Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The following servers are configured to support TLS on port 853 and STARTTLS on port 53 for testing purposes.

Public Test resolver

  • Hosted by the getdns API implementation project at getdnsapi.net (Unbound 1.5.6):

  • IP address: 185.49.141.38 and 2a04:b900:0:100::38
  • Note this server does not support UDP without DNS Cookies (RFC7873)Also note the server does not yet support EDNS0 TCP Keepalive (RFC7828) or out-of-order response processing (RFC7766)

Authoritative test server hosted by Verisign Labs:

  • Verisign Labs are kindly hosting a test zone on a server (running a patched version of NSD):
    • The zone is named dns-over-tls.verisignlabs.com and it has A, AAAA, and TXT records for names from 'L001' to 'L100'. 

    • The IP address of the server is currently 173.255.254.151

    • Server key file is available to download here: nsd.key

    • The zone is signed

    • This server also supports TCP fast open

...

  •  concurrent processing or TCP queries (RFC7766)
Server typeHosted byIP addressesServer keyHostname for TLS authenticationSPKI pin for TLS authentication (RFC7858)
Public Test Resolvergetdnsapi.net

185.49.141.38

2a04:b900:0:100::38

 

getdnsapi.netfoxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9S=AuthoritativeVerisign Labs173.255.254.151nsd.key

starttls.verisignlabs.com [Note that this

is a self-signed certificate so does not pass

authentication by default.]

 

 

...

How to Decode TLS packets in Wireshark

...