0%
WDescription%
Build stability: All recent builds failed.0
Build History
x

Project dnsprivacy-monitoring

## The Tests

All the following are tested over TLS connections.

- **TLS**  Does the server answer DNS queries over TLS on port 853 with no SNI sent?
- **TLS 443**  Does the server answer DNS queries over TLS on port 443  with no SNI sent?
- **Strict Name** Does the server pass Strict authentication using the authentication domain name only?
- **Strict Name 443** Does the server pass Strict authentication using the authentication domain name only on 443 (some operators require an SNI on 443 to defend against attacks)?
- **Strict SPKI** Does the server pass Strict authentication using SPKI pins only (if a SPKI pins are published)?
- **Cert 0** Are there 0 days or less to certificate expiry?
- **Cert 14** Are there 14 or fewer days to certificate expiry?
- **QNAME min** Is the server configured to use QNAME minimisation [RFC7816]?
- **RTT 250** Is a simple query round trip time from the probe location (in the UK) < 250ms?
- **DNSSEC** Is the server doing DNSSEC validation (i.e. returning SERVFAIL for bogus domains)?
- **Keepalive** Does the server support the EDNS0 Keepalive option [RFC7828]?
- **Padding** Does the server add an EDNS0 Padding option to the response if one is in the query [RFC7830]?
- **TLS 1.3** Does the server support TLS 1.3 ?
- **OOOR** Does the server give Out Of Order Responses (Experimental, may give false negatives)?

## Results
* **GREEN** indicates success
* **RED** indicates failed test (this might result from non DNS related issues such server being off line, blocking from the probe location, etc.) Note that the 'Strict mode' tests could fail for a number of reasons including incorrect credentials, self-signed certificates for name only authentication, incompatible TLS version or Cipher suites, etc. The console log of the test may give more information.
* **GREY** indicates test not run (e.g. due to lack of available transport or the lack of the SPKI pin)

## Notes
Authentication information is taken from the [DNS Privacy Project Test Servers page](https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Test+Servers)
These tests use [a getdns based monitoring plugin](https://github.com/banburybill/getdns/tree/feature/monitor-tool) which is currently under development. It is based on Stephane Bortzmeyer’s [getdns based nagios plugin](https://github.com/bortzmeyer/monitor-dns-over-tls).

Note that Quad9, Cloudflare and Google operate an anycast service so the results below are just for our local server (London).


Configuration MatrixTLSTLS 443Strict NameStrict Name 443Strict SPKICert 0Cert 14QNAME minRTT 250DNSSECKeepalivePaddingTLS 1.3OOOR
dnsovertls.sinodun.comv4
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Failed
Success
v6
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Failed
Success
dnsovertls1.sinodun.comv4
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Failed
Success
v6
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Failed
Success
getdnsapi.netv4
Success
Failed
Success
Failed
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
v6
Success
Failed
Success
Failed
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
dns.quad9.netv4
Success
Failed
Success
Failed
Not configured
Success
Success
Success
Success
Success
Failed
Failed
Success
Failed
v6
Success
Failed
Success
Failed
Not configured
Success
Success
Success
Success
Success
Failed
Failed
Success
Failed
dns.googlev4
Success
Failed
Success
Failed
Not configured
Success
Success
Success
Success
Success
Failed
Success
Success
Success
v6
Success
Failed
Success
Failed
Not configured
Success
Success
Success
Success
Success
Failed
Success
Success
Success
1dot1dot1dot1.cloudflare-dns.comv4
Success
Failed
Success
Failed
Not configured
Success
Success
Success
Success
Success
Failed
Success
Success
Success
v6
Success
Failed
Success
Failed
Not configured
Success
Success
Success
Success
Success
Failed
Success
Success
Success
security-filter-dns.cleanbrowsing.orgv4
Success
Failed
Success
Failed
Not configured
Success
Success
Success
Success
Success
Failed
Failed
Failed
Failed
v6
Not configured
Not configured
Not configured
Not configured
Not configured
Not configured
Not configured
Not configured
Not configured
Not configured
Not configured
Not configured
Not configured
Not configured
dns.adguard.comv4
Success
Failed
Success
Failed
Not configured
Success
Success
Success
Success
Success
Failed
Failed
Failed
Failed
v6
Success
Failed
Success
Failed
Not configured
Success
Success
Success
Success
Success
Failed
Success
Failed
Failed
unicast.censurfridns.dkv4
Success
Failed
Success
Failed
Failed
Success
Success
Failed
Success
Success
Failed
Failed
Success
Failed
v6
Success
Failed
Success
Failed
Failed
Success
Success
Failed
Success
Success
Failed
Failed
Success
Failed
dot.xfinity.comv4
Success
Failed
Success
Failed
Not configured
Success
Success
Failed
Success
Success
Failed
Failed
Failed
Success
v6
Success
Failed
Success
Failed
Not configured
Success
Success
Failed
Success
Success
Failed
Failed
Failed
Success
dot1.appliedprivacy.netv4
Success
Failed
Success
Success
Failed
Success
Success
Success
Success
Success
Success
Failed
Success
Failed
v6
Success
Failed
Success
Success
Failed
Success
Success
Success
Success
Success
Success
Failed
Success
Failed
kaitain.restena.luv4
Success
Failed
Success
Failed
Success
Success
Success
Success
Success
Success
Failed
Failed
Failed
Success
v6
Success
Failed
Success
Failed
Success
Success
Success
Success
Success
Success
Failed
Failed
Failed
Success
dot-de.blahdns.comv4
Success
Success
Success
Success
Failed
Success
Success
Success
Success
Success
Failed
Failed
Success
Failed
v6
Success
Success
Success
Success
Failed
Success
Success
Success
Success
Success
Failed
Failed
Success
Failed
dot-jp.blahdns.comv4
Success
Success
Success
Success
Failed
Success
Success
Success
Failed
Success
Failed
Failed
Success
Failed
v6
Success
Success
Success
Success
Failed
Success
Success
Success
Failed
Success
Failed
Failed
Success
Failed
dnsovertls2.sinodun.comv4
Success
Failed
Success
Failed
Success
Success
Success
Success
Success
Success
Failed
Success
Failed
Success
v6
Success
Failed
Success
Failed
Success
Success
Success
Success
Success
Success
Failed
Success
Failed
Success
dnsovertls3.sinodun.comv4
Success
Failed
Success
Failed
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
v6
Success
Failed
Success
Failed
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
dns.cmrg.netv4
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
v6
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
dns.neutopia.orgv4
Success
Success
Success
Success
Success
Failed
Failed
Success
Success
Failed
Failed
Success
Success
Failed
v6
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
privacydns.go6lab.siv4
Not configured
Not configured
Not configured
Not configured
Not configured
Not configured
Not configured
Not configured
Not configured
Not configured
Not configured
Not configured
Not configured
Not configured
v6
Success
Failed
Success
Failed
Success
Success
Success
Success
Success
Success
Failed
Failed
Failed
Failed
dnsotls.lab.nic.clv4
Success
Success
Success
Success
Not configured
Success
Success
Success
Success
Success
Success
Failed
Failed
Success
v6
Success
Success
Success
Success
Not configured
Success
Success
Success
Success
Success
Success
Failed
Failed
Success
ibksturm.synology.mev4
Success
Failed
Success
Failed
Failed
Failed
Failed
Failed
Success
Failed
Failed
Failed
Success
Failed
v6
Not configured
Not configured
Not configured
Not configured
Not configured
Not configured
Not configured
Not configured
Not configured
Not configured
Not configured
Not configured
Not configured
Not configured
ns0.ldn-fai.netv4
Success
Success
Failed
Failed
Not configured
Failed
Failed
Failed
Success
Success
Failed
Failed
Success
Success
v6
Success
Success
Failed
Failed
Not configured
Failed
Failed
Failed
Success
Success
Failed
Failed
Success
Success
fdns1.dismail.dev4
Success
Failed
Success
Failed
Success
Success
Success
Failed
Success
Success
Failed
Failed
Success
Success
v6
Success
Failed
Success
Failed
Success
Success
Success
Failed
Success
Success
Failed
Failed
Success
Success
dns.digitale-gesellschaft.chv4
Success
Failed
Success
Failed
Not configured
Success
Success
Success
Success
Success
Failed
Failed
Success
Success
v6
Success
Failed
Success
Failed
Not configured
Success
Success
Success
Success
Success
Failed
Failed
Success
Failed
dns.switch.chv4
Success
Failed
Success
Failed
Not configured
Success
Success
Success
Success
Success
Success
Failed
Failed
Failed
v6
Success
Failed
Success
Failed
Not configured
Success
Success
Success
Success
Success
Success
Failed
Failed
Failed
dot.ffmuc.netv4
Success
Failed
Success
Failed
Not configured
Success
Success
Success
Success
Success
Failed
Failed
Success
Failed
v6
Success
Failed
Success
Failed
Not configured
Success
Success
Success
Success
Success
Failed
Failed
Success
Failed