Testing DNS Resolvers

Frederic Cambus May 16, 2013 [DNS]

Checking the IP address of the DNS resolver in use:

These servers will reflect the IP address of the host querying them.

dig whoami.akamai.net +short

dig whoami.ultradns.net +short

dig resolver.dnscrypt.org +short

Checking if your own local DNS resolver is open:

This one is pretty much self-explanatory.

dig amiopen.openresolvers.org TXT +short
"Your resolver at is CLOSED"

Checking your resolver's source port behavior:

A test server allowing to check resolver's source port randomization, and grading them (either POOR, GOOD, or GREAT randomness). More information here.

dig porttest.dns-oarc.net TXT +short
" is GREAT: 71 queries in 37.0 seconds from 71 ports with std dev 19761"

DNS Reply Size Test Server:

A test server allowing to identify resolvers that cannot receive large DNS replies. More information here.

dig rs.dns-oarc.net TXT +short
;; Truncated, retrying in TCP mode.
" DNS reply size limit is at least 4091"
"Tested at 2013-05-16 18:00:19 UTC"
" sent EDNS buffer size 4096"