Every time you enter a domain name into the address bar of your browser, click on a link, or download a picture or another resource from a website, you are most likely using the Domain Name System (DNS).
Your browser uses its configured DNS server to look up the IP address of that resource. The IP address, in turn, is used to download the resources you requested.
A normal website today is full of links to resources on the same site and other third-party sites. This means your DNS server, or servers, will be contacted frequently.
Since your browser contacts the DNS server for each and every new domain name request, the DNS server will know which pages you are visiting and what resources you are looking at. Therefore, you are constantly leaking information to your DNS server provider about what you are doing and when.
Usually the DNS server belongs to your Internet Service Provider (ISP) or a big company like Google.
An easy way to check whether or not you're safe from DNS leaks is to head over to our Am I Mullvad site.
Because of the privacy issues mentioned above, Mullvad has its own public non-logging DNS server at the following IP address: 22.214.171.124.
We also have a DNS server running on each VPN server that can only be accessed via the tunnel on this address: 10.8.0.1 (or any other address matching 10.x.0.1).
Once you've followed the instructions below for your operating system, use our online Am I Mullvad tool to check that you are safe from DNS leaks.
If you are using our VPN app, you don't need to do anything as DNS leak protection is always on. There is no option to disable it.
If you are using another VPN client or a router to access Mullvad, please set your DNS to 126.96.36.199 to point toward Mullvad's DNS server. This ensures that you don't leak information to a DNS server about which sites you are visiting. This means that our DNS server is always used, so if your traffic for some reason ends up on the public internet, it goes to our non-logging DNS server.
It's worth noting that all our VPN servers hijack calls to our public DNS server and that the DNS requests are processed on a local non-logging DNS server installed on that VPN server. This is done to process requests faster and to leak less information to the internet.