DNS leaks: check, understand, fix

A DNS leak happens when your device asks a resolver outside the VPN for domain names, exposing which sites you look up. GhostMesh is built with DNS and IPv6 leak protections; this guide explains how to verify behavior on your side.

Download for Windows Download for Android View pricing

Quick check in plain language

Connect GhostMesh, pick a server, then open a reputable “DNS leak test” site in your browser. The listed resolvers should match the VPN provider’s network, not only your home ISP.

Run the test twice: once on Wi‑Fi and once on mobile data (Android) to see if the OS or captive portals change resolver behavior.

Windows: what to verify

After the tunnel is up, confirm that the active network adapter used for DNS is the one created by the VPN client, not only your Ethernet/Wi‑Fi adapter with ISP DNS.

If you use third-party “optimizer” or antivirus DNS features, disable them temporarily—they can force queries around the tunnel.

Android: typical gotchas

Private DNS (e.g. automatic or a custom hostname) interacts with VPN DNS in ways that vary by OS version. If results look wrong, try comparing with Private DNS off for a controlled test.

Aggressive battery savers can restart processes and briefly change routing; retest after disabling restrictions for GhostMesh if you saw intermittent leaks.

How GhostMesh helps

Our apps and pricing materials describe DNS and IPv6 leak protection as part of the core offering. Keep the client updated so you benefit from the latest routing rules.

No VPN can override a compromised device or malware; combine technical checks with basic device hygiene.