Test global mode first
If global mode works but rule mode leaks, focus on rules, DNS mode, and domain matching.
Clash DNS
Open DNS leak guide
Clash DNS Leak Fix
Fix Clash DNS leaks by comparing rule mode and global mode, checking browser secure DNS, fake-IP behavior, provider rules, and resolver exposure.
Updated: 2026-05-11
Direct Answer
When Clash leaks DNS, separate node health from rule behavior. Test global mode first, then inspect DNS mode, browser secure DNS, and provider rules.
Advertisement
Check browser DNS
Chrome, Edge, and Firefox secure DNS can override system or Clash DNS behavior.
Review Clash DNS mode
Fake-IP, redir-host, TUN, and system proxy modes can produce different resolver results.
Steps
- Switch to global mode and run DNS checks.
- Disable browser secure DNS for testing.
- Compare rule mode results.
- Adjust DNS mode or rules and retest.
Checklist
- Global mode result is understood.
- Browser secure DNS is not overriding Clash.
- Rule providers are current.
- DNS result does not show the original ISP.
Troubleshooting
Only rule mode leaks DNS
Review domain rules, DNS mode, and whether target domains bypass the proxy.
Chrome leaks but other apps do not
Disable Chrome secure DNS or configure it intentionally.
Fake-IP breaks some apps
Test redir-host or rule adjustments for the affected domains.
Advertisement
FAQ
Should I always use global mode?
No. Use it for diagnosis, then return to rule mode if your rules and DNS behavior are correct.
Can browser secure DNS bypass Clash?
Yes. Browser-level DNS settings can change resolver results.
Is DNS country mismatch always a leak?
Not always, but original ISP DNS exposure should be fixed.
扫码打开当前页
-
¥优惠劵使用时效:无法使用使用时效:
之前
使用时效:永久有效优惠劵ID:×