DNS Leak Test - Check for DNS Leaks

Verify that your VPN or privacy setup is not leaking DNS queries to your ISP. This test queries multiple public resolvers, analyzes the responses for leak indicators, and explains how to fix any problems it finds.

Click the button below to run a server-side DNS leak detection test. The test takes a few seconds while it queries several resolvers.

Understanding This Tool

What It Does

This tool runs a server-side DNS check when you click the button; there are no fields to fill in. From the ShowMyIP server it attempts DNS lookups for a fixed set of test domains against five well-known public resolvers (Google, Cloudflare, Quad9, OpenDNS, and Level3), then reports per-resolver response counts, timing, and a heuristic leak assessment. When the server has the dig command available each lookup targets the named resolver directly; otherwise it falls back to PHP's built-in resolver, so the labelled rows reflect what the server can resolve rather than queries guaranteed to reach each provider. Because the queries originate from our server and not from your own device or network, the results describe what our server sees, making this an educational reachability and response check rather than a guaranteed audit of your local VPN or your machine's real DNS path.

Understanding the Results

  • Leak status: Shows either "No DNS leak detected" or "Potential DNS leak detected." This is a heuristic flag derived from how the tested resolvers responded to our server's queries, not a definitive verdict about your own connection.
  • Severity: A label of none, medium, high, or unknown that summarizes the heuristic. "None" appears when no leak is flagged; "unknown" appears only if the test hit an error and could not complete.
  • Test duration: Total time in milliseconds that the whole test took to run on the server.
  • Analysis: A short bulleted list of summary lines the tool generated, such as "No DNS leaks detected," a high or potential leak headline, or notes about non-global (ISP-location), IPv6, or transparent-proxy patterns. These are high-level assessment statements, not a per-query log.
  • DNS Resolvers Tested: A table listing each public resolver by name, its provider and stated location, a Responses count showing how many of the five attempted lookups succeeded, and the average response time in milliseconds. A row showing 0 successful responses means that resolver was unreachable or blocked from our server, or the lookup failed.
  • Recommendations: A list of general DNS-privacy suggestions (use a VPN with leak protection, review VPN DNS settings, consider DoH or DoT, disable unused IPv6, retest after network changes). These are templated guidance rather than findings specific to your device.
  • Test incomplete: A warning shown only when the test hits an error and cannot finish; in that case the other fields may be empty or hold default values, and severity reads "unknown."

Common Use Cases

  • Learning what a DNS leak is: Use the test alongside the explanations on this page to understand how DNS queries can bypass a VPN tunnel and why that matters for privacy.
  • Seeing resolver reachability: Review the resolvers table to see which major public DNS providers respond, and how many of the five lookups succeed, from a typical server location.
  • Comparing response timing: Compare average response times across Google, Cloudflare, Quad9, OpenDNS, and Level3 to get a feel for how resolver latency varies from the server.
  • Getting a privacy checklist: Use the Recommendations and the educational content as a starting checklist for hardening your own DNS setup (custom resolvers, encrypted DNS, kill switch).
  • Quick demonstration: Use it as a teaching aid to show colleagues or clients the concept of DNS leak testing before running a true client-side test on their own machine.

Pro Tips & Best Practices

  • Run a client-side test for your own machine: Because this tool queries resolvers from our server, it cannot see your device's real DNS path. To check whether your own VPN leaks, also use a browser-based test on the device you actually want to verify, while connected to your VPN.
  • Read the resolvers table, not just the headline: The Responses and Avg Time columns are the most concrete data here; a resolver showing 0 successful responses simply means that lookup did not succeed from our server during the test.
  • Treat severity as a heuristic: The leak status and severity come from response patterns and can flag responding resolvers even on a healthy setup, so weigh them as guidance rather than a pass or fail result.
  • Re-run after an incomplete result: If the test reports it could not complete, wait a moment and run it again, since transient network conditions or missing server tools can affect a single run.

Frequently Asked Questions

Not directly. The test runs from the ShowMyIP server and queries public DNS resolvers from there, so it reflects what our server sees rather than your device's actual DNS path. To verify your own VPN, run a browser-based DNS leak test on the device you want to check while connected to your VPN, and use this page mainly to understand the concept and get a privacy checklist.

None. There are no input fields. You just click the Run DNS Leak Test button and the server performs DNS lookups against a fixed set of five public resolvers, which takes a few seconds.

The leak status is a heuristic. The tool flags indicators such as resolvers responding to queries or unusually fast response times, and even a single responding resolver can push the result into a potential-leak label. Because the queries come from our server, the status should be read as educational guidance rather than a definitive verdict about your connection.

Each row is one public resolver. Resolver is its name, Provider and Location are descriptive labels for that service, Responses shows how many of the five attempted lookups succeeded, and Avg Time is the average response time in milliseconds. A Responses value of 0 means no lookup succeeded for that resolver during the test.

That warning appears when the server hits an error or the lookups fail, which can happen due to timeouts or temporary network conditions. Wait a few seconds and run the test again. If it keeps failing, the underlying lookup tools may be unavailable on the server, and you should rely on a client-side test from your own device instead.

Frequently Asked Questions

Does this test check whether my own VPN is leaking DNS?
Not directly. The test runs from the ShowMyIP server and queries public DNS resolvers from there, so it reflects what our server sees rather than your device's actual DNS path. To verify your own VPN, run a browser-based DNS leak test on the device you want to check while connected to your VPN, and use this page mainly to understand the concept and get a privacy checklist.
What information do I need to enter to run the test?
None. There are no input fields. You just click the Run DNS Leak Test button and the server performs DNS lookups against a fixed set of five public resolvers, which takes a few seconds.
Why does the result sometimes say a leak was detected even on a secure setup?
The leak status is a heuristic. The tool flags indicators such as resolvers responding to queries or unusually fast response times, and even a single responding resolver can push the result into a potential-leak label. Because the queries come from our server, the status should be read as educational guidance rather than a definitive verdict about your connection.
What do the columns in the DNS Resolvers Tested table mean?
Each row is one public resolver. Resolver is its name, Provider and Location are descriptive labels for that service, Responses shows how many of the five attempted lookups succeeded, and Avg Time is the average response time in milliseconds. A Responses value of 0 means no lookup succeeded for that resolver during the test.
What can I do if the test reports it could not complete?
That warning appears when the server hits an error or the lookups fail, which can happen due to timeouts or temporary network conditions. Wait a few seconds and run the test again. If it keeps failing, the underlying lookup tools may be unavailable on the server, and you should rely on a client-side test from your own device instead.
Last reviewed: Reviewed by the

How this tool works: This tool runs in your browser and on our server in real time. Depending on the tool, results are computed directly from the input you provide or retrieved from live, authoritative data sources at the moment you run a lookup. We do not sell your data, and your lookups are kept private — any history shown here is stored only on your device.

Related Tools

Explore these related tools to get more insights and complete your analysis:

IP Lookup

Enter any IP address to instantly find its geographic location, ISP, hostname, and organization. Our IP lookup tool provides accurate geolocation data worldw...

DNS Lookup

Check DNS records for any domain instantly. Our free DNS lookup tool queries authoritative nameservers to show A, AAAA, MX, TXT, NS, SOA, and CNAME records.

WHOIS Lookup

Look up WHOIS data for any domain to see registration details, nameservers, registrar information, creation and expiration dates, and contact information.

SSL Certificate Checker

Check any website's SSL/TLS certificate. View expiration date, issuer, certificate chain, supported protocols, and get a security grade with recommendations.

Port Scanner

Scan any host to discover open ports and identify running services. Essential for security audits, firewall testing, and network troubleshooting.