Engine v2.5

Advanced DNS Leak Test

Check whether your VPN or private DNS is really working. We use one-time web addresses to reveal exactly which servers handle your DNS, and catch any that slip through your provider instead.

Your Baseline

Public IP
Loading...
ISP / Organization
...
Location
...

* It's a leak when one of the servers found below belongs to this same provider.

Test ID: ---
Status: Ready

Live Results

0 Resolvers

Ready to Scan

Click "Start Analysis" to generate 6 unique DNS queries and trace their path through the network.

How This Test Works: Accuracy & Privacy

A Brand-New Address Every Time

Each test hands your device a one-time web address that has never existed before (like a8f3b1c9-leak.dnsdoh.art). Older test sites can be fooled because your browser remembers addresses it has already seen. Ours can't be remembered, because it's brand new, so your device has no choice but to ask a DNS server where to find it. Whoever looks it up is the server really handling your traffic, and that's exactly what we catch.

Gentle on Your Connection

Some tests flood your connection with 50+ requests at once, which lags your browser and triggers false alarms. We send just a small, carefully spaced set of requests instead. That's still enough to uncover tricky setups, like big providers (Google, Cloudflare) that answer from many servers at once, without ever slowing you down.

One-Time Addresses WebRTC / OS Resolver Check Cache-Proof

ISP Snooping (Proxies)

Even after you switch to a private DNS, some providers quietly grab DNS requests as they leave your network and push them through their own servers, so they can still see the sites you visit. If that's happening, your provider's name shows up in the results above even though you never chose it. That's the giveaway.

Windows & VPN Conflicts

To feel faster, computers (Windows especially) sometimes use your VPN and your normal Wi-Fi at the same time. When that happens, some requests slip out through your real connection instead of the VPN. If you're on a VPN but your home provider still shows up above, this is usually why.

The Fix: Encrypted DNS

Encrypted DNS seals your requests inside encryption, so your provider can't read them or swap in their own servers. Look for DoH (over HTTPS), DoH3 (over HTTP/3), DoT (over TLS), or DoQ (over QUIC). Any of them keeps your browsing private. If this test shows only the resolver you expect, it's working.