Skip to main content

Last updated: March 2026

DNS Leak Test

Check if your VPN is leaking DNS queries to your ISP. A DNS leak means your ISP can see every website you visit — even with the VPN on.

🔍

A DNS leak exposes your browsing activity even when using a VPN. This test checks if your DNS requests are secure.

Click "Run Test" to check for DNS leaks
🌐 What Is My IP 🛡️ Full IP Leak Test ⚡ Speed Test

Quick Answer

A DNS leak occurs when your DNS queries bypass the VPN tunnel and go directly to your ISP's DNS servers. This exposes every domain you visit to your ISP — even while your traffic is encrypted. A DNS leak test checks which servers are handling your queries: if your ISP's servers appear, your VPN is leaking.

  • • DNS leaks expose domain names you visit to your ISP — not just your IP
  • • Caused by: misconfigured VPN, IPv6 bypass, Windows multi-homed DNS, no kill switch
  • • Fix: use a VPN with built-in DNS protection (like LimeVPN) or disable IPv6
  • • A clean test shows only VPN provider or neutral resolver IPs — no ISP servers

What Is a DNS Leak?

Every time you visit a website, your device looks up its IP address using the Domain Name System (DNS) — the internet's phone book. Without a VPN, those lookups go straight to your ISP's DNS servers, giving them a complete log of every domain you visit.

A properly configured VPN routes all DNS queries through its own encrypted tunnel and private DNS servers. A DNS leak happens when the VPN fails to do this — DNS queries escape the tunnel and go directly to your ISP, even while your other traffic is protected.

Leaking DNS (bad)

Your device ── DNS → ISP servers ⚠️ ISP sees every site
Your device 🔒 traffic encrypted VPN server

Protected DNS (good)

Your device 🔒 DNS + traffic encrypted VPN DNS servers ✓ ISP sees nothing

Why a DNS Leak Defeats Your VPN

A DNS leak gives your ISP a complete list of every domain you visit — even though they cannot read your actual traffic content. This is enough to:

📋

Build a browsing profile

Your ISP sees every domain you look up — news sites, health queries, financial research, dating apps.

💰

Sell your data

In many countries, ISPs can legally sell aggregated browsing data to advertisers and data brokers.

🚫

Throttle streaming

ISPs detect streaming services via DNS and can throttle bandwidth to those domains.

📁

Hand to authorities

Law enforcement can request DNS logs to trace your activity — without needing traffic content.

🌍

Defeat geo-spoofing

If DNS leaks to your real ISP, your real location is revealed even if your IP shows another country.

🏢

Expose corporate research

Competitors and analytics services can see which domains you look up, even for market research.

5 Common Causes of DNS Leaks

01

VPN does not force DNS through the tunnel

The most common cause. Many VPN clients change your IP but fail to redirect DNS queries. Your OS continues using the ISP's DNS servers while the VPN is active.

02

IPv6 traffic not tunnelled

Most home connections have an active IPv6 address. If the VPN only creates an IPv4 tunnel, IPv6 DNS queries bypass it entirely. Disabling IPv6 or using a VPN that blocks it (like LimeVPN) fixes this.

03

Windows Smart Multi-Homed Name Resolution

Windows 8+ has a feature that sends DNS queries to multiple resolvers simultaneously — including your ISP — to improve speed. This bypasses VPN DNS even when the VPN is configured correctly.

04

VPN reconnection gap (no kill switch)

When a VPN drops and reconnects, there is a brief window where traffic (including DNS) flows unprotected. A kill switch blocks all traffic during this window, preventing DNS leaks.

05

Manually configured system DNS

If you've manually set your system DNS to 8.8.8.8 or 1.1.1.1, some VPN clients will use those servers directly instead of routing the query through the tunnel, causing a leak.

How to Read Your DNS Leak Test Results

What you see Verdict What to do
VPN provider DNS servers ✅ No leak Your DNS is fully protected.
Cloudflare / Google / Quad9 (via VPN IP) ✅ No leak Public DNS accessed through your VPN tunnel — safe.
Your ISP's DNS servers ❌ DNS leak Your VPN is not routing DNS. Switch VPNs or fix settings.
Your ISP's DNS + VPN DNS mixed ⚠️ Partial leak DNS split — partial protection. Disable IPv6 or fix VPN config.
Unknown resolver ⚠️ Investigate Check if this is your router's DNS or a third-party resolver.

How to Fix a DNS Leak

The most reliable fix is a VPN that handles DNS correctly by design. For manual fixes:

1

Switch to a VPN with built-in DNS leak protection

Recommended

LimeVPN forces all DNS queries through its own private servers on every plan. No configuration required.

2

Disable IPv6 on your operating system

Go to Network Adapter Settings → Properties → uncheck IPv6. This prevents IPv6 DNS queries from bypassing the VPN tunnel.

3

Enable your VPN's kill switch

A kill switch blocks all internet traffic when the VPN drops, preventing the DNS leak window during reconnections.

4

Disable Windows Smart Multi-Homed Name Resolution

In Group Policy: Computer Configuration → Administrative Templates → Network → DNS Client → Turn off Smart Multi-Homed Name Resolution → Enabled.

How LimeVPN Prevents DNS Leaks

🔒

Private DNS servers

All DNS queries route through LimeVPN's own servers — never your ISP's.

🚫

IPv6 blocked by default

IPv6 is disabled at the system level on all apps, preventing IPv6 DNS bypass.

Kill switch

Traffic is blocked during VPN reconnections so DNS never escapes unprotected.

🛡️

DNSSEC validation

DNS responses are cryptographically verified to prevent DNS spoofing attacks.

DNS Leak — Frequently Asked Questions

What is a DNS leak?
A DNS leak occurs when your DNS queries bypass your VPN tunnel and are sent directly to your ISP's DNS servers instead of your VPN's private DNS servers. This exposes every domain name you visit to your ISP — even when your actual traffic is encrypted by the VPN. It is one of the most common VPN privacy failures.
How does a DNS leak test work?
A DNS leak test sends DNS queries through your current connection and identifies which DNS resolvers are handling them. If the resolvers belong to your ISP instead of your VPN provider (or a neutral third party like Cloudflare or Google through the VPN tunnel), your DNS is leaking outside the VPN.
What causes DNS leaks?
The most common causes are: (1) VPN software that does not force DNS through the tunnel; (2) operating system DNS settings that override the VPN; (3) IPv6 traffic not being routed through the VPN; (4) VPN disconnections without a kill switch catching the gap; (5) smart multi-homed name resolution on Windows, which sends DNS to multiple servers simultaneously.
Is it dangerous if my DNS is leaking?
Yes. A DNS leak tells your ISP every domain name you visit, even though they cannot read the content of your traffic. ISPs can log this data, sell it to advertisers, hand it to authorities, or use it for traffic shaping and throttling. DNS leaks also reveal your approximate location and defeat VPN-based geo-spoofing.
How do I fix a DNS leak?
The most reliable fix is to use a VPN that handles DNS routing correctly — like LimeVPN, which forces all DNS queries through its own private servers. You can also: (1) disable IPv6 if your VPN does not tunnel it; (2) change your system DNS to a public resolver like 1.1.1.1 (though this should be a backup, not a primary fix); (3) enable the kill switch so DNS never leaks during reconnects.
What is a WebRTC leak and is it the same as a DNS leak?
No — they are different. A DNS leak exposes the domain names you look up. A WebRTC leak exposes your real IP address through the browser's WebRTC API (used for video calls). Both are types of VPN privacy failures. Run the full IP & WebRTC Leak Test to check for both simultaneously.
My VPN is connected but I see ISP DNS servers — what does that mean?
It means your VPN is not routing DNS traffic through the encrypted tunnel. Your internet traffic may be encrypted, but your DNS queries are bypassing the VPN entirely. This is a significant privacy failure. You should switch to a VPN that properly handles DNS — or check your VPN's DNS settings and ensure IPv6 is disabled.
Does LimeVPN prevent DNS leaks?
Yes. LimeVPN runs its own private DNS servers and forces all DNS queries through the VPN tunnel on all platforms. IPv6 is blocked at the system level to prevent IPv6-based DNS leaks. The kill switch prevents DNS queries from escaping during VPN reconnections.
What should a passing DNS leak test show?
A clean result shows DNS resolvers that belong to your VPN provider, or well-known public resolvers (like Cloudflare 1.1.1.1) that are being accessed through your VPN server's IP. You should not see any DNS servers that belong to your home ISP or mobile carrier.

Stop DNS Leaks for Good

LimeVPN routes all DNS through its own private servers, blocks IPv6, and includes a kill switch on every plan. From $5.99/mo.

Get LimeVPN — From $5.99/mo

AES-256 Encryption · No-Logs Policy · 30+ Locations · Kill Switch

More Privacy Tools

What Is DNS?

How the domain name system works and why DNS privacy matters.

What Is My IP

See your public IP, location, ISP, and IPv4/IPv6 status.

IP & WebRTC Leak Test

Full technical leak test — IPv4, IPv6, WebRTC ICE candidates, and DNS.

VPN Speed Test

Measure your download speed with and without VPN.

LimeVPN Security Features

Kill switch, DNS protection, AES-256 encryption explained.