Testing DNS Resolvers

Frederic Cambus May 16, 2013 [DNS]

Checking the IP address of the DNS resolver in use:

These servers will reflect the IP address of the host querying them.

dig whoami.akamai.net +short
149.20.64.20

dig whoami.ultradns.net +short
149.20.64.20

dig resolver.dnscrypt.org +short
149.20.64.20

Checking if your own local DNS resolver is open:

This one is pretty much self-explanatory.

dig amiopen.openresolvers.org TXT +short
"Your resolver at 175.45.176.1 is CLOSED"

Checking your resolver's source port behavior:

A test server allowing to check resolver's source port randomization, and grading them (either POOR, GOOD, or GREAT randomness). More information here.

dig porttest.dns-oarc.net TXT +short
porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"149.20.64.20 is GREAT: 71 queries in 37.0 seconds from 71 ports with std dev 19761"

DNS Reply Size Test Server:

A test server allowing to identify resolvers that cannot receive large DNS replies. More information here.

dig rs.dns-oarc.net TXT +short
;; Truncated, retrying in TCP mode.
rst.x4091.rs.dns-oarc.net.
rst.x3837.x4091.rs.dns-oarc.net.
rst.x3843.x3837.x4091.rs.dns-oarc.net.
"149.20.64.20 DNS reply size limit is at least 4091"
"Tested at 2013-05-16 18:00:19 UTC"
"149.20.64.20 sent EDNS buffer size 4096"