Understand what the DNS leak test shows, how to read the results, and how to share them with CleanBrowsing support for fast troubleshooting.
Every time you visit a website, your device sends a DNS query to translate the domain name (like google.com) into an IP address. Normally, these queries go to whichever DNS server you've configured — in your case, CleanBrowsing.
A DNS leak happens when some or all of your DNS queries bypass your configured DNS and go to a different server instead, typically your ISP's default DNS. When this happens:
The DNS leak test detects exactly which DNS servers are handling your queries, so you can verify that CleanBrowsing is active and no queries are leaking.
Open the DNS Leak Test page. You'll see your public IP address detected automatically at the top of the page.
Click "Run Extended Test" to start. The test works by sending 30 DNS probes through your browser. Each probe forces a DNS lookup through a unique subdomain, which allows the test to identify every DNS resolver in the chain — even if multiple resolvers are involved.
The test takes about 15–20 seconds to complete. You'll see a progress bar as probes are sent, followed by the results.
At the top of the page, you'll see your public IP address along with your ISP name and approximate location. This is the IP address that websites and DNS servers see when your device connects to the internet.
This information is important for support because:
The Connection Information card shows diagnostic details about your DNS configuration:
The DNS Resolvers table is the core of the leak test. It lists every DNS server that handled your queries during the test. For each resolver, you'll see:
family-filter-dns.cleanbrowsing.org).Ideally, you should see only CleanBrowsing resolvers (IPs in the 185.228.168.x or 185.228.169.x range). If you see other resolvers alongside CleanBrowsing, you have a partial DNS leak.
If every resolver in the table is CleanBrowsing, you'll see a green success banner: "CleanBrowsing DNS detected." Your DNS filtering is working correctly. No action needed.
If you see CleanBrowsing resolvers and your ISP's resolvers, you have a partial DNS leak. Some queries are filtered, but others bypass CleanBrowsing. Common causes:
If no CleanBrowsing resolvers appear, your DNS configuration isn't active. You'll see a warning banner. Check your setup and make sure DNS is configured correctly at the router or device level.
Occasionally the test detects zero resolvers. This usually means your DNS is routed through an encrypted tunnel or privacy proxy that blocks the test probes. Try running the test from a different browser or device.
After the test completes, you'll see a "Share Results with Support" button below the resolver table. Here's how to use it:
cleanbrowsing.org/dnsleaktest?r=abc12345)When our support team opens your link, they'll see exactly what you saw: your public IP, ISP, DNS resolvers, connection diagnostics, and whether CleanBrowsing was detected. This gives us everything we need to diagnose the issue without asking you to take screenshots.
Shared results are stored for 30 days, then automatically deleted.
The test also encodes your results into the URL hash (the # part of the URL) automatically after completion. You can copy the full URL from your browser's address bar as an alternative way to share. This method doesn't require server storage — the data is embedded directly in the URL.
Your DNS configuration isn't being applied. The most common causes:
If CleanBrowsing is detected but sites aren't being blocked:
A partial leak. See our guide on preventing filter bypass. The most effective fix is using DNS over HTTPS (DoH) or configuring DNS at the router level with firewall rules to block DNS bypass.