Leaks test are always built for a specific service. If a leak test says you are “leaking”, it means that your device is not configured exactly as they expect. If you are using Portmaster, this is most probably the case.
The easiest thing you can do is to take the IP addresses the leak test says you are leaking and enter them on this page: https://bgpview.io/
This will tell you who the IP address belongs to. As long as this is not your ISP, all is good.
Sometimes you can even try to just enter the IP address in your browser and see where it leads to. Many services have small web pages set up so interested network administrators can check what the IP address is used for.
In global settings check the "Servers" section, there should be 2 settings in there, if not switch to "Advanced Interface"
Miss-configuring this area can lead to your system using your ISPs DNS. This is because Portmaster falls back to System / Network DNS (typically your ISP) if it can't resolve the domain.
Reasons this could happen are:
To Prevent the fallback you can enable "Ignore System/Network Servers" keep in mind that this can break other things as well, so do that with caution.
Also if you want to use an exotic DNS resolver which would be super slow in your location we found that Portmaster does fall back to the system configured DNS more often, so please make sure you put a fast DNS into that list bellow your favorite alternative.
Note: We also have seen in the past that Quad9 sometimes has issues, we recommend using Cloudflare as the “backup” dns option
If you are confident that you are experiencing a real leak of any kind, please report it and include the following information: