DNS Privacy
Links
DNS Privacy Project homepage
DPRIVE
getdns
NLnet Labs
Sinodun
The following servers are configured to support TLS on port 853 and STARTTLS on port 53 for testing purposes.
Open resolver
Hosted by the getdns API implementation project at getdnsapi.net (Unbound 1.5.6):
The zone is named dns-over-tls.verisignlabs.com and it has A, AAAA, and TXT records for names from 'L001' to 'L100'.
The IP address of the server is currently 173.255.254.151.
Server key file is available to download here: nsd.key
The zone is signed
Server type | Hosted by | IP addresses | Server key | Hostname for TLS authentication | SPKI pin for TLS authentication (RFC7858) |
---|---|---|---|---|---|
Public Resolver | getdnsapi.net | 185.49.141.38 2a04:b900:0:100::38 | getdnsapi.net | foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9S= | |
Authoritative | Verisign Labs | 173.255.254.151 | nsd.key | starttls.verisignlabs.com [Note that this is a self-signed certificate so does not pass authentication by default.] |
If you want to decode the DNS packets in Wireshark (use 1.12.1 or later) to get support TLSv1.2
Obtain the server key file
Configure the key in wireshark in Edit->Preferences