DNS Leak Test and Fix Guide

📅 Last updated: April 24, 2026 Privacy DNS VPN Security

How to detect and fix DNS leaks on Windows, macOS, and Linux

DNS leak test and fix guide

What Is a DNS Leak?

A DNS leak happens when your device sends DNS requests outside the encrypted tunnel you expected, usually outside your VPN connection.

This means your internet provider or another DNS resolver may still see which domains you visit, even if your web traffic appears protected by a VPN.

In simple terms: your VPN may hide your IP address, but a DNS leak can still reveal the websites you access.

🔍 DNS Leak Test Tool

Check instantly if your DNS requests are leaking outside your VPN:

Run DNS Leak Test →

Why DNS Leaks Are a Problem

DNS leaks reduce the privacy benefits of using a VPN. Even if your IP address changes, leaked DNS requests can reveal your browsing activity.

  • Your ISP may still see the domains you visit
  • Your location or network provider may be exposed
  • Your VPN may not fully protect your privacy
  • Public Wi-Fi networks may observe DNS activity

Common Causes of DNS Leaks

DNS leaks usually happen because your system, browser, or VPN is not routing DNS requests correctly.

  • VPN misconfiguration: DNS traffic is not forced through the VPN tunnel
  • Operating system DNS override: Windows, macOS, or Linux keeps using local DNS settings
  • IPv6 leaks: IPv6 traffic bypasses an IPv4-only VPN tunnel
  • Browser Secure DNS settings: DNS over HTTPS uses a different resolver than your VPN
  • Split tunneling: Some apps or browsers are excluded from the VPN path

How to Check for a DNS Leak

The fastest way to detect a DNS leak is to run an external DNS leak test while your VPN is connected.

  1. Connect to your VPN
  2. Open the DNS leak test tool
  3. Check which DNS servers appear
  4. If you see your ISP DNS servers, you likely have a leak

Run the DNS Leak Test →

Tip: With a VPN connected, the test should show DNS servers from your VPN provider or trusted DNS resolver, not your ISP.

Quick DNS Leak Fixes That Work on Any System

  • Enable DNS leak protection in your VPN app: Look for settings like “DNS leak protection,” “Use VPN DNS,” or “Block outside DNS.”
  • Reconnect your VPN: Disconnect, reconnect, then run the DNS leak test again.
  • Flush your DNS cache: Old cached DNS entries can sometimes cause confusing results.
  • Check split tunneling: Make sure your browser is included in the VPN tunnel.
  • Review IPv6 settings: If your VPN does not support IPv6, IPv6 may leak outside the tunnel.

Fix DNS Leaks on Windows

1. Enable VPN DNS Leak Protection

Open your VPN app and enable any option related to DNS leak protection, kill switch, or forced VPN DNS. Reconnect to the VPN after changing settings.

2. Set Trusted DNS Servers

You can manually set trusted DNS resolvers such as:

  • Cloudflare: 1.1.1.1 and 1.0.0.1
  • Google: 8.8.8.8 and 8.8.4.4

On Windows 10/11:

  1. Open Settings → Network & Internet
  2. Go to Advanced network settings
  3. Open More network adapter options
  4. Right-click your active connection → Properties
  5. Select Internet Protocol Version 4 (TCP/IPv4)
  6. Choose “Use the following DNS server addresses”
  7. Enter your preferred DNS servers
  8. Save, reconnect your network, reconnect the VPN, and test again

3. Flush DNS Cache on Windows

# PowerShell or Command Prompt
ipconfig /flushdns

4. Test Again

Reconnect your VPN and run the test again:

myip.casa/dns-leak-test

Fix DNS Leaks on macOS

1. Use Your VPN DNS Settings

Most macOS VPN apps include settings such as “Use VPN DNS,” “Force all traffic through VPN,” or “DNS leak protection.” Enable them, reconnect, and test again.

2. Set Trusted DNS Servers

  1. Open System Settings
  2. Go to Network
  3. Select your active network
  4. Open Details → DNS
  5. Add trusted DNS servers such as 1.1.1.1 and 1.0.0.1
  6. Apply changes, reconnect Wi-Fi, reconnect your VPN, and test again

3. Flush DNS Cache on macOS

sudo dscacheutil -flushcache
sudo killall -HUP mDNSResponder

4. Test Again

Run the DNS leak test after reconnecting your VPN:

myip.casa/dns-leak-test

Fix DNS Leaks on Linux

1. Check Your Current DNS Resolver

resolvectl status

cat /etc/resolv.conf

This helps you understand which DNS resolver your system currently uses.

2. Set Trusted DNS Servers

The easiest method is usually through your network manager:

  • Open Network Settings
  • Edit your active connection
  • Set DNS servers manually
  • Use trusted resolvers such as 1.1.1.1 and 1.0.0.1
  • Reconnect your network and VPN

If your distribution uses systemd-resolved, you can also use:

# Replace wlan0 with your network interface
sudo resolvectl dns wlan0 1.1.1.1 1.0.0.1
sudo resolvectl flush-caches

3. Flush DNS Cache on Linux

# systemd-resolved
sudo resolvectl flush-caches

# nscd, if installed
sudo service nscd restart

# dnsmasq, if used locally
sudo service dnsmasq restart

4. Test Again

Reconnect your VPN and verify the result:

myip.casa/dns-leak-test

Browser Settings That Can Prevent DNS Leaks

Enable Secure DNS / DNS over HTTPS

Modern browsers can encrypt DNS requests using DNS over HTTPS. This can improve privacy, especially on public Wi-Fi.

  • Chrome, Edge, Brave: Settings → Privacy and Security → Use Secure DNS
  • Firefox: Settings → Privacy & Security → Network Settings → Enable DNS over HTTPS
  • Safari: Uses system DNS settings, so configure DNS at the macOS level or through your VPN

Check WebRTC Exposure

WebRTC can sometimes expose local or network-related information in the browser. If privacy matters, review browser WebRTC settings or use a browser extension that limits WebRTC exposure.

VPN Settings That Help Prevent DNS Leaks

  • DNS leak protection: Forces DNS requests through the VPN
  • Kill switch: Blocks traffic if the VPN disconnects
  • Use VPN DNS: Prevents the system from using ISP DNS servers
  • Disable split tunneling for browsers: Keeps DNS and browsing traffic inside the VPN path
  • IPv6 support: Prevents IPv6 traffic from bypassing the VPN tunnel

IPv6 and DNS Leaks

Some VPNs only protect IPv4 traffic. If your network supports IPv6 and your VPN does not handle it correctly, DNS or traffic may leak outside the tunnel.

If you still see leaks after enabling DNS protection, check whether your VPN supports IPv6. If it does not, consider disabling IPv6 temporarily while using the VPN, or switch to a VPN provider with full IPv6 support.

DNS Leak Troubleshooting Checklist

  • Reconnect your VPN
  • Enable DNS leak protection
  • Enable the VPN kill switch
  • Flush your DNS cache
  • Check browser Secure DNS settings
  • Disable split tunneling for your browser
  • Check IPv6 support
  • Run the DNS leak test again

Related Network Security Guides

DNS privacy is only one part of network security. You may also want to review:

FAQ: DNS Leak Test and Fix

How do I know if I have a DNS leak?

Run a DNS leak test while your VPN is connected. If the result shows DNS servers from your ISP instead of your VPN or trusted DNS provider, you likely have a DNS leak.

Can a VPN leak DNS?

Yes. A VPN can leak DNS if DNS leak protection is disabled, misconfigured, or bypassed by system or browser settings.

Is a DNS leak dangerous?

A DNS leak can expose which domains you visit. It may not expose the full content of encrypted HTTPS traffic, but it reduces your privacy.

Does DNS over HTTPS fix DNS leaks?

DNS over HTTPS can help protect browser DNS requests, but it may not cover all applications on your system. VPN DNS leak protection is still important.

Why does my ISP appear in a DNS leak test?

If your ISP appears, your device may still be using ISP DNS servers instead of routing DNS through your VPN or chosen DNS provider.

Verify Your Fix

After applying the steps above, run the DNS leak test again. If your ISP no longer appears and DNS requests are routed through your VPN or trusted resolver, your configuration is working correctly.

Check for DNS Leaks Now →