Servers supporting DNS-over-TLS

The following servers are configured to support TLS on port 1021 and STARTTLS on port 53 for testing purposes.

Open resolver

Authoritative test server hosted by Verisign Labs:

Server typeHosted byIP addressesServer keyHostname for TLS authentication
Open Resolvergetdnsapi.net

185.49.141.38

2a04:b900:0:100::38

 getdnsapi.net
AuthoritativeVerisign Labs173.255.254.151nsd.key

starttls.verisignlabs.com [Note that this

is a self-signed certificate so does not pass

authentication by default.]

 


How to Decode TLS packets in Wireshark

If you want to decode the DNS packets in Wireshark (use 1.12.1 or later) to get support TLSv1.2