DNS leaks
How to check for DNS leaks when using a VPN
A DNS leak happens when your DNS requests go somewhere unexpected while the VPN is connected. The result can reveal your ISP, location or resolver even when your public IP looks protected.
Simple test: Connect to your VPN, check your public IP, then check which DNS resolvers your system and browser are using.
What DNS does
DNS turns names like example.com into IP addresses. If your VPN tunnels web traffic but leaves DNS queries using your ISP resolver, your browsing activity may still reveal more than expected.
Linux DNS checks
resolvectl status
dig example.com
dig +short myip.opendns.com @resolver1.opendns.comFor quick DNS lookups outside your terminal, use DNSNow. If you want to learn the command line side, try the dig command builder.
What to compare
| Result | Good sign | Possible problem |
|---|---|---|
| Public IP | VPN location | ISP IP still visible |
| DNS resolver | VPN or chosen privacy DNS | ISP resolver still visible |
| IPv6 | Protected or unavailable | ISP IPv6 exposed |
How to reduce DNS leaks
- Enable DNS leak protection in the VPN app.
- Disable IPv6 if your VPN does not handle it safely.
- Reconnect after changing DNS settings.
- Clear browser DNS cache and retest.
- Use the same before and after checklist every time.
Need a structured process? Use the VPN working checklist.