Make sure the browser you’re using dnsleaktest.com from isn’t “Excluded” from Rethink or doesn’t have “Bypass app all proxies” turned ON in Configure → Apps → <browser you’re using>.
You can search for dnsleaktest.com in Configure → Logs → swipe to the “DNS” tab, and tap on those entries you see there. The bottomsheet that comes up should show just which server the DNS request was sent to.
Are you running WireGuard in Advanced mode or Simple mode? If in Advanced mode, Rethink continues to use DNS as set in Configure → DNS → Other DNS / System DNS / Rethink DNS. That’s because Android doesn’t support split-tunneling DNS requests (but we’ve a workaround for that shipping in the next version, v055o, due in a few days).
Also, if you’re using WireGuard in “Advanced” mode, you’d have to add apps to the active Advanced WireGuard profiles. Tap on Configure → Proxy → Setup WireGuard → select the WireGuard profiles → look for the “Add / Remove” button.
A note on web-based DNS “leak” tests: These test for “transparent DNS proxies” (for unencrypted DNS) and not really “leaks” although they may also catch leaks. In case of Rethink DNS + FIrewall app, which encrypts DNS queries, these tests don’t make much sense.
Some ISP’s are now using a technology called ‘Transparent DNS proxy’. Using this technology, they will intercept all DNS lookup requests (TCP/UDP port 53) and transparently proxy the results. This effectively forces you to use their DNS service for all DNS lookups.
From: DNS leak test (mirror)