ping123 Transparent IP Check
Auto IP check No silent WebRTC

Manual VPN resolver check

DNS leak test

A DNS leak test shows whether your browser appears to resolve domains through the DNS path you expected. Use it after connecting a VPN, proxy, corporate network, or public Wi-Fi to catch ISP resolver exposure and country mismatches before sensitive browsing.

Run DNS leak test Open full IP leak test

Example ping123 result screenshot

The screenshot below uses the designated sample IP 89.116.88.34, not a current visitor IP. Use it as a visual reference for the fields explained on this page.

ping123 DNS leak test result showing resolver cards, provider, country, and leak consistency
DNS leak results are most useful when compared with public IP, VPN region, timezone, and browser profile.

What a DNS leak test checks

DNS turns domain names into IP addresses. If those lookups still go to your original ISP while the public IP uses a VPN exit, the session can reveal a network path you did not intend to expose.

The ping123 DNS workflow is manual: resolver-check requests are made only after you choose to run them, and the page explains whether the observed resolver path looks consistent.

How to read resolver results

A resolver from your VPN provider, chosen secure DNS provider, or expected corporate network can be normal. A resolver from your home ISP while the VPN is connected is a stronger leak signal.

Country mismatch matters when account region or privacy consistency matters. A public IP in one country and DNS in another country may trigger extra checks even if both services are legitimate.

Fix the exact DNS cause

DNS problems often come from browser secure DNS, router settings, operating system DNS, VPN split tunneling, or corporate policy. Change one setting at a time and rerun the test so you know what fixed the resolver path.

After DNS looks correct, run WebRTC and IP leak checks before logging into sensitive accounts.

What the result fields mean

Resolver IP The DNS resolver address observed by the manual test.
Resolver provider The organization or ISP associated with that resolver.
Resolver country The approximate country of the resolver network.
ISP DNS DNS operated by your original network provider.
VPN DNS DNS routed or provided by the VPN service.
Secure DNS Browser or OS-level encrypted DNS that can override VPN DNS.

Normal signals vs. risk signals

Usually normal

  • Resolver provider matches the VPN, trusted secure DNS, or expected managed network.
  • Resolver country is consistent with the public IP country and session purpose.
  • The original ISP resolver does not appear while the VPN is active.
  • Repeating the same test returns stable resolver results.

Needs attention

  • DNS still points to the home ISP while the public IP uses a VPN.
  • Resolver country conflicts with the account region or VPN country.
  • Browser secure DNS bypasses VPN resolver settings unexpectedly.
  • Router or corporate DNS policy forces a resolver you did not intend to use.

Next action

Check DNS after every network change

DNS leaks are easy to miss because the public IP can look correct while resolver traffic tells a different story.

Open full IP leak test

Fixes and next steps

DNS leak Turn on DNS leak protection in the VPN or proxy client, disable browser Secure DNS if it bypasses the tunnel, set system DNS to the provider's DNS or a trusted encrypted resolver, then rerun the DNS check.
WebRTC leak Limit or disable WebRTC direct candidates, use a browser profile that blocks WebRTC IP exposure, restart the browser, then rerun the WebRTC check before logging in.
Datacenter ASN If the task needs a consumer-looking account environment, switch from a datacenter/VPS ASN to a stable residential, mobile, or dedicated ISP exit and keep the region consistent.
Blacklist or abuse history Do not keep using a high-risk or listed IP for important accounts. Change the IP range or provider, wait for reputation to stabilize, and retest before continuing.
Timezone or language mismatch Align the IP country, system timezone, browser language, account region, and DNS/WebRTC routes so the session tells one consistent location story.
  1. Enable DNS leak protection in the VPN client.
  2. Disable browser secure DNS if it conflicts with your VPN resolver.
  3. Set OS DNS to the VPN provider or a trusted encrypted resolver.
  4. Check router DNS settings when every browser shows the same unexpected resolver.
  5. Restart the browser after DNS changes and rerun the same test.
  6. Pair DNS results with WebRTC and public IP checks before sensitive logins.

FAQ

What is a DNS leak?

A DNS leak happens when resolver requests use a network path outside the VPN or privacy route you expected.

Is public DNS a leak?

Not always. Public DNS can be intentional, but it should be expected and consistent with your session.

Why does secure DNS change my result?

Browser or OS secure DNS can override VPN DNS settings and send lookups to another provider.

Should I test DNS on public Wi-Fi?

Yes. Public Wi-Fi, captive portals, and managed routers can force DNS behavior that differs from your VPN settings.

What should I test after DNS?

Run a WebRTC leak test, public IP check, and browser privacy check to catch non-DNS mismatches.

Before you continue

Run the manual DNS probe before you trust the session

ping123 keeps DNS testing explicit so resolver checks happen only when you choose to run them.

Run DNS leak test Open full IP leak test