homed name resolution" which sends DNS queries to multiple servers simultaneously.

How accurate is this DNS leak test?

This test fetches your public IP address and DNS information from third-party APIs and displays what is visible from your browser at the time of the test. Results are informational and reflect your network configuration at the moment of testing. They may not capture all DNS servers your device uses, particularly those contacted at the OS level outside the browser. For a comprehensive security audit, use your VPN provider's official testing tools as well.

What is the difference between a DNS leak and an IP leak?

An IP leak occurs when your real home IP address is visible to websites despite your VPN being active — this is a more serious exposure. A DNS leak occurs when your DNS queries bypass the VPN tunnel and reach your ISP, revealing which domains you visit. Both are VPN privacy failures, but they affect different aspects of your anonymity. This test checks for both: your visible IP address is shown alongside your DNS server information.

Does this tool store my IP address or DNS data?

No. This tool fetches your IP and DNS information from external APIs to display it to you, but does not log, store, or transmit this data to our servers. Your IP address and DNS results are fetched in real time and displayed only in your browser. We do not retain any personally identifiable information from this test.

⚠️ This tool is for informational purposes only. Results are based on data visible from your browser at the time of the test and may not reflect your complete network configuration. A detected DNS server does not necessarily indicate a security vulnerability. This tool does not constitute a security audit and makes no security recommendations. Always consult your VPN provider's documentation for definitive guidance on DNS leak protection.