Experimental DNS Privacy Recursive Servers

The following servers are configured to support TLS on port 853 for testing purposes. Note that they are experimental offerings with no guarantees on the lifetime of the service or service level provided. 

Hosted byIP addressesHostname for TLS
authentication
SPKI pin for TLS
authentication (RFC7858)
Supports
RFC7858

Supports

RFC7766 fully

SoftwareNotes
getdnsapi.net

185.49.141.38

2a04:b900:0:100::38

getdnsapi.netfoxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9S=NoNoUnbound 
Surfnet

145.100.185.15

dnsovertls.sinodun.com NoNoHAProxy + BINDSetup is a work in progress!
OARCSee OARC website    Unbound 

 


How to Decode TLS packets in Wireshark

If you want to decode the DNS packets in Wireshark (use 1.12.1 or later) to get support TLSv1.2