DNS leak test
When you visit a site, your computer first asks a DNS resolver to translate the name into an IP. If that resolver belongs to your ISP, your VPN may be leaking — even if your traffic is encrypted.
What is a DNS leak?
A DNS leak happens when your DNS queries skip the VPN tunnel and go straight to your ISP's resolver. Your traffic stays encrypted, but your ISP can still see every domain you visit. It's the difference between a sealed envelope addressed to "192.0.2.42" and a sealed envelope addressed to "drugstore.example.com" — the contents are private, the destination is not.
Common causes: misconfigured operating systems (especially older Windows builds), browsers that route DNS-over-HTTPS to a non-VPN endpoint, and split-tunnel apps that selectively bypass the VPN.
How PlanetProxy prevents leaks
Every PlanetProxy app forces all DNS through our private resolvers, blocks IPv6 unless your tunnel supports it, and trips the kill-switch the instant a query escapes the tunnel. Our resolvers run in RAM and never write a query to disk.
You don't have to remember any of that. Tap connect; the lock turns green; the leak is gone.
A note on this test
A complete leak test needs to query randomized subdomains under our control so we can see which resolvers your OS reached. This page tells you which Cloudflare edge handled your request — useful, but not a full audit. The full multi-resolver tester is rolling out alongside the next Atlas release.