DNS leak test
What is a DNS leak?
To answer this question you should understand what happens when you open any website in your Internet browser.
There is only digits in the machines world. And the website addresses are not an exception from this rule. The browser can connect to website only using IP address. But we usually know websites by names (domain names), not by IPs. Yes, we can enter IP in the address bar, but we don't do so. It's inconvenient. IP of the website can be changed at any time and the website can have multiple IPs at once. The DNS (Domain Name System) is used to get rid of all this hell and to answer the question: what IP address has the website. We should know only one IP (DNS server IP). And DNS server is able to answer the question what IP has the website.
The operating system (Windows, Linux, MacOs, iOS, ...) usually knows several DNS servers. These servers are preinstalled by ISP in general. Here might be a problem.
When your PC (or other device) is connected to VPN then the DNS servers are changed to VPN DNS (if it is a serious VPN). Some VPNs can leave your DNS servers without changes at all, so you will use ISP DNS servers. Or VPN could change DNS servers but not the whole DNS servers (some servers can stay unchanged). Why ISP DNS servers are dangerouse? Because ISP can watch you even if you are connected to VPN. ISP will know what websites you visit.
How does DNS leak test work?
When you click on start test button the bash.ws site generates faked subdomain names like lala.blabla.bash.ws (to avoid DNS caching mechanism). Then your browser will try to show nonexistent images (lala.blabla.bash.ws/some-image.png) and as a result it would try to detect IPs of faked subdomains. The DNS servers from your system will be used to do this work. bash.ws can catch all these DNS requests and it is able to detect what IP has sent the DNS request. It will show you all these DNS IPs. If the IP is not trusted (it owns by ISP or another untrusted company) you may be in trouble and the test will warn you.
Does DNS leak test support OpenVPN?
Yes. This test supports any kind of VPN connection (IKEv1, IKEv2, L2TP, IPsec, PPTP). This is a system test. It doesn't depend on VPN at all.
Does DNS leak test support Windows?
Yes. You can use it on all versions of Windows, MacOS, iOS, Android or Linux. This test doesn't depend on operating system. All you need is the Internet browser.
How can I check dns leak in terminal (Linux)?
You should use the script available here https://github.com/macvk/dnsleaktest