Servers supporting DNS-over-TLS

The following servers are configured to support TLS on port 1021 and STARTTLS on port 53 for testing purposes.

Open resolver

Authoritative test server hosted by Verisign Labs:

Authoritative getdnsapi.net servers [currently offline]

Server typeHosted byIP addressesServer keyHostname for TLS authentication
Open Resolvergetdnsapi.net

185.49.141.38

2a04:b900:0:100::38

 getdnsapi.net
Authoritativegetdnsapi.net

185.49.141.37

2a04:b900:0:100::37

185.49.141.37-nsd.key 
AuthoritativeVerisign Labs173.255.254.151nsd.keystarttls.verisignlabs.com

 


How to Decode TLS packets in Wireshark

If you want to decode the DNS packets in Wireshark (use 1.12.1 or later) to get support TLSv1.2