-
-
Notifications
You must be signed in to change notification settings - Fork 8
DNS Tests
Sebastian Schmidt edited this page Nov 17, 2019
·
6 revisions
Check My DNS - https://cmdns.dev.dns-oarc.net/
https://www.grc.com/dns/dns.htm
https://www.dns-oarc.net/oarc/services/dnsentropy
$ dig +short porttest.dns-oarc.net TXT
porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"45.76.113.31 is GREAT: 100 queries in 5.2 seconds from 100 ports with std dev 16846"
$ dig +short @<DNS Server IP> porttest.dns-oarc.net TXT
$ dig +short @127.0.0.1 porttest.dns-oarc.net TXThttps://www.grc.com/dns/dns.htm
http://0skar.cz/dns/en/ -> Wildcard domains
https://rootcanary.org/test.html -> Algorithm test
http://www.dnssec-failed.org/ This website should not resolve
$ dig txt qnamemintest.internet.nl +short
a.b.qnamemin-test.internet.nl.
"HOORAY - QNAME minimisation is enabled on your resolver :)!"Sentinel KSK for DNSSEC Root Key Rollover
http://www.bellis.me.uk/sentinel/
http://sentinel.research.icann.org/ Source Code: https://github.com/paulehoffman/sentinel-testbed
# You can use drill, kdig, dig or any other *dig tools
dig whoami.akamai.net +short
dig -t aaaa whoami.akamai.net +short
dig -t txt o-o.myaddr.l.google.com +short
dig resolver.dnscrypt.info +short
dig whoami.ultradns.net +short
dig whoami.fluffcomputing.com +short
dig -t txt whoami.v4.powerdns.org +short
dig -t txt whoami.v6.powerdns.org +short
# Other tests from https://www.dnswl.org/?p=330
dig -t txt whoami-ecs.v4.powerdns.org +short
dig -t txt whoami-ecs.v6.powerdns.org +short
dig -t loc latlon.v4.powerdns.org +short
dig -t txt amiblocked.dnswl.org +short
# For macOS I always forget the command to query it's DNS stack so I'll this here
dscacheutil -q host -a name example.com
# Query current DNS servers on macOS
networksetup -listallnetworkservices
networksetup -getdnsservers Wi-Fihttps://www.grc.com/dns/benchmark.htm
https://www.grc.com/dns/operation.htm
# These just reply IPs in the local network range
dig net127.rebindtest.com +short
dig net192.rebindtest.com +short
dig net172.rebindtest.com +short
dig net10.rebindtest.com +short
dig AAAA net127.rebindtest.com +short
dig AAAA net192.rebindtest.com +short
dig AAAA net172.rebindtest.com +short
dig AAAA net10.rebindtest.com +shorthttps://github.com/taviso/rbndr and https://lock.cmpxchg8b.com/rebinder.html
# rbndr example
dig 7f000001.c0a80001.rbndr.us +shorthttps://github.com/brannondorsey/whonow#whonow-dns-server
# whonow example
dig A.127.0.0.1.1time.192.168.0.1.1time.repeat.rebind.network +shorthttps://www.dns-oarc.net/oarc/services/replysizetest
dig rs.dns-oarc.net TXT +shortdig amiopen.openresolvers.org TXT +short# kdig from knot dns: https://www.knot-dns.cz/docs/2.6/html/man_kdig.html
$ brew install knot
$ kdig -d @45.76.113.31 -p853 +tls-ca +tls-host=dot.seby.io example.com
;; DEBUG: Querying for owner(example.com.), class(1), type(1), server(45.76.113.31), port(853), protocol(TCP)
;; DEBUG: TLS, imported 169 system certificates
;; DEBUG: TLS, received certificate hierarchy:
;; DEBUG: #1, CN=doh.seby.io
;; DEBUG: SHA-256 PIN: Zo6lWnGmWBuhPToAq3GR8QFwRxRdFaLNgFlbS9Z8ALU=
;; DEBUG: #2, C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3
;; DEBUG: SHA-256 PIN: YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=
;; DEBUG: TLS, skipping certificate PIN check
;; DEBUG: TLS, The certificate is trusted.
;; TLS session (TLS1.2)-(ECDHE-RSA-SECP256R1)-(AES-256-GCM)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 42461
;; Flags: qr rd ra; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 1
;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 4096 B; ext-rcode: NOERROR
;; QUESTION SECTION:
;; example.com. IN A
;; ANSWER SECTION:
example.com. 81665 IN A 93.184.216.34
;; Received 56 B
;; Time 2018-10-03 19:18:39 AEST
;; From 45.76.113.31@853(TCP) in 37.6 ms$ kdig -d @1.1.1.1 +tls-ca +tls-host=cloudflare-dns.com example.com
;; DEBUG: Querying for owner(example.com.), class(1), type(1), server(1.1.1.1), port(853), protocol(TCP)
;; DEBUG: TLS, imported 169 system certificates
;; DEBUG: TLS, received certificate hierarchy:
;; DEBUG: #1, C=US,ST=CA,L=San Francisco,O=Cloudflare\, Inc.,CN=*.cloudflare-dns.com
;; DEBUG: SHA-256 PIN: yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc=
;; DEBUG: #2, C=US,O=DigiCert Inc,CN=DigiCert ECC Secure Server CA
;; DEBUG: SHA-256 PIN: PZXN3lRAy+8tBKk2Ox6F7jIlnzr2Yzmwqc3JnyfXoCw=
;; DEBUG: TLS, skipping certificate PIN check
;; DEBUG: TLS, The certificate is trusted.
;; TLS session (TLS1.2)-(ECDHE-ECDSA-SECP256R1)-(AES-256-GCM)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 13230
;; Flags: qr rd ra; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 1
;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 1452 B; ext-rcode: NOERROR
;; PADDING: 408 B
;; QUESTION SECTION:
;; example.com. IN A
;; ANSWER SECTION:
example.com. 1163 IN A 93.184.216.34
;; Received 468 B
;; Time 2018-10-03 19:19:47 AEST
;; From 1.1.1.1@853(TCP) in 40.1 ms# GET
$ curl -H 'accept: application/dns-message' -v 'https://cloudflare-dns.com/dns-query?dns=q80BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB' | hexdump -C
$ curl -H 'accept: application/dns-message' -v 'https://doh.seby.io:8443/dns-query?ct&dns=AAABAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB' | hexdump -C
# POST
$ echo -n 'q80BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB' | base64 -D | curl -H 'content-type: application/dns-message' --data-binary @- https://cloudflare-dns.com/dns-query -o - | hexdump -C
$ echo -n 'AAABAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB' | base64 -D | curl -H 'content-type: application/dns-message' --data-binary @- https://doh.seby.io:8443/dns-query -o - | hexdump -C
00000000 00 00 81 a0 00 01 00 01 00 00 00 01 03 77 77 77 |.............www|
00000010 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 00 01 00 |.example.com....|
00000020 01 c0 0c 00 01 00 01 00 00 01 49 00 04 5d b8 d8 |..........I..]..|
00000030 22 00 00 29 05 ac 00 00 00 00 00 00 |"..)........|
0000003chttps://www.cloudflare.com/ssl/encrypted-sni/
http://viewdns.info/dnsreport/
https://mxtoolbox.com/dnscheck.aspx