Vpn Dns Leak Test
Is Your VPN Leaking? | PCMag
Just how secure is your private data? You may think you have a Fort Knox-like setup, but don’t take risks with your personal info. It’s worth confirming that the virtual private network, or VPN, software you use is actually doing its job, or if it’s allowing your personal data to go hither and thither without your knowledge.
For the most part, if you pick one of our top VPN services, you’ll be well protected, be it on a PC or even a smart device (most of the best services offer software across all operating systems). But it never hurts to check. Things break, new exploits are found, and there’s always a chance your VPN may be leaking more data than you prefer. Here are some steps you can take to see if that’s true.
Check Your IP Address
Your home has an IP address, not just a street address. The IP (internet protocol) address is the unique number assigned to your router by your ISP. (Your internal home network in turn gives each node in your home—PCs, phones, consoles, smart appliances, anything connected to the router—an IP address. But in this case, we’re only concerned with your public-facing IP address. )
The IP address is how your computers/router talk to servers on the internet. They don’t use names—like —because computers prefer numbers. IP addresses are typically bound not only to the ISPs that assign them, but also specific locations. Spectrum or Comcast have a range of IP addresses for one town and a different range for another town, etc.
When someone has your IP address, they get a lot more than just some numbers: they can narrow down where you live.
IP addresses come in several formats, either a IPv4 (internet protocol version 4) version like 172. 16. 254. 1 or an IPv6 type that looks like 2001:0db8:0012:0001:3c5e:7354:0000:5db1.
Let’s keep it simple. Your own public-facing IP address is easy to find. Go to Google and type “what’s my IP address. ” Or go to sites like Tenta Browser Privacy Test, IPLocation,, or They’ll display more than your IP; they’ll also give you the Geo-IP—the location linked to the address.
Take the IP address that comes up and search for it in Google with IP in front, like “IP 172. 1” (sans quotation marks). If it keeps coming up with your city location, your VPN has a big, messy leak.
The leak could be caused by what’s known as the WebRTC bug; WebRTC is a collection of standards that look hard to find your IP address, to make things go faster when you use the internet and services like video chat and streaming. If you’ve got a modern desktop browser, you’re likely to have this, as the browsers all enable WebRTC to work better. You can check with the Hide My Ass WebRTC Leak Test.
VPNs that work via an extension in a browser will turn it off, among other things. Or disable WebRTC in browsers directly yourself.
Chrome Requires an extension like WebRTC Network Limiter or WebRTC Leak Prevent, or try WebRTC Control to toggle it on and off from the toolbar.
EdgeYou can’t really fix it, but you can hide your local IP address entirely by typing “about:flags” and checking the box next to “Hide my local IP address over WebRTC connections. ” It probably hurts you with location services more than it helps protect you.
Safari It shouldn’t be an issue, as Apple’s browser doesn’t share like the rest.
Firefox Type “about:config, ” click on the “I accept the risk! ” button, type “erconnection. enabled” in the search box, then double-click to change to the Value column to say False.
Opera Go to View > Show Extensions > WebRTC Leak Prevent > Options. Choose to disable it and save the settings.
Check for DNS Leaks
The internet domain name system (DNS) is what makes IP addresses and domain names (like “”) work. You type the domain name into a web browser, the DNS translates all the traffic moving back and forth from your browser to the web server using the IP address numbers, and everyone is happy.
ISPs are part of that—they have DNS servers on their networks to help with the translation, and that gives them another avenue to follow you around. This video from ExpressVPN spells it out (and tells you why a VPN with DNS services on their servers is great).
Using a VPN means, in theory, your internet traffic is redirected to anonymous DNS servers. If your browser just sends the request to your ISP anyway, that’s a DNS leak.
There are easy ways to test for a leak, again using websites like Hidester DNS Leak Test,, or DNS Leak You’ll get results that tell you the IP address and owner of the DNS server you’re using. If it’s your ISP’s server, you’ve got a DNS leak., in particular, gives you a nice color-coded result, with “Looks like your DNS might be leaking… ” in red, or green if you appear to be in the clear. Hidester gives you a full list of every DNS server you may hit. When several correspond to your actual ISP, that better underscores your leaky-ness.
Fix the Leaks
If you do have a leak, you have a couple options. One, change your VPN to one that specifically works to prevent DNS leaks. All our Editors’ Choice picks—Private Internet Access VPN, NordVPN, and TunnelBear—promise to be leak-free.
If you like your current VPN too much to switch, maybe buy Guavi’s VPNCheck Pro for $19. 92. It has its own DNS leak fix, and monitors your VPN for other issues.
Recommended by Our Editors
You can also change the DNS servers used by your router when you send requests to the internet. This can be a little complicated as it requires you to go into the settings for your router, but might be worth it for other reasons. Services like Google Public DNS or Cisco’s OpenDNS provide instructions on how to set them up with most routers. The latter has a personal version with various free options, even one geared specifically to family/parental controls that block questionable sites. You can pay $19. 95/year for extra services like usage stats and whitelists of sites under the OpenDNS Home VIP option.
There’s even a DNS service specifically for mobile devices: Cloudflare’s 1. 1. It not only encrypts DNS queries but promises faster internet. It can also be configured to work with routers and PCs, however. (Learn more in our recent interview with Cloudflare CTO John Graham-Cumming. )
Making a DNS update to your router means all the traffic in your home or office uses the new DNS service and whatever ancillary features it provides. That includes PCs, phones, tablets, consoles, even smart speakers, you name it.
With these services, you’re handing your DNS traffic over to another corporation. You could instead invest in hardware at the router level to add extra security, but that may be overkill if you’re not feeling terminally paranoid. At the very least, on individual PCs and handheld devices, get VPN software/apps for supplemental security all around.
Plug Other Leaks
Your location is probably something you’ve plugged into your browser at some point. If so, your browser is typically more than willing to share that information with the websites you visit, even if your VPN does not. Check the massive amount of data you may be giving up by visiting
Use an alternative browser when you want to be at your most secure—the Tor Browser, for example. It’s all about keeping you anonymous, by bouncing your requests around the world before they land on the web server you want, then back again. That makes it hard for you to find your local info and can slow things down overall, but it’s a good bet for security.
If you can’t stand the thought of giving up your current browser, use incognito mode, go the complicated route of setting up a fake location, or just get an extension like Location Guard (for Chrome, Opera, or Firefox) to spoof your whereabouts.
If you’re worried about your web-based email system, switch to ProtonMail. Not only does it redirect messages over the Tor network, it keeps everything encrypted. (For more, read How to Create an Anoymous Email Account. ) Proton Technologies also offers ProtonVPN for Mac, Windows, Linux, and Android. There is a tier of service that’s free forever for one device—including DNS leak protection—while the paid versions support Tor servers and more.
Disclosure: PCMag’s parent company Ziff Davis is owned by j2 Global, which also owns various software products and services including, IPVanish, andStrongVPN.
Like What You’re Reading?
Sign up for Security Watch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
DNS Leak Test – ExpressVPN
What is a DNS leak?
Sometimes a VPN can fail to protect your device’s DNS queries even when the rest of your traffic is concealed by the VPN tunnel. This is called a “DNS leak. ” If your DNS leaks, unauthorized entities, like your internet service provider or DNS server operator, can see which websites you visit and any apps you cause of its role as the internet’s address book, DNS affects nearly everything you do online. Your browser and other apps use it to find the servers that operate the websites and services that you rely on. Your device sends its queries to a DNS server, and the server sends back directions to what you’re looking for. This is what makes DNS a significant privacy risk.
How can I check if my VPN is protecting me?
ExpressVPN will protect you from DNS leaks if it’s configured properly. The DNS Leak Test on this page will help you confirm that ExpressVPN is working as it should.
How does ExpressVPN prevent DNS leaks?
Without a VPN, your device typically uses a DNS service provided by your ISP. But when you connect to ExpressVPN, your device will only use DNS servers operated entirely by ExpressVPN. This benefits you because:
ExpressVPN DNS servers are fast
ExpressVPN doesn’t keep activity or connection logs
All traffic between your device and DNS servers is encrypted end-to-end
Here’s how it works. To visit a webpage, you enter a URL or click a link in your browser. That URL is sent via ExpressVPN’s encrypted tunnel to a DNS server run by ExpressVPN. The DNS server looks up the IP address and sends it to ExpressVPN, which accesses the site. In an instant, ExpressVPN returns that webpage to you. No traffic escapes the security of the tunnel.
If I already have a VPN, why do I need to check for DNS leaks?
Sometimes, one of two things might go wrong:
Your device might send DNS traffic outside of the VPN tunnel.
Your device might send DNS traffic through the VPN tunnel, but to a third-party DNS server.
In both cases, unauthorized third parties might see the list of websites and apps you use.
What causes VPN leakage of DNS?
DNS leaks can happen for many reasons. Here are just a few:
Your VPN is manually configured. If you’re manually configuring a VPN connection, the risk of DNS leaks is higher and depends on your exact operating system configuration. Using the ExpressVPN apps will eliminate many of these risks.
An attacker controls your router, such as a malicious Wi-Fi operator at a coffee shop. An attacker may be able to trick your device into sending DNS traffic outside of the VPN tunnel. ExpressVPN apps offer DNS leak protection, but other apps and manual configurations might be vulnerable.
Manual DNS setup. You (or software on your device) specifically told the operating system not to use DNS servers operated by ExpressVPN. Power users might require a particular DNS service, but for security reasons, it’s probably undesired for most people.
What if I’m connected to ExpressVPN, and I still see a DNS leak on this page?
Get in touch with Support and we’ll get that fixed ASAP.
What to know about DNS Leaks & how to fix them – ProPrivacy
In addition to VPN connection failures, the other significant threat to your anonymity when using a trusted VPN service is that of DNS can result in your ISP being able to ‘see’ and monitor your online activity even though you think an encrypted VPN tunnel safely protects the following article, we are going to discuss what a DNS is, what it means when it leaks, how you can fix DNS leaks, and DNS leak note that is article has been largely superseded by A Complete Guide to IP Leaks. However, the DNS Leak Protection information contained here is still up to date and useful! What is a DNS? The Dynamic Name System (DNS) is used to translate domain names into numerical IP addresses (34. 233. 235. 248). This translation service is usually performed by your ISP, using its DNS is a DNS leak? A DNS Leak is when, due to software issues, your ISP is able to track your internet movements, regardless of whether you’re using a VPN or not! When you use a VPN service, the DNS request should be routed through the VPN tunnel to your VPN provider’s DNS servers rather than those of your ever, it is quite common for Windows (the main culprit for this problem, although never say never for OSX and Linux) to instead use its default settings, and send the request to the ISP’s DNS server rather than through the VPN Leak TestTo perform a DNS leak test simply go to mCheck the results to make sure that you recognize the IP numbers. In particular, any result that shows your ‘real’ location or that belongs to your ISP means that you have a DNS results all look ok to us, so we know we don’t have a DNS leak. Phew! DNS Leak FixIf you want to plug a DNS leak, or just want to prevent the possibility of one happening, there are a number of approaches you can take. 1. Use a VPN client with built-in DNS leak protectionIt is by far the simplest way, but unfortunately, only a few VPN providers supply this option. Those that do include:Private Internet Access – Settings/DNS Leak Protection*Mullvad -Settings/Stop DNS leaks*TorGuard – Automatic*These clients also feature an ‘internet kill switch’. 2. Use VPNCheck (Pro version)The pro version of VPNCheck includes DNS Leak ‘s how to go about setting it wnload, install and run the main screen click ‘Config’ ensure that the ‘DNS leak fix box’ is checked. It’s also probably worth specifying some programs (such as your favorite BitTorrent client) that you want to shut down in the event of a VPN disconnection while you are at get everything started, go back to the main screen and click either Cycle IP: Task or Cycle IP: Network. VPNCheck Pro costs $24. 90 (at the time of writing there is a 20% discount, which brings the price down to $19. 92), and comes with a 13-day free trial. 3. Change DNS Servers and Obtain a Static IPAlthough not strictly speaking a fix, changing DNS servers makes sure that your ISP is not snooping on you. Most VPN providers will be happy to give you their DNS server details, or you can route your requests through a public DNS server such as those offered by Google Public DNS, OpenDNS, and Comodo Secure I have now written How to Change your DNS Settings – A Complete Guide which explains in detail how to change your DNS settings in all major OSs. In that article, I recommend using OpenNIC over Google DNS, as Google DNS is a very poor choice when it comes to stallation instructions for various platforms are provided on the respective websites, but as we are working in Windows 7, here is a rundown on how to do it there (the process is similar on all platforms) Network and Sharing Centre (from the Control Panel, ) and click on ‘Change Adapter settings. ’Right-click on your main connection and select ‘Properties’Look through the list and find ‘Internet Protocol Version 4 (TCP/IPv4). Highlight it and click on ‘Properties’Make a note of any existing DNS server addresses, in case you want to restore your system to its previous settings at some point in the future, then click on the ‘Use the following DNS server addresses’ radio button, enter the relevant addresses. Click ‘OK’ and restart the you are using your VPN provider’s DNS server, then they will provide you with the DNS server addresses. If you are using a public server then you may find these addresses useful:Google Public DNSPreferred DNS server: 8. 8. 8Alternate DNS server: 8. 4. 4Open DNSPreferred DNS server: 208. 67. 222. 222Alternate DNS server: 208. 220Comodo Secure DNSPreferred DNS server: 8. 26. 56. 26Alternate DNS server: 8. 20. 247. 20Changing the DNS server is not only more secure as it moves the DNS translation service to a more trusted party, but it can bring speed benefits, as some services are faster than others. To find out how well a DNS server provider fares in this respect, you can download a free utility called DNS Benchmark. A static IP address is a single fixed IP address. If configured to connect to a static IP, Windows (or other OSs) will always route your DNS requests to that static IP address, rather than assigning a random IP each time you connect to the internet (using DHCP) theory, when using a VPN with DHCP enabled, all DNS requests should be routed through the VPN tunnel (using a process known as address reservation). The VPN provider then handles these. Errors in the address reservation process, however, can result in DHCP defaulting to using the DNS servers specified by the OS settings, rather routing them through the VPN though not critical, it is therefore probably also a good idea to clear any other DNS servers except those used by your VPN adaptor. Full instructions for doing so can be found here, along with the fix which only works with the ‘classic’ open-source OpenVPN client. It is effectively a 3 part batch file which:Switches from any active DHCP adaptors to a static IP (set by you)Clears all DNS servers except the TAP32 adaptor (used by OpenVPN)Returns your system to its original settings once you are disconnected from the VPN serverAuthor’s note, 14 January 2016: This three-year-old hack is a partial way to get around the fact that most VPN clients of the time did not properly route DNS requests through the VPN to be resolved by the VPN provider (as should happen. ) Fortunately, the situation has significantly improved, and most good clients now offer robust DNS leak protection. Hopefully, VPN providers will now start to support full IPv6 routing (rather than simply disabling IPv6. )DNS Leak ProtectionAs ensuring anonymity is the main reason most people use VPN, it makes sense to spend a few minutes to plug any potential areas where this anonymity may be compromised. It is also worth remembering that while Windows causes the most DNS leak problems, Linux and OSX are not immune, so it is still a good idea to follow a similar step to those outlines above if these are your platforms of Following revelations of Google’s complicity in the recent NSA spying scandal, we now advise against using Google Public DNS Although reliability can be an issue, using OpenNIC DNS servers is a decentralized, open, uncensored and democratic alternative to the DNS providers listed above. It is also possible to set your DNS settings to those of your VPN provider (ask it for details). Important Update: A new “feature” in Windows 10 means that DNS requests are directed not just through your VPN tunnel, but also through your ISP and local network interface. It is because by default Windows 10 attempts to improve web performance by sending DNS requests in parallel to all available resources at once, and using the fastest one. Windows 10 users, in particular, should, therefore, disable “Smart Multi-Homed Name Resolution” immediately (although Windows 8. x users can benefit from doing this also. ) See WARNING! Windows 10 VPN users at big risk of DNS leaks for more Leak Security ConclusionYou should now be able to carry out a DNS leak test, and DNS leak protection as well. If you’ve got any feedback on this guide, then let us know in the lated articles:How to completely delete a VPN
Frequently Asked Questions about vpn dns leak test
How do I know if my VPN is leaking DNS?
There are easy ways to test for a leak, again using websites like Hidester DNS Leak Test, DNSLeak.com, or DNS Leak Test.com. You’ll get results that tell you the IP address and owner of the DNS server you’re using. If it’s your ISP’s server, you’ve got a DNS leak.
Does VPN leak DNS?
Sometimes a VPN can fail to protect your device’s DNS queries even when the rest of your traffic is concealed by the VPN tunnel. This is called a “DNS leak.” If your DNS leaks, unauthorized entities, like your internet service provider or DNS server operator, can see which websites you visit and any apps you use.
How do I fix DNS leak in VPN?
DNS Leak FixUse a VPN client with built-in DNS leak protection. It is by far the simplest way, but unfortunately, only a few VPN providers supply this option. … Use VPNCheck (Pro version) The pro version of VPNCheck includes DNS Leak Protection. … Change DNS Servers and Obtain a Static IP.Jun 30, 2018