Experimental DNS Privacy Recursive Servers

The following servers are configured to support TLS on port 853 for testing purposes. Note that they are experimental offerings with no guarantees on the lifetime of the service or service level provided. 

Hosted byIP addressesHostname for TLS
authentication
SPKI pin for TLS
authentication (RFC7858)
Supports
RFC7858

Supports

RFC7766 fully

SoftwareNotes
getdnsapi.net

185.49.141.38

2a04:b900:0:100::38

getdnsapi.netfoxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9S=NoNoUnbound 
Surfnet

145.100.185.15

2001:610:1:40ba:145:100:185:15

dnsovertls.sinodun.com No

No, but does do concurrent
processing of queries.

Supports TFO

HAProxy + BINDOnly listening on TLS on port 853
Surfnet

145.100.185.16

dnsovertls1.sinodun.com NoNo, but does do concurrent
processing of queries
Nginx + BINDOnly listening on TLS on port 853
OARCSee OARC website    Unbound 

 


How to Decode TLS packets in Wireshark

If you want to decode the DNS packets in Wireshark (use 1.12.1 or later) to get support TLSv1.2