Servers supporting DNS-over-TLS

The following servers are configured to support TLS on port 1021 and STARTTLS on port 53 for testing purposes.

Open resolver

Authoritative getdnsapi.net servers

Authoritative test server hosted by Verisign Labs:

Server typeHosted byIP addressesServer key
Open Resolvergetdnsapi.net

185.49.141.38

2a04:b900:0:100::38

185.49.141.38-unbound.key
Authoritativegetdnsapi.net

185.49.141.37

2a04:b900:0:100::37

185.49.141.37-nsd.key
AuthoritativeVerisign Labs173.255.254.151nsd.key

 


How to Decode TLS packets in Wireshark

If you want to decode the DNS packets in Wireshark (use 1.12.1 or later) to get support TLSv1.2