Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The following servers are configured to support TLS on port 853 and STARTTLS on port 53 for testing purposes.

Public Test resolver

  • Hosted by the getdns API implementation project at getdnsapi.net (Unbound 1.5.6):

  • IP address: 185.49.141.38 and 2a04:b900:0:100::38
  • Note this server does not support UDP without DNS Cookies (RFC7873)Also note the server does not yet support EDNS0 TCP Keepalive (RFC7828) or out-of-order response processing  concurrent processing or TCP queries (RFC7766)

Authoritative test server hosted by Verisign Labs:

...

The zone is named dns-over-tls.verisignlabs.com and it has A, AAAA, and TXT records for names from 'L001' to 'L100'. 

...

The IP address of the server is currently 173.255.254.151

Server

...

The zone is signed

...

Server typeHosted byIP addressesServer keyHostname for TLS authenticationSPKI pin for TLS authentication (RFC7858)
Public Test Resolvergetdnsapi.net

185.49.141.38

2a04:b900:0:100::38

 getdnsapi.netfoxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9S=AuthoritativeVerisign Labs173.255.254.151nsd.key

starttls.verisignlabs.com [Note that this

is a self-signed certificate so does not pass

authentication by default.]

 

 

...

How to Decode TLS packets in Wireshark

...