DNS leaks: check, understand, fix
DNS translates domain names into addresses. A DNS leak means those lookups go outside the VPN path and reveal browsing intent to a network you did not expect.
Quick answer
Connect the VPN, run a DNS leak test, compare resolver ownership with your selected route, then repeat with browser secure DNS, Android Private DNS, and third-party DNS tools disabled if results are confusing.
Start with the scope
Decide whether the problem affects one site, one browser, one app, one network, or all traffic. Scope is the fastest way to avoid changing the wrong setting.
Record the direct result before connecting the VPN, then repeat the same test after connecting GhostMesh.
Run controlled checks
Change one variable at a time: DNS, server location, browser secure DNS, Private DNS on Android, or split tunneling rules.
If a result changes only in one browser or one network, the VPN may not be the root cause.
Checklist
- ✓Record baseline
- ✓Connect GhostMesh
- ✓Run the same test again
- ✓Change one setting at a time
Read the symptoms
A DNS-only failure means IP endpoints may still work while domains fail. A route or firewall failure usually affects all apps.
Connection resets can point to browser state, MTU, network filtering, or a route that only affects one destination.
| Symptom | Where to look |
|---|---|
| Domains fail, IP works | DNS |
| All apps fail | Route, firewall, kill switch, captive portal |
| One site resets | Site policy, CDN path, DPI, MTU |
| Only Android differs | Private DNS or battery policy |
When to contact support
Send platform, app version, selected server, network type, and screenshots of the test results. Avoid passwords, tokens, or private page content.
A timestamp plus direct-vs-VPN comparison usually gives support enough context to start.
FAQ
Should I reinstall first?
No. Reinstalling rarely identifies DNS, route, or network scope. Run the small checks first.
What is the most useful support detail?
Platform, app version, server, network type, and the exact test result before and after VPN.