This guide explains how to keep yourself safe from DNS leaks and why it matters from a privacy perspective.
Instructions to prevent DNS leaks
Mullvad VPN app users
If you are using the Mullvad VPN app, you are automatically safe from DNS leaks. However if you use 'DNS over HTTPS' or 'DNS over TLS' then the app cannot prevent that.
Using a router or other VPN software?
If you are using a router or other VPN software (such as OpenVPN) to access Mullvad’s servers, simply point it toward Mullvad’s own public, non-logging DNS server.
- Mullvad’s DNS server IP: 184.108.40.206
For more information see our router guides.
We also have a DNS server running on each VPN server that can only be accessed via the tunnel on this address for OpenVPN: 10.8.0.1 (or any other address matching 10.x.0.1) and 10.64.0.1 for WireGuard servers.
Firefox users in the U.S.
You are at risk of leaking DNS requests to Cloudflare, no matter which Mullvad setup you have. To prevent this, open Firefox Options > General > Network settings > Settings, then deselect “Enable DNS over HTTPS.”
You can then visit am.i.mullvad.net to easily check whether or not you’re leaking information.
Why are DNS servers important from a privacy perspective?
A DNS (Domain Name System) server is the first point of contact that your browser makes when you try to access information over the Internet. This is the case for every URL you visit, every file you download, and every image that loads on a website, including ads.
Since your browser contacts the DNS server for each and every new domain name request, the DNS server will know which pages you are visiting and what resources you are looking at. Therefore, you are constantly leaking information about what you are doing and when to your DNS server provider, which is usually your ISP (Internet Service Provider) or a big company like Google.
Using Mullvad’s DNS server ensures that you don't leak information to a DNS server provider that may be logging which sites you are visiting. And if, for some reason, your traffic ends up on the public internet, it goes to our non-logging DNS server.
It's worth noting that all our VPN servers hijack calls to our public DNS server and that the DNS requests are processed on a local non-logging DNS server installed on that VPN server. This is done to process requests faster and to leak less information to the internet.