dnscheck.tools

Hello! Your IP addresses are:

detecting...

Your DNS resolvers are:

detecting...

Your DNS security:

pending...

Like this tool? Star us on GitHub. See more at addr.tools.

ABOUT

dnscheck.tools is a tool to test for DNS leaks, DNSSEC validation, and more.

USAGE

Load dnscheck.tools in any web browser to identify your current DNS resolvers and check DNSSEC validation.

DNS TEST QUERIES

dnscheck.tools is also a custom DNS test server! Make test queries like:

$ dig -t txt [OPTIONS.]test[-DNSSEC][-NET].dnscheck.tools

By default, both IPv4 and IPv6 authoritative nameservers are offered and responses are signed using ECDSA P-256 with SHA-256.

  • DNSSEC sets the DNSSEC signing algorithm:
    • alg13 sign the zone using ECDSA P-256 with SHA-256 (default)
    • alg14 sign the zone using ECDSA P-384 with SHA-384
    • alg15 sign the zone using Ed25519
  • NET may be:
    • ipv4 offer only IPv4 authoritative nameservers
    • ipv6 offer only IPv6 authoritative nameservers

OPTIONS is a hyphen-separated list containing:

  • any of:
    • random a random number, up to 8 hex digits, useful for cache busting, identifies requests to /watch
    • compress force the use of DNS message compression in the response
    • [no]truncate force or disable message truncation for responses over UDP
  • up to one of:
    • badsig provide an invalid DNSSEC signature in the response
    • expiredsig[t] provide an expired DNSSEC signature in the response, t seconds in the past (default 1 day)
    • nosig do not provide any DNSSEC signature in the response
  • up to one of:
    • nullip provide only the all-zero IP in A and AAAA responses
    • nxdomain respond as if the domain does not exist
    • refused refuse the query
    • txtfilln add n bytes, up to 4096, of data to TXT responses

EXAMPLES

$ dig -t txt test.dnscheck.tools

$ open https://dnscheck.tools/watch/123

$ dig 123.test.dnscheck.tools

$ dig 123-truncate.test.dnscheck.tools

$ dig 123-badsig.test-alg15.dnscheck.tools

SEE ALSO

addr.tools

SOURCE

See GitHub. Bug reports and pull requests welcome.

THIRD-PARTY DATA

IP addresses are grouped by their network registrants as discovered by the Registration Data Access Protocol.

Hostnames (pointer records) and authoritative nameservers are discovered by reverse DNS resolution.

IP geolocation data is provided by ipinfo.io.

PRIVACY POLICY

No personal data is collected. This site doesn't use cookies. Cheers!

dns: 0