How to prevent DNS leaks
Privacy Windows Linux Android Mobile macOS Desktop iOS Router DNS
Last updated:
If you have a DNS leak it means that you are using a DNS server that does not belong to Mullvad. This guide will tell you about the most common causes for this so you can prevent it.
You can read about why this is important from a privacy perspective in our guide All about DNS servers and privacy.
How to check for DNS leaks
You can use the Mullvad Connection check to look for DNS leaks. The result can be one of the following:
🟢 Green - "No DNS leaks"
This means that your web browser does not have any DNS leaks. No further action is required.
🟡 Yellow - "Failed to check for DNS leaks"
This means that the DNS leak test was not able to look for DNS leaks due to a technical problem. You can try to open the Connection check again in a new private window, or in another web browser.
🔴 Red - "Leaking DNS servers"
This means that you have a DNS leak. Click on the red box to expand it. Read the information below about what causes DNS leaks to see how you can stop it. If you need help then send a screenshot of the IP addresses to support@mullvadvpn.net. You can also look up the IP addresses at MaxMind to find out who they belong to.
What can cause a DNS leak
The Mullvad app
The Mullvad VPN app protects you from DNS leaks, unless you enable Use custom DNS server in the Mullvad app settings.
Web browsers
Many web browsers have a setting for enabling or disabling DNS over HTTPS. In Chrome based browsers it's called Secure DNS. Read the steps below to make sure that you have disabled that.
Firefox on desktop
To turn off DNS over HTTPS follow these steps:
- Click on the menu button and select Settings.
- Click on Privacy & Security in the left column.
- Scroll down to the bottom. Under Enable secure DNS, click on Off.
Mozilla has currently enabled DNS over HTTPS using Cloudflare DNS by default in Firefox in the following countries:
- United States
- Canada
- Russia
- Ukraine
Chrome on desktop
- Click on the menu button with three vertical dots in the top right corner.
- Click on Settings.
- Click on Privacy and security in the left column.
- Click on Security.
- Turn off "Use secure DNS".
Brave on desktop
- Click on the menu button with three horizontal lines in the top right corner.
- Click on Settings.
- Click on Privacy and security in the left column.
- Click on Security.
- Turn off "Use secure DNS".
Microsoft Edge on desktop
- Click on the menu button with three horizontal dots in the top right corner.
- Click on Settings.
- Click on Privacy, search, and services in the left column.
- Scroll down to Security.
- Turn off "Use secure DNS to specify how to lookup the network address for websites".
Browser extensions
If you have installed a browser extension that can change the DNS, for example CIRA Canadian Shield, then turn that off.
Anti-virus, firewalls, other VPN, networking or DNS software
Some third party apps has built in DNS hijacking.
Avast Premium Security
Find instructions for turning off Real Site on the Avast website.
AVG Internet Security
Find instructions for turning off Fake Website Shield on the AVG website.
F‑Secure Internet Security
If you see DNS leaks to Amazon servers then it may be caused by F-Secure. Try to uninstall it.
Portmaster
Portmaster hijacks DNS queries. Try to uninstall that.
Android
Chrome on Android
- Tap on the menu button with three vertical dots in the top right corner.
- Tap on Settings.
- Tap on Privacy and security.
- Tap on Use secure DNS.
- Turn off "Use secure DNS".
Brave on Android
- Tap on the menu button with three vertical dots in the top right corner.
- Tap on Brave Shields & privacy.
- Under "Other privacy settings", tap on Use secure DNS.
- Turn off "Use secure DNS".
Private DNS
Android 9 and newer has a Private DNS feature which uses DNS over TLS (DoT).
- Open the Android Settings app.
- Tap on Network & internet.
- Tap on Private DNS.
- Tap on Off.
- Tap on Save.
Windows 11
If you have enabled a DNS over HTTPS server in the Windows 11 settings then disable that. You can right-click on the Command Prompt and select "Run as administrator" and then run this command:
netsh dns add global doh=no
Then verify it with this command:
netsh dns show global
Linux
If you see an IPv6 DNS address then try to enable IPv6 in the Mullvad app settings, or disable IPv6 in Linux.
Routers
If you have configured your router to connect to Mullvad VPN using WireGuard or OpenVPN, then you can find help in the Troubleshooting section of our router guides if you get a DNS leak.
- Asus Merlin and Mullvad VPN
- WireGuard on a router (OpenWrt)
- OpenWrt routers and Mullvad VPN (OpenVPN)