You connect your VPN, you see the “protected” message, and you assume the job is done. Then a website still shows the wrong region, or a security tool hints your ISP is visible, and you’re left thinking, “Wait, how?”

This is exactly where a DNS leak test becomes useful. It does not check your whole life. It checks one quiet part of your internet connection that people forget about until it causes trouble: DNS.

If you want to test as you read, keep our VPN Leak Test open in another tab. It includes DNS checks, and it makes it easy to rerun after every fix.

DNS in plain English: what it does and why it matters

DNS is like the internet’s phone book. When you type a website name into your browser, your device asks DNS where that site “lives” so it can connect to the right server.

Those requests go to DNS servers.

If you are not using a VPN, your device usually uses your internet provider’s DNS, also called ISP DNS. That’s normal.

But if you are using a VPN for privacy, you generally want DNS requests to go through the VPN tunnel, not out through your ISP. Otherwise, your ISP can still see which websites you request, even if the content of your browsing is encrypted.

That’s what a DNS leak is in practical terms.

What a DNS leak looks like

A DNS leak happens when your browser or device keeps sending DNS requests to ISP DNS while your VPN is connected. So you might have a VPN IP address showing publicly, but your DNS requests still go to the ISP.

That mix is exactly why some websites and services can still guess your region, or why your privacy setup feels inconsistent.

A quick DNS leak test will usually show one of two patterns:

If the DNS servers listed belong to your VPN provider or a neutral resolver the VPN forces through the tunnel, you are in good shape.

If the DNS servers listed belong to your ISP or your local network, that’s a likely leak.

If you want to compare your “before VPN” baseline, check your normal connection first using IP Lookup, then connect your VPN and run the leak test again.

How to run a DNS leak test the right way

A good DNS leak test is simple, but the order matters.

First, disconnect your VPN. Run the DNS test and take a mental note of what your normal DNS looks like. You do not need to write anything down. Just notice if it clearly shows your ISP.

Second, connect your VPN. Wait 10 to 15 seconds so the tunnel stabilizes.

Third, run the DNS leak test again. Your DNS results should change. If they don’t, you have a strong clue that DNS is bypassing the tunnel.

If you want a quick all-in-one view, use VPN Leak Test. If you want to double-check what your public IP looks like at the same time, open What Is My IP Address in a separate tab.

That combination tells you whether the VPN is changing your public IP and whether DNS is following the VPN or sticking with your ISP.

Why DNS leaks happen (it’s usually not one dramatic cause)

Most leaks come from settings conflicts. Not hacking. Not spying. Just config issues.

Here are the most common reasons.

Your VPN is not forcing DNS through the tunnel

Some VPN apps require you to enable a specific setting for DNS, especially if you are using certain protocols. If the app is not handling DNS, your device falls back to whatever DNS it normally uses.

This is where checking VPN DNS settings inside the VPN app helps.

You set custom DNS on your device

A lot of people set custom DNS for speed, ad blocking, or parental controls. Then they forget it exists.

When you hardcode DNS at the system level, it can override the VPN’s DNS handling and cause a leak. This is a very common cause of a failed DNS leak test.

Your router forces DNS

Some routers are configured to force all devices on the network to use a specific DNS. Sometimes that’s done by the ISP. Sometimes it’s done for filtering.

If your router is forcing DNS, your VPN has to work harder to keep DNS inside the tunnel. If it cannot, you see leaks on home Wi-Fi but not on mobile data.

IPv6 and split routing quirks

Sometimes the VPN tunnels IPv4 neatly but leaves other traffic paths outside the tunnel. DNS can end up taking a path you did not expect.

If you suspect this, it helps to check whether IPv6 is active and how your IP looks. IP Lookup can help you see what your connection is exposing in both address types.

VPN drops and reconnects

A brief disconnect can be enough for your device to send DNS requests through the ISP before the VPN reconnects. If you are testing at a moment when the VPN is unstable, your DNS leak test may show inconsistent results.

A kill switch helps here, because it blocks traffic if the VPN drops.

Why a DNS leak matters even if you have HTTPS

This is the part many people find confusing.

Yes, most websites use HTTPS. That means your ISP cannot read the content of your pages like it’s 2005.

But DNS is not the page content. DNS is the “where should I go” request. If your DNS goes to ISP DNS, your ISP can still see the domains you’re requesting, which can reveal a lot about your browsing.

Also, some services use DNS signals as part of fraud checks or geo checks. If your public IP says “VPN server in Country A,” but your DNS says “ISP in Country B,” the mismatch can trigger blocks, extra verification, or limited access.

This is why a DNS leak test is worth doing if you rely on a VPN for privacy or for consistent access.

How to fix a DNS leak (the practical path)

Let’s keep fixes realistic. You do not need to rebuild your network. You just need to remove conflicts and confirm results.

Step 1: Check your VPN DNS settings

Open your VPN app settings and look for anything related to DNS or “prevent DNS leaks.” Some providers offer “use VPN DNS” or “secure DNS” toggles.

Enable the option that forces DNS through the VPN tunnel.

Then rerun a DNS leak test using VPN Leak Test and confirm the DNS servers changed.

Step 2: Remove custom DNS on the device (temporarily)

If you have manually set DNS on your device, switch it back to automatic for the test. This helps you isolate the cause.

If the leak disappears, you’ve found the conflict. You can later choose a setup that works with your VPN, but the priority is to stop ISP DNS from showing when you do not want it to.

Step 3: Test on a different network

Use your phone’s hotspot for five minutes and run the same DNS leak test.

If your DNS looks clean on hotspot but leaks on home Wi-Fi, your router is likely forcing DNS or your home network has a filtering setup that conflicts with the VPN.

Step 4: Switch VPN protocol or server

Some VPN protocols handle DNS more cleanly on certain devices. Switching protocols can fix leaks without any deep settings changes.

Also, try a different server location. It should not matter, but in real life some servers have better DNS routing than others.

After each change, rerun the DNS leak test so you’re not guessing.

What if there is no leak but sites still block you?

Sometimes you pass every leak test and still get flagged. That can happen because the VPN IP itself is categorized as a proxy or datacenter range. It’s not a leak. It’s reputation.

If you want to check how your IP is being labeled, run Proxy Check. If it looks heavily flagged, switching to a different VPN server often solves it.

FAQs

What should a DNS leak test show when my VPN is on?

Your DNS results should not point to ISP DNS. Ideally, they show DNS tied to your VPN provider or DNS routed through the VPN tunnel.

Can I have a DNS leak even if my IP address changes?

Yes. Your public IP can change while DNS still uses your ISP. That’s why a DNS leak test checks DNS separately from the IP.

Why does my DNS leak only on Wi-Fi?

Home routers or ISP equipment can force DNS settings. If the leak disappears on mobile data, your Wi-Fi network is likely the cause.

Is a DNS leak always dangerous?

It depends on your goal. If you use a VPN for privacy, a DNS leak can expose what sites you request and reduce anonymity. If you use a VPN mainly for basic encryption on public Wi-Fi, it still matters, but the risk feels different.

Final take

A VPN can hide your public IP, but DNS can quietly give away more than you expect. A DNS leak test helps you confirm whether your DNS servers are following the VPN or sticking with ISP DNS.

Run the test before and after connecting, fix the usual settings conflicts, and retest until the results stay consistent. Once you do that, your VPN setup stops being a “hope it’s working” situation and becomes something you can trust.