How to prevent DNS leaks

PRIVACY

Last updated: 6 September 2022


This guide explains how to keep yourself safe from DNS leaks. For a more general overview, read about why DNS servers are important from a privacy perspective in our guide All about DNS servers and privacy.

Firefox users  Please note the section below pertaining to you.

About DNS leaks

If you are using the Mullvad VPN app it normally protects you from DNS leaks, unless you enable "Use custom DNS server" in the settings.

However if you are using DNS over HTTPS (DoH) or DNS over TLS (DoT) the app can’t prevent those DNS leaks. If you want to use that then you can use our DoH and DoT server. See the guide DNS over HTTPS and DNS over TLS.

You can visit our Connection check to see whether or not you are leaking information.

Firefox on desktop

Firefox may send DNS requests to Cloudflare by default. To prevent that follow these instructions.

  1. In a Firefox browser window, click the menu button in the top right corner and choose Options or Preferences.
  2. In the search box, type “network”, then click on the Settings... button in the result.
  3. At the bottom, uncheck the box next to Enable DNS over HTTPS.

Chrome and Brave

Chrome may send DNS requests to your Internet provider by default. To prevent that follow these instructions.

Chrome on desktop

  1. Click on the menu button with three vertical dots in the top right corner.
  2. Click on Settings.
  3. Click on Privacy and security in the left column.
  4. Click on Security.
  5. Turn off "Use secure DNS".

Brave on desktop

  1. Click on the menu button with three horizontal lines in the top right corner.
  2. Click on Settings.
  3. Click on Additional settings in the left column.
  4. Click on Privacy and security.
  5. Click on Security.
  6. Turn off "Use secure DNS".

Chrome and Brave on Android

  1. Tap on the menu button with three vertical dots in the top right corner.
  2. Tap on Settings.
  3. Tap on Privacy and security.
  4. Tap on Use secure DNS.
  5. Turn off "Use secure DNS".

Edge on desktop

Edge may send DNS requests to your Internet provider by default. To prevent that follow these instructions.

  1. Click on the menu button with three horizontal dots in the top right corner.
  2. Click on Settings.
  3. Click on Privacy, search, and services in the left column.
  4. Scroll down to Security.
  5. Turn off "Use secure DNS to specify how to lookup the network address for websites".

Android 9 and newer

Android has as Private DNS feature which uses DNS over TLS (DoT) which overrides the DNS of the Mullvad app. We recommend that you either turn it off, or set it to our DoT server.

Follow the steps to use our DNS over TLS server:

  1.     Open your device’s Settings.
  2.     Go to Network & internet > Advanced > Private DNS.
  3.     Select Private DNS provider hostname.
  4.     In the textbox, type in doh.mullvad.net or adblock.doh.mullvad.net
  5.     Click Save.