Investigator Use
DNS Leak Test (dnsleak.com) is a diagnostic tool that tests whether a VPN or proxy connection is properly routing DNS queries through the secure tunnel or is leaking DNS requests to the user's regular ISP DNS resolver. It reveals which DNS servers are processing name resolution queries from the current connection.
For OSINT investigators relying on VPNs for operational security, DNS leak testing is a critical pre-investigation verification step. A DNS leak occurs when the operating system or browser sends DNS queries outside the VPN tunnel — to the ISP's DNS servers rather than the VPN provider's servers. When this happens, the ISP can see which domains the investigator is looking up, even though web traffic routes through the VPN.
DNS leaks are common because of how VPN software interacts with operating system DNS resolution, particularly on Windows. The operating system may fall back to its configured DNS servers when the VPN's DNS server is slow or unavailable, creating intermittent leaks that are difficult to detect without testing.
DNS Leak Test sends multiple DNS queries through the browser and reports which DNS servers responded. If servers appear that belong to the investigator's ISP (rather than to the VPN provider or another privacy-respecting DNS service), a DNS leak is confirmed.
For TOR users, DNS leaks are particularly serious because the entire value of TOR anonymization depends on all traffic routing through the TOR network. A DNS leak bypasses TOR for name resolution, revealing research activity to the ISP.
Proper DNS leak remediation depends on the VPN client — some clients offer DNS leak protection settings that force all DNS queries through the VPN tunnel. Alternatively, configuring a trusted DNS provider (Cloudflare 1.1.1.1, NextDNS, or the VPN's DNS) at the operating system level can prevent leaks.
Document DNS leak test results as part of pre-investigation operational security verification, recording which DNS servers were detected and whether the VPN configuration passed the test.
Before You Pivot
Record Context
Capture the target, search terms, and why this source is relevant before you leave the page.
Preserve Evidence
Archive volatile pages, save screenshots, and keep timestamps for anything that may change.
Corroborate
Treat one tool as a lead source. Confirm important findings with independent sources.
Related Tools
Account Killer
Privacy & Security OSINT
AccountKiller provides direct deletion links and step-by-step instructions for removing accounts on hundreds of websites and social platforms.
AlgoVPN
Privacy & Security OSINT
Algo VPN automates deployment of a personal WireGuard or IKEv2 VPN server in the cloud for private, secure OPSEC browsing.
Blokada
Privacy & Security OSINT
Keep all your devices protected with Blokada content filtering and encryption.
Canarytokens
Privacy & Security OSINT
Canarytokens creates tracking traps that alert investigators when accessed, revealing attacker IP, time, and origin when planted.
Certificate Search
Privacy & Security OSINT
crt.sh searches certificate transparency logs to uncover domains, subdomains, and infrastructure from TLS certificate data.
Cover Your Tracks
Privacy & Security OSINT
EFF Cover Your Tracks reveals how ad trackers and fingerprinters see your browser to help investigators strengthen OPSEC and anonymity.