How to Test Your VPN for DNS & WebRTC Leaks (3 Free Tools)

By Alex Morgan, Cloud Security Researcher
Last Updated: May 2026 · 7 min read

You might think your VPN is working. The icon says connected. Your IP address shows a different country. But VPNs can leak — silently exposing your real IP and browsing history without any visible warning. I run leak tests on every VPN I review. Here are the three free tools I use, what they catch, and how to fix leaks if you find them.

What Is a DNS Leak?

When you type a website address, your computer asks a DNS server to translate it into an IP. Normally, this request goes through your VPN's encrypted tunnel. A DNS leak means the request bypasses the VPN and goes through your ISP's DNS servers instead. Your ISP can now see every website you visit — even though your traffic is "encrypted." It's like writing letters in code but mailing them from your home address with a return label.

What Is a WebRTC Leak?

WebRTC is a browser feature for real-time communication (video calls, voice). It can bypass your VPN and reveal your real local IP address to websites. Even if your VPN is working perfectly for everything else, WebRTC can expose you. This affects all major browsers — Chrome, Firefox, Edge, Brave — unless you disable it.

Tool 1: ipleak.net

My go-to. Shows your IP address, DNS servers, WebRTC leaks, and geolocation on one page. Connect your VPN, visit ipleak.net, and look at three things:

Your IP addresses: Should all be the VPN server's IP, not your real one.
DNS Addresses: Should belong to the VPN provider, not your ISP.
WebRTC detection: Should show the VPN IP, not your local 192.168.x.x address. If you see your local IP here, you have a WebRTC leak.

Tool 2: browserleaks.com

More detailed. Visit browserleaks.com/webrtc for a dedicated WebRTC leak test. It shows exactly what IP addresses WebRTC is exposing. Also check their DNS test and IP geolocation.

Tool 3: dnsleaktest.com

Simple and reliable. Visit dnsleaktest.com and click "Extended Test." It queries 50+ DNS servers and shows you which ones responded. If any belong to your ISP (look for names like Comcast, AT&T, BT, Telkom), you have a DNS leak.

How to Fix Leaks

If you find a DNS leak:

Enable "DNS leak protection" in your VPN settings (most paid VPNs have this).
Switch to your VPN's own DNS servers instead of your ISP's.
In Windows, manually set DNS to 1.1.1.1 (Cloudflare) or 9.9.9.9 (Quad9) as a fallback.

If you find a WebRTC leak:

Disable WebRTC in your browser settings (Firefox: media.peerconnection.enabled = false in about:config).
Install a WebRTC leak shield browser extension.
Use a VPN with built-in WebRTC blocking (Proton VPN, Mullvad).

Run all three tests every time you install a new VPN — including the "trusted" ones. I caught a DNS leak from a well-known paid VPN during a review last year. Their support confirmed it was a bug and patched it. Without the test, I wouldn't have known for months.

Some links may be affiliate links. See our Affiliate Disclosure.

Questions about VPN leak testing? Reach us at contact@viperstream.cloud.