dnscheck.tools

Hello! Your IP addresses are:

detecting...

Your DNS resolvers are:

detecting...

Your DNS security:

pending...

Like this tool? Star us on GitHub. See more at addr.tools.

ABOUT

dnscheck.tools is a tool to test for DNS leaks, DNSSEC validation, and more.

USAGE

Load dnscheck.tools in any web browser to identify your current DNS resolvers and check DNSSEC validation.

DNS TEST QUERIES

dnscheck.tools is also a custom DNS test server! Make test queries like:

$ dig -t txt [OPTIONS.]go[-SEC][-NET].dnscheck.tools

By default, both IPv4 and IPv6 authoritative nameservers are offered and responses are signed using ECDSA P-256 with SHA-256.

  • NET may be:
    • ipv4 offer only IPv4 authoritative nameservers
    • ipv6 offer only IPv6 authoritative nameservers
  • SEC sets the DNSSEC signing algorithm:
    • alg13 sign the zone using ECDSA P-256 with SHA-256 (default)
    • alg14 sign the zone using ECDSA P-384 with SHA-384
    • alg15 sign the zone using Ed25519
    • unsigned do not sign the zone

OPTIONS is a hyphen-separated list containing:

  • any of:
    • compress force the use of DNS message compression in the response
    • [no]truncate force or disable message truncation for responses over UDP
    • random a random number, up to 8 hex digits, useful for cache busting, identifies requests to /watch
  • up to one of:
    • nosig do not provide any DNSSEC signature in the response
    • badsig provide an invalid DNSSEC signature in the response
    • expiredsig[t] provide an expired DNSSEC signature in the response, t seconds in the past (default 1 day)
  • up to one of:
    • nxdomain respond as if the domain does not exist
    • refused refuse the query
    • nullip provide only the all-zero IP in A and AAAA responses
  • up to one of:
    • paddingn add n bytes of EDNS0 padding, up to 4000, to A, AAAA, and TXT responses
    • txtfilln add n bytes of padding as TXT data, up to 4000, to TXT responses

EXAMPLES

$ dig -t txt go.dnscheck.tools

$ open https://dnscheck.tools/watch/123

$ dig 123.go.dnscheck.tools

$ dig 123-truncate.go.dnscheck.tools

$ dig 123-badsig.go-alg15-ipv4.dnscheck.tools

SEE ALSO

addr.tools

SOURCE

See GitHub. Bug reports and pull requests welcome.

THIRD-PARTY DATA

IP addresses are grouped by their network registrants as discovered by the Registration Data Access Protocol.

Hostnames (pointer records) and authoritative nameservers are discovered by reverse DNS resolution.

IP geolocation data is provided by ipinfo.io.

PRIVACY POLICY

No personal data is collected. This site doesn't use cookies. Cheers!

dns: 0