Will changing my DNS server stop a DNS leak?

Often, yes — pointing your browser or system to a trusted resolver like Cloudflare (1.1.1.1) and enabling encrypted DNS closes the most common leaks. If your VPN or an ISP proxy is the cause, you may also need to enable your VPN's DNS leak protection.

Do I need to fix DNS leaks on every device?

DNS settings are per-device (and per-browser for secure DNS). Changing it on your laptop won't protect your phone. To cover everything at once, change DNS at the router level instead.

How do I know my DNS leak is fixed?

Re-run a DNS leak test after making the change. If the DNS servers shown belong to your chosen provider or VPN — not your ISP — the leak is fixed.

How to Fix DNS Leaks in Chrome, Brave & Firefox

What is a DNS Leak?

A DNS leak occurs when your browser sends Domain Name System (DNS) queries outside your VPN's encrypted tunnel. This means your Internet Service Provider (ISP) can see which websites you're visiting, even if you're connected to a VPN.

Real-World Example: You connect to a VPN to browse privately, but your browser still uses your ISP's DNS servers. Your ISP logs that you visited "reddit.com" and "youtube.com" even though your IP address is hidden.

Why DNS Leaks Happen

Most browsers are configured to use your ISP's DNS servers by default. When you connect to a VPN, the VPN should route all your traffic — including DNS queries — through its encrypted tunnel. However, if your browser isn't configured correctly, DNS queries can "leak" outside the tunnel.

Default settings: Browsers use system DNS by default (usually your ISP)
Split tunneling: Some VPNs allow DNS to bypass the tunnel
IPv6 leaks: IPv6 DNS queries may not be routed through VPN
Browser extensions: Some extensions override DNS settings

How to Fix DNS Leaks in Chrome

Google Chrome and Chromium-based browsers (like Brave and Edge) support DNS-over-HTTPS (DoH), which encrypts DNS queries and prevents leaks.

Step 1: Open Chrome Settings

Click the three-dot menu (⋮) in the top-right corner
Select Settings
In the left sidebar, click Privacy and security
Click Security

Step 2: Enable Secure DNS

Scroll down to the "Use secure DNS" section
Toggle the switch to ON
Select "With custom" option
Choose a DNS provider from the dropdown:
- Cloudflare (1.1.1.1) – Fastest, privacy-focused
- Google (8.8.8.8) – Reliable but less private
- Quad9 (9.9.9.9) – Blocks malicious sites

Recommended: Use Cloudflare (1.1.1.1) for the best balance of speed and privacy. It doesn't log your browsing activity and is independently audited.

Step 3: Restart Chrome

Close all Chrome windows completely
Reopen Chrome
Reconnect to your VPN

How to Fix DNS Leaks in Brave

Brave is based on Chromium and follows the same process as Chrome.

Open Brave Settings → Privacy and security → Security
Enable "Use secure DNS"
Select Cloudflare (1.1.1.1) or Quad9
Restart Brave and reconnect to VPN

How to Fix DNS Leaks in Firefox

Firefox has built-in support for DNS-over-HTTPS (DoH) and calls it "DNS over HTTPS."

Step 1: Open Firefox Settings

Click the three-line menu (☰) in the top-right corner
Select Settings
In the left sidebar, click Privacy & Security

Step 2: Enable DNS over HTTPS

Scroll down to "DNS over HTTPS"
Select "Max Protection" (recommended)
Choose a provider:
- Cloudflare (default)
- NextDNS (advanced blocking)

Step 3: Restart Firefox

Close Firefox completely
Reopen Firefox
Reconnect to your VPN

How to Test Your DNS Leak Fix

After configuring secure DNS, you need to verify that your DNS queries are no longer leaking.

Connect to your VPN
Visit WhatsMyInfo.app
Click "Scan All" or run the DNS leak test
Check the results:
- ✅ Safe: DNS queries are secure (no leak detected)
- ❌ Leaking: Your ISP's DNS servers are visible (leak detected)

If the test shows "Leaking," double-check your browser settings and make sure secure DNS is enabled. Also verify that your VPN includes DNS leak protection in its settings.

Alternative: Configure VPN-Level DNS Protection

Most quality VPNs include built-in DNS leak protection. Enable this in your VPN settings as an additional layer of security:

NordVPN: Settings → Advanced → DNS leak protection (enabled by default)
ProtonVPN: Uses its own DNS servers automatically
Mullvad VPN: Advanced → Block connections without VPN
Surfshark: Settings → VPN settings → DNS leak protection

Combining browser-level secure DNS with VPN-level protection gives you the strongest defense against DNS leaks.

Common Mistakes to Avoid

1. Forgetting to Restart Your Browser

DNS settings don't always apply immediately. Always close and reopen your browser after making changes.

2. Using Untrusted DNS Providers

Avoid random DNS providers. Stick to reputable services like Cloudflare, Quad9, or your VPN's DNS servers.

3. Not Testing After Changes

Always run a DNS leak test after configuring secure DNS. Don't assume it's working — verify it.

Best VPNs with Built-In DNS Leak Protection

If you don't have a VPN yet or your current VPN doesn't protect against DNS leaks, consider these options:

ProtonVPN – Runs its own DNS servers, open-source, strict no-logs policy
Mullvad VPN – Anonymous signup, strong leak protection, flat-rate pricing
NordVPN – DNS leak protection enabled by default, independently audited
Surfshark – Unlimited devices, CleanWeb blocks ads and trackers

Compare features, pricing, and security on our Compare VPN Services page.

Final Checklist

✅ Secure DNS enabled in browser (Cloudflare or Quad9)
✅ Browser restarted after changes
✅ VPN DNS leak protection enabled (if available)
✅ DNS leak test shows "Safe" at WhatsMyInfo.app
✅ IPv6 disabled (if not supported by VPN)

If all items are checked, your DNS queries are now secure and won't leak to your ISP.

How to Fix DNS Leaks in Chrome, Brave, and Firefox

Quick Summary