🛡️VPN Adviser
Home / Blog / VPN DNS Leak Test: How to Check and Fix DNS Leaks
Guides

VPN DNS Leak Test: How to Check and Fix DNS Leaks

9 June 2026

What Is a DNS Leak?

When you connect to a website, your device first looks up the IP address for that domain. This lookup is a DNS (Domain Name System) query. Normally, when you use a VPN, those DNS queries should travel through the VPN tunnel to the VPN provider's DNS servers. Nobody outside the VPN should see what sites you are visiting.

A DNS leak occurs when DNS queries bypass the VPN tunnel and go directly to your ISP's DNS servers instead. Your ISP (or anyone monitoring those DNS servers) can then see your browsing activity, even though you think a VPN is protecting you. The VPN encrypts your traffic, but your DNS queries are leaking outside it.

Why DNS Leaks Happen

Several technical reasons cause DNS leaks:

Windows Smart Multi-Homed Name Resolution: Windows 8 and later have a feature that sends DNS queries to multiple interfaces simultaneously for speed. When a VPN is connected, Windows may still send DNS queries to your regular network adapter alongside the VPN interface.

IPv6 DNS leaks: If your VPN only routes IPv4 traffic through the tunnel but your device has IPv6 connectivity, IPv6 DNS queries may leak.

DHCP DNS override: Some routers push DNS server addresses via DHCP. If your VPN does not prevent this override, the router's DNS (usually your ISP's) gets used.

Poorly configured VPN apps: Some VPN apps do not properly redirect all DNS traffic through the VPN tunnel. This is more common in older apps or VPNs without proper DNS leak protection.

How to Test for DNS Leaks

The fastest test: visit dnsleaktest.com or ipleak.net while connected to your VPN. These sites show which DNS servers are resolving your queries.

What to look for:

  • The DNS server location should match your VPN server location, not your real location
  • The DNS server IPs should belong to your VPN provider, not your ISP
  • If you see your real city or your ISP's name, you have a DNS leak

Run the extended test on dnsleaktest.com, which sends multiple queries and catches intermittent leaks that a single test might miss.

How to Fix DNS Leaks

Fix 1: Enable DNS Leak Protection in Your VPN App

Most major VPN providers have a DNS leak protection setting. In NordVPN, it is on by default. In ExpressVPN, it is automatic. In Mullvad, it is always enforced.

Check your VPN app's settings and look for "DNS leak protection," "private DNS," or similar. Enable it if present.

Fix 2: Disable Smart Multi-Homed Name Resolution on Windows

Open Group Policy Editor (press Windows key + R, type gpedit.msc, press Enter).

Navigate to: Computer Configuration > Administrative Templates > Network > DNS Client.

Find "Turn off Smart Multi-Homed Name Resolution" and set it to Enabled.

Alternatively, use PowerShell with administrator privileges:

Set-DnsClientServerAddress -InterfaceAlias "Wi-Fi" -ResetServerAddresses

This resets the DNS server for your Wi-Fi adapter, which the VPN should then override properly.

Fix 3: Disable IPv6 (if your VPN does not support IPv6)

If your VPN does not route IPv6 traffic, disable IPv6 on your network adapter. In Windows:

  1. Open Network and Sharing Center
  2. Click your active network connection
  3. Click Properties
  4. Uncheck "Internet Protocol Version 6 (TCP/IPv6)"
  5. Click OK

Note: disabling IPv6 can break some applications and services. Re-enable it if you notice problems.

Fix 4: Use a VPN with Enforced DNS

Some VPN providers handle DNS more reliably than others. Mullvad enforces its own DNS on all connections and blocks external DNS by default. ProtonVPN also has strong DNS leak prevention. If DNS leaks persist after trying the above fixes, switching to a VPN with better DNS handling is the most reliable solution.

Which VPNs Have the Best DNS Leak Protection?

Mullvad: The most reliable DNS leak protection. Mullvad forces all DNS through its own servers and blocks DNS queries to external servers when connected. No configuration required.

NordVPN: DNS leak protection enabled by default. Uses its own private DNS servers (1.1.1.1 and 1.0.0.1 are not used, only NordVPN's servers). Has withstood independent DNS leak audits.

ProtonVPN: DNS leak protection on by default. Supports IPv6 routing through the VPN tunnel on supported servers, preventing IPv6 DNS leaks.

ExpressVPN: Uses its own DNS servers ("ExpressVPN DNS") and does not allow DNS queries to go to third-party servers when the VPN is connected.

Surfshark: DNS leak protection available and on by default. Less tested in independent audits than NordVPN or Mullvad, but practical performance is good.

WebRTC Leaks: A Related Issue

DNS leaks are not the only way your VPN can leak your real location. WebRTC is a browser technology that allows real-time communication (video calls, voice chat). It can expose your real IP address to websites even when a VPN is connected.

Test for WebRTC leaks at browserleaks.com/webrtc. If you see your real IP, install a WebRTC blocking extension (uBlock Origin blocks WebRTC leaks in Firefox; in Chrome, use WebRTC Network Limiter).

Summary: Is Your VPN Leaking?

Test now at dnsleaktest.com with your VPN connected. The result should show only your VPN provider's DNS servers in a location matching your chosen VPN server. If you see your ISP or your real location, your DNS is leaking.

The quickest fix is enabling DNS leak protection in your VPN app if the option exists. For persistent leaks on Windows, disabling Smart Multi-Homed Name Resolution usually resolves it. If leaks continue across devices and VPN apps, consider switching to Mullvad or another VPN with enforcement-level DNS protection.

Want expert VPN recommendations?

We test every major VPN so you don't have to. See our top picks for 2026.

See Top VPN Reviews