DNS leak test

Name: Doppler VPN
Brand: Doppler VPN
Price: 7.99 USD
Availability: InStock

If your DNS queries skip the VPN tunnel, your internet provider still sees every site you visit — even with the VPN connected. Here is how to check and fix it.

Recommended DNS leak test

We do not run our own DNS probe because doing it well requires controlled wildcard subdomains across multiple resolvers. Use the trusted third-party tool below — it is independent and does not require an account.

Open dnsleaktest.com Open browserleaks.com/dns

Click "Extended test" on dnsleaktest.com. The result should list only the VPN provider's DNS server(s) — not your ISP. If you see Comcast, Verizon, Vodafone, or any other consumer ISP in the results, your DNS is leaking.

What is a DNS leak?

When you type a URL, your device first asks a DNS server for the IP address of that domain. If the DNS query goes through the VPN tunnel, your ISP sees only encrypted traffic. If it skips the tunnel — a DNS leak — your ISP sees every domain you visit, even though the connection that follows is encrypted. Censored networks often inspect DNS queries to enforce blocklists, so a DNS leak is fatal in those environments.

What causes DNS leaks?

Three common causes: (1) The VPN client sets its own DNS resolver but the OS ignores it and uses the resolver assigned by the local network. (2) IPv6 traffic is not tunneled, so IPv6 DNS queries leak around the VPN. (3) Browsers like Chrome and Firefox can use "smart" DNS routing (DNS-over-HTTPS) that bypasses system DNS settings entirely.

How to fix a DNS leak

Use a VPN that owns its DNS infrastructure and forces all DNS queries through the tunnel (Doppler does this by default on every platform). Disable IPv6 in your OS network settings if your VPN does not support IPv6 tunneling. In your browser, set DNS-over-HTTPS to use the same provider as your VPN, or disable it. On routers, set the upstream DNS to a privacy-respecting resolver (Quad9, Cloudflare 1.1.1.1) only if you are not running a VPN at the device level.

Doppler's DNS guarantees:

All DNS queries are forced through the VPN tunnel — no system-DNS leaks.
IPv6 is either tunneled or blocked, never leaked.
Our DNS resolvers do not log queries.
We block DNS-over-HTTPS bypass attempts from browsers when the kill-switch is on.

FAQ

Why is a DNS leak worse than an IP leak?+

An IP leak reveals one address. A DNS leak reveals every domain you visit — every site, every API call, every analytics endpoint — in plaintext to your ISP and anyone on the path. For users in censored networks, DNS-level blocklists are the most common enforcement mechanism, which makes DNS leaks the failure mode that gets people caught.

How can I tell if my DNS is leaking right now?+

Run the extended test at dnsleaktest.com. It issues several queries to wildcard subdomains and tells you which resolvers answered them. If you see your ISP's name (or any name that does not match your VPN provider), DNS is leaking. Repeat the test with and without the VPN to confirm.

Does Doppler VPN leak DNS?+

No. We push our own resolvers through the tunnel on every platform and block fallback to system DNS. We also disable browsers' DNS-over-HTTPS bypass when our kill-switch is active. Independent leak tests at dnsleaktest.com and browserleaks.com confirm this — feel free to verify.

What is DNS-over-HTTPS (DoH) and how does it relate to leaks?+

DoH is a protocol that sends DNS queries over an encrypted HTTPS connection, bypassing the system DNS resolver. Browsers like Chrome and Firefox use DoH by default, often routing queries to Google or Cloudflare regardless of your VPN. This is a leak unless your VPN explicitly handles it. Doppler intercepts DoH attempts and routes them through the tunnel.

Do I need a separate DNS service if I use a VPN?+

No. A well-configured VPN handles DNS for you. Using a separate DNS service (Quad9, Cloudflare) on top of a VPN can actually cause leaks if the OS routes the DNS query around the tunnel. Trust the VPN's resolvers — if you do not trust them, use a different VPN.

How often should I test for DNS leaks?+

After every VPN setup or OS update. Tunneling configurations can break silently — a system update can switch your network stack to a leaky path without telling you. Quarterly checks are a reasonable cadence for ongoing users; weekly if you live in a heavily censored network where the cost of a leak is high.

What is my IP?

See exactly what your VPN is hiding from websites.

WebRTC leak test

Hidden IP, hidden DNS, but a WebRTC leak still exposes you.

Bypass internet censorship

DNS leaks are how blocklists catch you. Read how Doppler avoids them.