DNS Leak Test
Check which DNS resolvers your device actually uses. If you are on a VPN and your ISP's resolvers still appear, your DNS is leaking outside the tunnel.
United States, Columbus
Amazon Web Services
What is a DNS Leak?
Every time you visit a website, your device sends a DNS query to translate the domain (e.g. google.com) into an IP address. When you use a VPN, those queries should travel through the VPN tunnel to the VPN provider's DNS servers, not to your ISP's servers.
A DNS leak happens when DNS queries bypass the VPN tunnel and reach your ISP's resolvers (or another unintended server). This reveals the websites you visit to your ISP, even though your main traffic is encrypted.
Common causes
- OS-level DNS bypass - Windows "Smart Multi-Homed Name Resolution" sends queries to all available resolvers simultaneously.
- VPN misconfiguration - Some VPNs don't push custom DNS settings, leaving the OS DNS unchanged.
- IPv6 tunnel gap - VPN handles IPv4 but leaves IPv6 unprotected, leaking queries on the IPv6 path.
- Transparent DNS proxies - Some ISPs intercept port 53 traffic and redirect it to their own servers regardless of VPN.
How this test works
We generate a set of unique subdomains under leak.IPWhois.net. Your browser loads tiny images from those subdomains, triggering real DNS queries from your system. Our nameserver logs which resolvers queried each subdomain - those are the DNS servers your device actually used.
How to fix a DNS leak
- Use a VPN that explicitly pushes DNS settings and blocks non-VPN DNS traffic.
- Configure your OS to use encrypted DNS (DNS-over-HTTPS or DNS-over-TLS) pointing to a privacy-respecting resolver like
1.1.1.1or9.9.9.9. - On Windows, disable Smart Multi-Homed Name Resolution via Group Policy.
- If using a router VPN, set the router's DNS to your VPN provider's servers.