top
logo
custom iconResources
custom iconFeature overview
language-switch

How to set up Shadowrocket to prevent DNS leaks — most tutorials skip this step!

How to set up Shadowrocket to prevent DNS leaks — most tutorials skip this step!CharlesdateTime2026-03-28 03:42
iconiconiconiconicon

Many people, when using Shadowrocket for the first time, focus all their attention on things like “whether the node is fast” or “how high the latency is,” while often overlooking a more important issue — DNS leaks.

The key point is that most tutorials only teach you “how to connect to a node,” but very few clearly explain how to properly configure Shadowrocket to prevent DNS leaks.

Next, this guide will walk you through everything step by step — from the basics to practical setup, and then to DNS leak testing and browser fingerprint detection — so you can avoid unnecessary mistakes.

ScreenShot_2026-03-28_102119_814.webp

1. What is a DNS Leak? Why You Should Care

•  DNS is like the “phonebook” of the internet. When you visit a website, your device first asks a DNS server: “Which IP address corresponds to this domain?”

•  The problem is: if you’re already using a proxy, but your DNS requests bypass the proxy and go directly to your local ISP, then a DNS leak occurs.

•  This may indirectly expose your real IP, allow your browsing activity to be recorded by your local network provider, and still let platforms determine your location based on DNS.

So, a DNS leak is not a minor issue — it’s a privacy vulnerability.

2. How to Check If You Have a DNS Leak

Before adjusting settings, it’s recommended to run a DNS leak test. Common methods include:

•  Using online DNS leak testing websites

•  Combining with browser fingerprint detection tools to evaluate overall anonymity

•  Using comprehensive tools like ToDetect fingerprint checker to review DNS, IP, and fingerprint consistency

What should you focus on?

•  Whether the DNS server location matches your proxy node

•  Whether local ISP DNS (e.g., China Telecom/Unicom) appears

•  Whether there are multiple abnormal DNS requests

If you’re using a proxy but still see local DNS, you can basically confirm that a DNS leak has occurred.

3. Core Principles to Prevent DNS Leaks in Shadowrocket

In Shadowrocket, preventing DNS leaks mainly relies on three things:

•  Force DNS through the proxy

•  Use trusted DNS (such as DoH/DoT)

•  Avoid interference from the system’s default DNS

In short: your DNS requests must go “through the proxy,” not your local network.

4. Detailed Shadowrocket DNS Leak Prevention Settings

Here are the practical steps (this is the part many tutorials fail to explain clearly):

1️⃣ Open DNS Settings

Go to Shadowrocket: Settings → DNS. You’ll see several options — this is the key area.

2️⃣ Configure Encrypted DNS (Recommended)

It’s recommended to use DoH (DNS over HTTPS), such as:

https://1.1.1.1/dns-query

https://dns.google/dns-query

Or: https://dns.cloudflare.com/dns-query

👉 Purpose: Prevent DNS from being monitored or tampered with

3️⃣ Enable “Proxy DNS Requests”

⚠️ This is critical: find options like “DNS over Proxy” / “Resolve DNS via proxy” and make sure it is enabled, otherwise DNS leaks will occur.

4️⃣ Disable System DNS Interference

iOS may sometimes force the use of local DNS. In this case, you should:

Enable Shadowrocket’s “Global Mode” (recommended for testing) or use rule mode but ensure DNS also goes through the proxy.

5️⃣ Fake IP Mode (Advanced)

If you are using advanced configurations, you can enable Fake-IP mode.

Its purpose is to avoid DNS pollution, improve resolution speed, and reduce the chance of DNS leaks — but it’s more suitable for advanced users.

5. How to Verify If the Setup Works

Don’t assume everything is fine after setup — you must run another DNS leak test. Recommended process:

1. Turn on the proxy (connect Shadowrocket to a node)

2. Visit the DNS leak test website

3. Use the ToDetect fingerprint tool for a comprehensive check

4. Also run a browser fingerprint test, where you should see:

•  DNS servers located in the proxy’s country

•  No local ISP records

•  IP and DNS match

If all these conditions are met, your DNS leak protection in Shadowrocket is working correctly.

6. Common DNS Leak Issues in Shadowrocket

❓Issue 1: Why is there still a DNS leak in global mode?

Answer: Global mode does not mean DNS goes through the proxy. Many people overlook this — DNS must be configured separately.

Solution: Enable “Resolve DNS via proxy” + configure DoH.

❓Issue 2: Will DNS leaks still happen when using provider nodes?

Answer: Yes, very common

Having DNS on the node ≠ it is actually being used. You may have “partial proxy, partial local” behavior.

Solution: Manually configure DNS + force it through the proxy

❓Issue 3: DNS is normal, but location is still detected?

Answer: It may be due to browser fingerprint exposure. Websites don’t rely only on DNS — they also check device information.

Solution: Use the ToDetect fingerprint tool + run browser fingerprint tests together.

Summary

DNS leaks are something you might not notice in daily use, but once detected, your real network environment may already be exposed.

So it’s recommended to build a habit: every time you change nodes or configurations, run a DNS leak test and periodically use tools like ToDetect to check your overall environment.

Many tutorials skip this part because it’s slightly complex, but ignoring it can render all your efforts useless.

adAD
Table of Contents
1. What is a DNS Leak? Why You Should Care
2. How to Check If You Have a DNS Leak
3. Core Principles to Prevent DNS Leaks in Shadowrocket
4. Detailed Shadowrocket DNS Leak Prevention Settings
5. How to Verify If the Setup Works
6. Common DNS Leak Issues in Shadowrocket
Summary
Recommended Articles
preview2025’s Most Reliable Free Online Speed Test ServicespreviewHow to Detect Chrome Extensions Installed by Users – Browser Plugin DetectionpreviewCross-Border E-Commerce Broadband Buying Guide: Home Network Speed Testing and Account Anti-Linking Tips
View Morenext