Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


The following servers are configured to support TLS on port 1021 853 and STARTTLS on port 53 for testing purposes.


  • Hosted by the getdns API implementation project at (Unbound 1.5.6):

    • IP address: and 2a04:b900:0:100::38
    • (Note this server does not support UDP without DNS Cookies)

Authoritative test server hosted by Verisign Labs:


Server typeHosted byIP addressesServer keyHostname for TLS authenticationSPKI pin for TLS authentication (RFC7858)


AuthoritativeVerisign Labs173.255.254.151nsd.key [Note that this

is a self-signed certificate so does not pass

authentication by default.]




How to Decode TLS packets in Wireshark