Servers supporting DNS-over-TLS

The following servers are configured to support TLS on port 853 and STARTTLS on port 53 for testing purposes.

Open resolver

Authoritative test server hosted by Verisign Labs:

Server typeHosted byIP addressesServer keyHostname for TLS authenticationSPKI pin for TLS authentication (RFC7858)


AuthoritativeVerisign Labs173.255.254.151nsd.key [Note that this

is a self-signed certificate so does not pass

authentication by default.]



How to Decode TLS packets in Wireshark

If you want to decode the DNS packets in Wireshark (use 1.12.1 or later) to get support TLSv1.2