See the public IP and network operator this site observes. This cannot identify your DNS resolver or prove whether a VPN is active.
The Domain Name System is a distributed naming system described by RFC 1034 and RFC 1035. A resolver can answer queries from cache, so a navigation does not necessarily create a new upstream DNS query.
A DNS leak is resolution occurring through a path outside the privacy or VPN configuration the user intended. Identify the resolver with a purpose-built test, then compare it with the provider's documented expected resolver. What a resolver can record and how long it retains data depend on the provider and query.
This tool makes several first-party requests and reports the public egress our Cloudflare edge sees: public IP, ASN organization, and approximate request location. It reports whether those samples stay consistent. An ASN name cannot reliably distinguish an ISP, VPN, proxy, hosting connection, or carrier-grade NAT, and browser JavaScript cannot observe the recursive DNS resolver. For a resolver-level audit, use a test recommended by your VPN provider.
It is DNS resolution occurring through a resolver path outside the privacy or VPN configuration you intended. Confirm it with resolver-level evidence and the provider's documented expected path.
Confirm the resolver with a resolver-level test, then follow your VPN provider's current DNS and IPv4/IPv6 instructions. DoH or DoT can encrypt DNS transport but does not by itself prove VPN routing.
DNS is the distributed naming system described by RFC 1034 and RFC 1035. Queries can retrieve address records and other data, and cached answers can avoid a new upstream query.
Compare a resolver-level result with the VPN or privacy configuration's documented expected resolver. Data handling depends on that resolver's policy.
Use a resolver-level test recommended by your VPN provider. The button above checks only the public egress observed by this site and cannot classify it reliably as ISP or VPN.