.css-19iw1i2{box-sizing:border-box;margin:0;min-width:0;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;position:-webkit-sticky;position:sticky;top:0rem;width:100%;height:7.2rem;padding-left:1.2rem;padding-right:1.2rem;font-size:1.2rem;font-weight:700;background:linear-gradient(180deg, rgba(1, 8, 24, 0.00) 0%, rgba(1, 8, 24, 0.30) 100%),#E93349;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;text-align:center;-webkit-box-pack:center;-ms-flex-pack:center;-webkit-justify-content:center;justify-content:center;z-index:0;color:var(--theme-ui-colors-commonWhite);}@media screen and (min-width: 48em) and (min-height: 36em){.css-19iw1i2{height:6.9rem;}}@media screen and (min-width: 70em) and (min-height: 36em){.css-19iw1i2{height:6.9rem;}}Warning: It looks like JavaScript is disabled in your browser. For the best experience, please enable JavaScript.

DNS Leak Test

Check your DNS privacy with an instant DNS leak verification test.

What is a DNS leak?

A DNS leak occurs when your Domain Name System (DNS) requests bypass your usual DNS resolvers. If a DNS leak occurs, these queries are sent directly to your ISP or other third-party DNS servers. This unintended exposure allows these entities to log your browsing habits, view websites you've visited, and potentially sell this data.

What causes a DNS leak?A DNS leak occurs when DNS queries (requests for translating domain names to IP addresses) are inadvertently sent through a network path not intended for privacy or security. This usually happens due to:

Incorrect network configurationsMisconfigured operating systems or network settings might route DNS requests through default or unintended servers.

Transparent DNS proxiesSome ISPs or network providers enforce their own DNS servers, intercepting and handling queries regardless of user settings.

Manual DNS setup errorsUsers who manually configure their network settings might accidentally point DNS queries to insecure servers.

IPv6 issuesDevices configured for both IPv4 and IPv6 might unintentionally send DNS queries via IPv6 even if IPv4 is secured.

Software conflicts or misconfigurationsCertain apps or security software might override DNS settings, causing requests to bypass intended secure channels.

These scenarios can expose a user's browsing habits or online activities by sending DNS queries through unintended, unsecured channels.

How can I guard against DNS leaks?

Use Trusted DNS ProvidersConfigure your devices or routers to use reliable DNS providers like Control D.

Disable IPv6IPv6 requests sometimes bypass intended security configurations. Temporarily disabling IPv6 prevents DNS queries from routing through unsecured IPv6 networks.

Check and Secure Router SettingsEnsure your router settings are manually configured to trusted DNS servers instead of relying on default ISP-provided DNS, which might redirect or intercept queries.

Use Encrypted DNSImplement DNS over HTTPS (DoH) or DNS over TLS (DoT) to encrypt your DNS queries, making it harder for ISPs or third parties to intercept or track DNS requests.

Regular DNS Leak TestingFrequently test your connection using DNS leak detection tools (e.g., dnsleaktest.com, browserleaks.com) to ensure DNS requests aren’t leaking unexpectedly.

Firewall ConfigurationConfigure firewall rules to block DNS queries from going out through unwanted channels or to restrict queries exclusively to trusted DNS servers.

What are the dangers of DNS leaks?DNS leaks can lead to several privacy and security dangers, including:

Exposure of Browsing HabitsDNS queries reveal the websites or services you access, allowing third parties or network providers to track and log your browsing patterns.

Increased Risk of SurveillanceGovernments, ISPs, or unauthorized entities could intercept DNS requests, enabling monitoring and profiling of your online activities.

Potential for Targeted AttacksMalicious actors can exploit exposed DNS queries to perform man-in-the-middle attacks or redirect your traffic to harmful sites.

Reduced Data PrivacyPersonal data, interests, and online behavior revealed by DNS leaks can be collected and sold by third-party advertisers or data brokers.

Censorship and Content BlockingDNS leaks make it easy for ISPs or restrictive regimes to identify and block specific content or websites you are trying to access.

Vulnerability to DNS SpoofingA leaked DNS request could be manipulated or redirected by attackers, leading you to fraudulent or malicious websites without your knowledge.

Protect against DNS leaks with Control D

Block unwanted content, spoof your location and browse faster.

Got a question in mind?

Frequently asked questions

DNS leaks expose your online activity to third parties. Every time you visit a website, your device asks a DNS server to translate the domain name into an IP address. If your system bypasses Control D and uses your ISP's default DNS, they can still log every site you attempt to visit. That means your browsing habits, interests, and even timestamps can be collected and monetized. A DNS leak undermines the privacy and control you thought you had. That's why leak testing is crucial.

A DNS leak happens when your operating system or network configuration routes DNS requests outside of your designated resolver. This often occurs when a device reverts to a default resolver (like your ISP or Google DNS) due to network hiccups, misconfigured settings, or software that ignores custom DNS preferences. Some routers also override DNS settings entirely, forcing all traffic through their own resolvers. If you're on public Wi-Fi, you're even more vulnerable. Without DNS over HTTPS or DNS over TLS enforcing encrypted routes, your device might silently leak DNS requests to whoever's running the network.

Not directly — DNS leaks don't reveal your IP in the same way a web tracker might. But they do expose where your DNS queries are going, and that's a big deal. If those queries are routed through your ISP or another third party, they can tie those requests back to your subscriber account, which does lead to your real-world identity. Even if your browsing traffic is encrypted (via HTTPS), a DNS leak creates a metadata trail that can be used to profile you.

First, use a DNS leak test (like the one on this page) to confirm whether you're leaking. If you are, the fix is simple: make sure your device or router is correctly configured to use only Control D's DNS resolvers. Use DNS-over-HTTPS (DoH) or DNS-over-TLS (DoT) to encrypt and lock your DNS traffic so it can't be hijacked or redirected. If you're using Control D on a router, disable DNS rebind protection or DNS override features that force default resolvers. For more robust protection, enable "Secure DNS" options in your browser to enforce system-wide rules.

DNS leaks don't just put your privacy at risk, they can expose you to surveillance, targeted ads, censorship, and even cyberattacks. ISPs and governments can log your DNS requests to build profiles, throttle content, or block access to specific websites. Ad networks can track which services you use based on your DNS history. In corporate environments, DNS leaks can unintentionally reveal internal infrastructure or employee activity to outsiders. And if DNS requests go unencrypted or to an untrusted resolver, attackers can spoof responses and redirect you to phishing sites or malware. Control D prevents all of this.

DNS Leak Test

Protect against DNS leaks with Control D

Block unwanted content, spoof your location and browse faster.

Frequently asked questions

Why should I care about DNS leaks?

How does a DNS leak happen?

Can DNS leaks expose my real IP address?

How do I fix a DNS leak?

What are the dangers of DNS leaks?