- Scan ID:
- 814896d7-8d87-435b-87c5-0b045daab233Finished
- Submitted URL:
- https://www.routersecurity.org/testdns.php
- Report Finished:
Links · 40 found
The outgoing links identified from the page
| Link | Text |
|---|---|
| https://www.michaelhorowitz.com | MichaelHorowitz |
| https://DefensiveComputingChecklist.com | Defensive Computing Checklist |
| https://ipinfo.io | ipinfo.io |
| https://www.dnsleaktest.com/ | DNS Leak Test |
| https://browserleaks.com/ip | browserleaks.com/ip |
| https://dnscheck.tools | dnscheck.tools |
| https://www.reddit.com/user/dnschecktool | dnschecktool |
| https://www.perfect-privacy.com/dns-leaktest/ | DNS Leaktest |
| http://dnsleak.com | dnsleak.com |
| https://www.expressvpn.com/dns-leak-test | DNS Leak Test |
JavaScript Variables · 6 found
Global JavaScript variables loaded on the window object of a page, are variables declared outside of functions and accessible from anywhere in the code within the current scope
| Name | Type |
|---|---|
| onbeforetoggle | string |
| documentPictureInPicture | string |
| onscrollend | string |
| fnSmallMenu | string |
| AddSearch | string |
| getLongExplanation | string |
Console log messages · 0 found
Messages logged to the web console
HTML
The raw HTML body of the page
<!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<meta name="title" content="Test Your DNS Servers - RouterSecurity.org">
<meta name="description" content="Test your DNS Servers - kick the tires">
<meta name="keywords" content="DNS, DNS server, DNS resolver, Michael Horowitz">
<meta name="robots" content="all">
<meta name="copyright" content="Michael Horowitz">
<meta name="revisit-after" content="7 days">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="viewport" content="width=device-width, user-scalable=no">
<title>Test Your DNS Servers - RouterSecurity.org</title>
<link rel="stylesheet" type="text/css" media="screen" href="includes/skreen4.css">
<link rel="stylesheet" type="text/css" href="includes/smartfone3.css" media="only screen and (max-width: 598px)">
<link rel="stylesheet" type="text/css" href="includes/desktop3.css" media="screen and (min-width: 599px)">
<link rel="apple-touch-icon" sizes="180x180" href="pix/apple-touch-icon.png">
<link rel="icon" type="image/png" sizes="32x32" href="pix/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="16x16" href="pix/favicon-16x16.png">
<link rel="mask-icon" href="pix/safari-pinned-tab.svg" color="#5bbad5">
<!-- ADD THE BELOW LATER
<link rel="manifest" href="/site.webmanifest">
<meta name="msapplication-TileColor" content="#da532c">
<meta name="theme-color" content="#ffffff">
REMOVED BELOW May 14, 2020
<link rel=apple-touch-icon href="pix/favicon60x60.png " />
<link rel="shortcut icon" href="pix/favicon.png" />
-->
<script>
function fnSmallMenu()
{ var y = document.getElementById("popages");
if (y.textContent === "Hide Menu") {y.textContent = "Popular Pages";}
else {y.textContent = "Hide Menu";}
var x = document.getElementById("myTopnav");
if (x.className === "topnav") {x.className += " responsive"; }
else {x.className = "topnav";}
}
</script>
<script>
function AddSearch()
{ // April 18, 2021 converted to Ajax
var xmlhttpAddSearch=new XMLHttpRequest();
xmlhttpAddSearch.onreadystatechange=function()
{if (xmlhttpAddSearch.readyState==4 && xmlhttpAddSearch.status==200)
{searchbox=xmlhttpAddSearch.responseText;
document.getElementById("divRSorgSearch").innerHTML=searchbox;
}
}
xmlhttpAddSearch.open("GET","SearchyBox.html",true);
xmlhttpAddSearch.send();
divRSorgSearch.style.display="block";
}
</script>
<script>
function getLongExplanation()
{ var xmlhttpDNSexplain=new XMLHttpRequest();
xmlhttpDNSexplain.onreadystatechange=function()
{if (xmlhttpDNSexplain.readyState==4 && xmlhttpDNSexplain.status==200)
{document.getElementById("DivLongExplain").innerHTML=xmlhttpDNSexplain.responseText; }
}
xmlhttpDNSexplain.open("GET","dnsLongExplain.html",true);
xmlhttpDNSexplain.send();
}
</script>
<style>
.fixed-ratio-resize { max-width: 100%; height: auto; width: auto; }
</style></head>
<body>
<a name="topofpage"></a>
<table cellpadding="9" cellspacing="0" width="100%">
<!-- style="border-bottom:2px solid #C18E59;" removed May 13, 2020 -->
<tbody><tr>
<td style="background-color:#935E3F; color:#FCDABC; font-weight:bold; font-size:160%; ">
<span class="desktoponly"> </span><i>Router Security</i></td>
<td style="background-color:#935E3F; color:#FCDABC; font-weight:bold; font-size:140%; ">
<span class="desktoponly">Test Your DNS Servers</span></td>
<td style="background-color:#935E3F; font-weight:bold; text-align:right; font-size:90%; ">
<span style="color:#FCDABC;">Website by</span> <br><a style="color:#FF9043; text-decoration: none;" href="https://www.michaelhorowitz.com">Michael Horowitz</a> </td></tr>
</tbody></table>
<div class="topnav" id="myTopnav">
<a id="MenuHome" href="index.php">Home</a>
<a id="MenuIndex" href="rsoSiteIndex.php" title="All the pages on this site">Site Index</a>
<a id="MenuBugs" href="bugs.php" title="Router Bugs Flaws Hacks and Vulnerabilities">Bugs</a>
<a id="MenuNews" href="RouterNews.php" title="Routers in the news">News</a>
<a id="MenuChecklist" href="checklist.php" title="A checklist of router security features">Security Checklist</a>
<a id="MenuTests" href="testrouter.php" title="Test Your Router">Tests</a>
<a id="MenuDNS" href="testdns.php" title="What DNS Servers are you using right now?" class="thismenuitem">DNS</a>
<a id="MenuResources" href="resources.php" title="Assorted Router Resources">Resources</a>
<a id="MenuStats" href="stats.php" title="Website Stats">Stats</a>
<a onclick="javascript:AddSearch();" title="Search this site">Search</a>
<a href="javascript:void(0);" class="icon" id="popages" onclick="fnSmallMenu()">Popular Pages</a>
</div>
<div name="divRSorgSearch" id="divRSorgSearch" style="display:none; background-color:#FFF1E6; margin-left: auto; margin-right: auto;"></div>
<div name="divPlug" id="divPlug" style="padding-left:8px; padding-right:4px; margin-top:0px; margin-bottom:0px; padding-top:10px; padding-bottom:10px;
line-height:120%; font-family:arial; font-size:100%; background-color:#FFF1E6; border: 1px solid black; text-align:center; ">
Also see my <a href="https://DefensiveComputingChecklist.com">Defensive Computing Checklist</a> website
</div>
<!--
<b>NOTE:</b> I gave a <a href="https://defensivecomputingchecklist.com/HOPEconference.php">presentation</a>
on Defensive Computing at the <a href="https://hope.net">HOPE conference</a> (July 2022) that was based on my
<a href="https://DefensiveComputingChecklist.com">Defensive Computing Checklist</a> website.
<div name="divPlug" id="divPlug"
style="padding-left:34px; padding-right:34px; margin-top:0px; margin-bottom:0px; padding-top:10px; padding-bottom:0px;
line-height:140%; font-family:arial; font-size:100%; background-color:#FFF1E6; text-align:center; ">
On my <a href="https://DefensiveComputingChecklist.com">Defensive Computing Checklist</a> site don't miss the
<a href="https://defensivecomputingchecklist.com/DomainNameRules.php">Domain Name</a> and
<a href="https://defensivecomputingchecklist.com/vpn.php">VPN</a> topics
</div>
-->
<!-- and <a href="https://www.michaelhorowitz.com/hiding.on.a.wifi.network.php">Hiding on a Wi-Fi network</a>
Also see my <a href="https://DefensiveComputingChecklist.com">Defensive Computing Checklist</a> site -->
<!-- <i-frame
src="https://duckduckgo.com/search.html?site=RouterSecurity.org&prefill=Search site with DuckDuckGo&kn=1&kh=1&k7=#FFF1E6"
style="margin:0;padding:0;width:420px;height:32px;"></i--frame> Opens in new Tab/Window -->
<!--
Also see my <a href="https://DefensiveComputingChecklist.com">DefensiveComputingChecklist.com</a> website
is a list, both of things to be aware of, and specific defensive steps that we can take in response to the computer threats of 2019. -->
<!--
<div name="divPlug" id="divPlug"
style="padding-left:34px; padding-right:34px; margin-top:0px; margin-bottom:0px; padding-top:10px; padding-bottom:0px;
line-height:120%; font-family:arial; font-size:90%; background-color:#FFF1E6; ">
I spoke about Router Security at the <a href="https://conferences.oreilly.com/security/sec-ny">O'Reilly Security Conference</a> in
New York City on <a href="https://conferences.oreilly.com/security/sec-ny/public/schedule/grid/public/2017-11-01">Nov. 1, 2017</a>. See
<a href="https://app.box.com/s/c3q01pfmjs49xbogfzvgs4bd140smzd7">a PDF of the slides</a></div>
-->
<div class="MainDivClass">
<div id="DivLongExplain"></div>
<div id="DivShortExplain">
<h3>Short Introduction to DNS <span style="font-weight:normal; color:black;">(switch to a <a href="#" onclick="getLongExplanation();DivShortExplain.style.display='none';DivLongExplain.style.display='block'">Long DNS explanation</a>)</span></h3>
<p>Devices connected to the Internet are assigned unique numbers called IP addresses. You know this site as RouterSecurity.org and its IP address is 216.92.136.14. All communication on the Internet is based on these unique numbers, website names and computer names are just a convenience. The system that translates names into the underlying numeric IP addresses is called DNS (Domain Name System) and the computers that do the translation are referred to as DNS servers.</p>
<p>DNS Servers are <i>extremely</i> important. Probably 99% of all communication between two computers on the Internet, starts with a call to a DNS Server to translate a computer name into an IP address.</p>
<p>Malicious DNS servers can do what any malicious translator can do - <b>lie to you</b>. For example, they might send you to a scam copy of a website. Like food, you should not take DNS servers from a stranger.</p>
<p>You can check a computer or router or browser or VPN to see what your DNS servers <i>should</i> be, but the pages below show what they actually <i>are</i> (with the tested web browser). That is, they report the DNS servers your current browser is <i>actually</i> using. We need tests like these because there are many places that DNS servers <i>could</i> have come from. How many? The optional <a href="#" onclick="getLongExplanation();DivShortExplain.style.display='none';DivLongExplain.style.display='block'">Long DNS explanation</a> here lists 13 possible sources for the DNS configuration. There may even be more.</p>
<p>I have a list of suggested <b><a href="DNS.providers.php">DNS providers</a></b>.</p>
<!-- ------------------------------------------------------------------ -->
<h3>About These Tests</h3>
<!-- ------------------------------------------------------------------ -->
<p>The tests below run in a web browser. If one browser is using encrypted DNS while another, on the same computing device, is not, then expect these tests to show different results in each browser. Likewise, if you have two web browsers using different DNS providers, expect them to report different results in the tests below. For more on encrypted DNS see the Encrypted DNS topic on my <a href="https://DefensiveComputingChecklist.com">Defensive Computing Checklist</a> site.</p>
<p>DNS query results are cached. If you make a DNS configuration change, the best way to be 100% sure that the results of the tests below are accurate, is to restart your computing device. </p>
<p>If you are using the Private DNS feature of Android (first introduced in version 9) there is no need for any of the testers below. My experience has been that Android will always use the Private DNS servers, even when a VPN is active. Thank you, Google.</p>
<p>If a test only returns an IP address, an excellent source for learning about that IP address is <a href="https://ipinfo.io">ipinfo.io</a><a>.</a></p><a>
<p>If you want to use the DNS services of your ISP (I would not), then after running a couple of these tests, check with the ISP to insure the reported DNS servers are theirs.</p>
<!-- <input type="button" name="buttonLongExplain" id="buttonLongExplain" value="Long DNS Explanation"
onclick="getLongExplanation();DivShortExplain.style.display='none';DivLongExplain.style.display='block'" /> -->
</a></div><a> <!-- End short explanation div -->
<!-- ------------------------------------------------------------------ -->
<h3>Learn Your Current DNS Servers - Generic Testers</h3>
<!-- ------------------------------------------------------------------ -->
<p>The websites below reveal the DNS servers being used by the web browser you use to view them. They are not specific to any one DNS provider. </p>
</a><ul><a>
</a><li><a></a><a href="https://www.dnsleaktest.com/">DNS Leak Test</a> is sponsored by VPN provider <b>IVPN</b>. It offers a quick standard test and a slower extended test. Both report the IP address, Hostname, ISP, City and Country for each detected DNS server. The initial screen shows your public IP address and location. (last verified Sept 2021)
<br><br></li>
<li>At <a href="https://browserleaks.com/ip">browserleaks.com/ip</a> you may need to scroll down to see a gray "Run DNS Leak Test" button. Click it. It reports the IP Address, ISP, city and country of the detected DNS servers. It does not report DNS server hostnames. Nice thing about this is that you can see both the public IP address and the DNS server IP address(es) right next to each other. The page also shows lots of other useful information. (last verified Sept 2021)<br><br></li>
<li>The website <a href="https://dnscheck.tools">dnscheck.tools</a> was created in December 2021 by Reddit user <a href="https://www.reddit.com/user/dnschecktool">dnschecktool</a>. Initially it reports the ISP of the detected DNS server(s), the Advanced tab has many more details. No ads. No tracking. On a computer using OpenDNS, some of the detected DNS server names ended with strln.net. The domain belongs to Cisco which owns OpenDNS.<br><br></li>
<li><a href="https://www.perfect-privacy.com/dns-leaktest/">DNS Leaktest</a> from VPN provider <b>Perfect Privacy</b> reports the IP address, host name, ISP and country for each detected DNS server. It does not report the state or city where the DNS server is located. (last verified Sept 2021)<br><br></li>
<!-- no twitter account, not https but shows show name of DNS server http://whoismydns.com get:Error Logging Data to Database. not a live ink -->
<li><a href="http://dnsleak.com">dnsleak.com</a> is sponsored and operated by Kape Technologies, the company that owns VPN provider <b>Private Internet Access</b>. It reports the IP address, hostname, city/region, country and ISP for each detected DNS server. (last verified Sept 2021)<br><br></li>
<li><a href="https://www.expressvpn.com/dns-leak-test">DNS Leak Test</a> from VPN provider <b>ExpressVPN</b> reports the IP address, "Provider" and Country for each detected DNS server. It does not report a hostname or city. Note that it always warns that "DNS requests exposed!" which <i>really</i> means you are not connected to ExpressVPN. (last verified Sept 2021)<br><br></li>
<li>The <a href="https://tenta.com/test/"><b>Tenta</b> VPN tester</a> reports the IP address, ISP, and the city, state and country for detected DNS servers. It does not show the hostname. If you click the link to the Advanced Test results, then it also shows a whole host of advanced data about each DNS server. The meaning and importance of this data is beyond me (and not explained). The test may be buggy, I once saw the same DNS server IP address listed eight times. (last verified Sept 2021)<br><br></li>
<li><a href="https://ipx.ac">ipx.ac</a> is from VPN provider <b>VPN.ac</b>. Click the big orange button to "Test for leaks and footprints" at the bottom of the page to see the IP address, country and ISP of detected DNS servers. It does not show the names of each DNS server. The page tests much more than just DNS. (last verified Jan. 2022)<br><br></li>
<li><a href="https://www.whatsmydnsserver.com">whatsmydnsserver.com</a> is from the people that gave up top10vpn.com. It reports the IP address, ISP and Country where your DNS server lives. It does not report the DNS server name. The explanation of DNS on the page is awful. (last verified Jan. 2022)<br><br></li>
<!--<a href="http://www.whatsmydnsserver.com/">www.whatsmydnsserver.com</a> is from <b>Sericon Technology</b>. It the IP address and "Owner" of a detected DNS server. (last verified Sept 2021) -->
<li>The <a href="https://www.f-secure.com/us-en/home/free-tools/router-checker">F-Secure Router Checker</a> does <i>not</i> really check routers, it simply reports on a DNS server (IP address, ISP and country). The company says their goal is to insure that your router is using an "authorized DNS server" but there is no such thing and they don't define it. (last verified Sept 2021)<br><br></li>
<li><a href="https://ipleak.net">ipleak.net</a> is from VPN provider <b>AirVPN</b>. For each DNS server, it reports the IP address and location. No ISP or DNS server hostname. It also reports on other things such as WebRTC, IPv6 and your screen resolution. This is my least favorite option as the font used for the IP addresses is all but unreadable. It is also available on ports 8000 and 62222. <br><br></li>
</ul>
<!-- ----------------------------------------------------------------------- -->
<h3>Learn Your Current DNS Servers - Specific Providers</h3>
<!-- ----------------------------------------------------------------------- -->
<p>The web pages below are from DNS providers and test whether their system is actually being used. They are a health/sanity check that confirms things are correctly configured. If you use one of these DNS providers, their customized test is preferable to the above generic tests. Again, DNS needs to be tested in every web browser on your computing device. </p>
<ul>
<li><b>Quad9</b>: has their own <a href="https://on.quad9.net/">DNS tester page</a>. This is the result when the browser <a href="https://www.quad9.net/uploads/Screenshot-20.png">is using Quad9</a>. They also have detailed explanations on how to confirm the use of Quad9 in <a href="https://www.quad9.net/support/set-up-guides/how-to-confirm-you-re-using-quad9-windows/">Windows</a>, <a href="https://www.quad9.net/support/set-up-guides/how-to-confirm-you-re-using-quad9-macos">macOS</a> and <a href="https://www.quad9.net/support/set-up-guides/how-to-confirm-you-re-using-quad9-linux">Linux</a>. These write-ups include operating system level tests.
(last verified July 2023)<br><br></li>
<li><b>Cloudflare</b> has a tester page at <a href="https://cloudflare-dns.com/help/">cloudflare-dns.com/help</a>. A more memorable URL that also works is
<a href="https://1.1.1.1/help/">1.1.1.1/help</a>. The most important thing these report are "Connected to 1.1.1.1" which is YES/NO. If you are using Cloudflare, it shows the status of DNS over HTTPS and DNS over TLS. The "AS Name" identifies the ISP of your DNS provider. These pages also test the ability of your computer to connect to 1.1.1.1 and 1.0.0.1 and their IPv6 siblings.
Note that these tester pages are <i>only</i> interested in Cloudflare. When it says that neither DoH nor DoT is being used, that means they are not being used <i>with Cloudflare</i>. A web browser that is using DoH or DoT with another DNS provider, will be reported as not using DoH or DoT.<br><br>
As detailed on the suggested <b><a href="DNS.providers.php">DNS providers</a></b> page, Cloudflare offers three DNS services: unfiltered, malware blocking and <a href="https://cloudflare-dns.com/family/">Family</a> which blocks both malware and porn.<ul>
<li>Verify that the malware blocking is working at <a href="https://phishing.testcategory.com/">phishing.testcategory.com</a>. If the page displays at all, it is NOT working.</li>
<li>Verify that the porn blocking is working at <a href="https://nudity.testcategory.com">nudity.testcategory.com</a>. If the page displays at all, it is NOT working.</li>
<li>Screen shots: If phishing is allowed, you will see <a href="pix/cloudflare.phishing.allowed.webp">this page</a>. If phishing is blocked you will see <a href="pix/cloudflare.phishing.not.allowed.brave.webp">this in Brave</a> or this if <a href="pix/cloudflare.phishing.not.allowed.opera.webp">using Opera</a>.</li></ul>
<br>Want more? Cloudflare also provides <a href="https://www.cloudflarestatus.com/">www.cloudflarestatus.com</a> which reports the overall status of their service. Ironically, if their service is down, it will block their users from seeing this website. You can not access cloudflarestatus.com by IP address. I tried.<br><br></li>
<li><b>OpenDNS</b>: If you are using OpenDNS, you can verify this at <a href="https://www.opendns.com/welcome/">www.opendns.com/welcome/</a>. Rather than show all detected DNS servers, it simply reports a YES/NO status on whether OpenDNS is in use. (last verified July 2023)<br><br></li>
<li>The <b>Mullvad</b> <a href="https://mullvad.net/en/check/">connection check</a> page has four big buttons that are either red or green. One is for DNS. If you are not connected to the Mullvad VPN, it will say that you are leaking DNS servers. Still, it is useful to everyone, not just Mullvad customers. Click on the downward pointing arrow on the DNS button to see the IP address, ISP/Provider and the location (in the US, it shows the City and State) of the detected DNS server(s). If you are connected to the Mullvad VPN, then it also shows the server name. Note that if you are using their Secure DNS service without their VPN, it will show in green and say that DNS is not leaking. (last verified December 2022) <br><br></li>
<li>If you use <b>AdGuard</b> for DNS, their <a href="https://adguard.com/en/adguard-dns/overview.html">overview page</a> includes a tester and will confirm/deny the use of their service. It is in the middle of the page, look for "AdGuard DNS servers map" If not using their service, it says "You are currently not using AdGuard DNS" In addition they have a <a href="https://adguard.com/en/test.html">dedicated tester page</a> that tests both for their DNS service and for other software of theirs. (last verified Sept 2021)<br><br></li>
<li>The <b>Control D</b> <a href="https://controld.com/status">Configuration Status</a> page shows your public IP address and whether their service is being used. If not, it says "Not Using Control D" in red with a red X.<br><br></li>
<li><b>NEXTDNS</b> (topic last updated March 26, 2023<br>
The NextDNS tester page is: <a href="https://test.nextdns.io">test.nextdns.io</a>. Their documentation is scarce, so most of the below are just my observations.<br><br>
A status of "ok" means that NextDNS is being used. A status of "unconfigured" means it is not being used. From
<a href="https://help.nextdns.io/t/q6hw5td/is-there-doc-for-test-nextdns-io">here</a><br>
When not in use, the only fields displayed are "resolver" (an IP address), "srcIP" and "server" (a name).<br><br>
When NextDNS is being used there are multiple options: it could be used with secure encrypted DNS (DoH or DoT) or with old insecure DNS.
Regardless of how you connect to NextDNS, their service might be used with your account and one of your profiles, or without your account. Even without an account,
NextDNS still offers ad and tracker blocking, just not in the customized manner that having an account allows. <br><br>
WORST CASE: When NextDNS is being used with old insecure DNS and without any of your profiles, the result looks like this <br><br><span style="font-family:courier;">
"status": "ok",<br>
"protocol": "UDP",<br>
"client": "1.2.3.4", <br>
"srcIP": "1.2.3.4",<br>
"destIP": "45.90.28.77",<br>
"anycast": true,<br>
"server": "zepto-ams-1",<br>
"clientName": "unknown" </span> <br><br>
The "protocol" value of UDP is what indicates that secure encrypted DNS is not being used. Old DNS uses UDP, new DNS uses TCP. When encrypted DNS is used, the protocol will be either DOH or DOT. In the above, 1.2.3.4 represents your public IP address (if connected to a VPN, it is the IP address of the VPN server). "destIP" is the IP v4 address of a NextDNS DNS server.<br><br>
ONE STEP UP: When NextDNS is being used with old insecure DNS but also with one of your account profiles, the result looks like this:
<br><br><span style="font-family:courier;">
"status": "ok",<br>
"protocol": "UDP",<br>
"profile": "xxxxxxxxxxxxxxxxxx",<br>
"client": "1.2.3.4",<br>
"srcIP": "1.2.3.4",<br>
"destIP": "45.90.28.77",<br>
"anycast": true,<br>
"server": "vultr-sea-1",<br>
"clientName": "unknown"</span> <br><br>
The important difference is the presence of the "profile". The character string displayed here is not the same as that shown on the NextDNS website, so I don't know how to figure out which specific profile NextDNS is using. <br><br>
I ran into this case when using a VPN that offered a Custom DNS option that only supported an IPv4 address (Mullvad on Windows). I set the Custom DNS IP address to one provided by NextDNS for my profile (on the NextDNS website) and then told NextDNS to use that profile with the pubic IP address of one specific VPN server (on the website this is the "Linked IP"). This also required that the browser used for the test was not configured to use secure DNS. This is a fragile setup, as it breaks when you connect to any other VPN server.
<br><br>
BEST CASE: When NextDNS is being used securely and with one of your profiles, the result looks like this <br><br><span style="font-family:courier;">
"status": "ok",<br>
"protocol": "DOH",<br>
"profile": "xxxxxxxxxxxxxxxxxx",<br>
"client": "1.2.3.4",<br>
"srcIP": "1.2.3.4",<br>
"destIP": "149.248.36.234",<br>
"anycast": false,<br>
"server": "vultr-sea-1",<br>
"clientName": "unknown-doh",<br>
"deviceName": "MikeyFirefox",<br>
"deviceID": "xxxxx" </span> <br><br>
A "protocol" value of DOH (for DNS over HTTPS) indicates that secure encrypted DNS is being used. A value of DOT also means that secure DNS is being used. Here, again, 1.2.3.4 represents your public IP address.
The "destIP" is the DNS server IP address. The one in the example (<span style="font-family:courier;">149.248.36.234</span>) is in Seattle. This should be
physically close to your location when not using a VPN, and close to the VPN server when connected to a VPN.
The "server" is the name of the DNS server being used.NextDNS seems to include a location indicator in the server name. In the example above, "sea" is probably for Seattle. <br><br>
NextDNS lets you have multiple devices in a single profile and give a name to each device which makes it easy to distinguish one device from another in the logs. That said, a device is not a device, as three different browsers on the same computer can have three different DNS profiles. In the above, the "deviceName" is "MikeyFirefox". That copy of Firefox was configured with this DNS server name<br>
<span style="font-family:courier;"> https://dns.nextdns.io /xxxxxx/ MikeyFirefox</span><br>
where the Xs represent a specific NextDNS profile of mine (the spaces are only there due to page formatting quirks in some browsers). The Chrome browser on the same computer, could have a different device name. Note that Chrome also uses DoH, so the format of the DNS server name in the Chrome settings is the same as shown above.
I don't know what to make of the "deviceID", the "profile" or the "anycast" value of true or false.
<!-- When in use, more fields are shown: "protocol" (DOH or DOT), "client" (your public IP address), "srcIP" (also you public IP
address in my testing), "destIP" (the DNS resolver IP address), "clientName", -->
<br><br>
The <a href="https://nextdns.io">NextDNS</a> website can also serve as a DNS tester. From the home page, click the blue button that says "Try it now".
If NextDNS <b>is</b> being used, near the top of the resulting page it will say either <i>"All good! This device is using NextDNS with this configuration"</i>
or <i>"This device is using NextDNS with another profile."</i> Note that these messages do not imply that either DoH or DoT are being used. NextDNS is just
as happy to use old, insecure, UDP-based DNS.
If NextDNS is <b>not being used</b>, the page will say: <i>"This device is not using NextDNS. This device is currently using xxxxxx as DNS resolver"</i>.
Note that these messages are poorly worded. The test does not apply to an entire device system wide, it is only valid for the web browser currently being used.
For more detailed results, log into the NextDNS website from whatever browser you which to test.
<br><br></li>
<!-- on the website This device is using NextDNS with another profile. loggged in or not? -->
</ul>
<!-- ----------------------------------------------------------------------- -->
<h3>OPERATING SYSTEM TESTS</h3>
<!-- ----------------------------------------------------------------------- -->
<p>To see what the Operating System is using for DNS, outside of any web browsers, we can use the <b>nslookup</b> command on desktop operating systems (Windows, macOS, Linux). The command syntax is very simple: <span style="font-family:courier;">"nslookup domainname"</span>. The first thing returned by the command is the name and IP address of the default DNS server. Below is a screen shot from Windows 7 showing the system is using DNS server dns9.quad9.net at IP address 9.9.9.9. </p>
<img class="fixed-ratio-resize" src="pix/nslookup.example.webp" style="border:1px solid black;" alt="nslookup command on Win7" title="nslookup command on Win7">
<p>DNS configurations in the Operating System can be all over the map. There can be different DNS servers configured for Ethernet vs. Wi-Fi. And, each wireless network (SSID) can be configured to use different DNS servers. Android 9, 10, 11 and 12 allow a global DNS setting for the entire operating system. iOS is the exact opposite, it even allows each app to configure its own DNS servers.</p>
<p>If a specific network connection does not specify any specific DNS server(s), then it gets assigned DNS servers by the router. But, again, a complication. The router may function as a DNS server itself, or it may simply pass DNS requests out to a DNS server on the Internet. </p>
<p>In the example above, the network connection was specifically configured to use Quad9. In the example below, a Windows 10 computer is using the router itself (at 192.168.1.99) as the DNS server. </p>
<img class="fixed-ratio-resize" src="pix/nslookup.routerincharge.webp" style="border:1px solid black;" alt="nslookup command showing router in charge" title="nslookup command showing router in charge">
<p>FYI: On Windows, there are a couple debug options for the nslookup command. More here: <a href="https://isc.sans.edu/diary/nslookups+Debug+Options/30894/">nslookup's Debug Options</a> by Didier Stevens (May 5, 2024). </p>
<p>Another option for Windows users is the <span style="font-family:courier;">ipconfig</span> command. Its equivalent for MacOS and Linux is <span style="font-family:courier;">ifconfig</span>. </p>
<p>On Windows, the command <span style="font-family:courier;">ipconfig /all</span> shows details, including the DNS server(s) for all the defined network connections. Note that this only applies to the old insecure version of DNS. It does not know about browsers using new secure DNS. And, what the operating system specifies for old DNS can be transparently over-ridden by the router. Also, when connected to a VPN, there will be one entry for the net connection without the VPN (WiFi or Ethernet or 4G) and another entry for the VPN connection. Which DNS servers are really being used by the OS when not running a web browser? See nslookup above.</p>
<p>This command can also useful after closing a VPN connection. I have seen VPN software that did not reset the DNS servers correctly when shut down. This left the computer using the DNS servers from the VPN company even when the VPN software was not running.</p>
<p>macOS offers the <span style="font-family:courier;">scutil -dns</span> command. Look for nameserver. The website ss64.com offers full <a href="https://ss64.com/osx/scutil.html">command syntax</a>.
</p><p>Linux should offer the <span style="font-family:courier;">nmcli</span> command. Its output contains various sections, including "DNS configuration". See its <a href="https://linux.die.net/man/1/nmcli">man page</a>.</p>
<p>On both Linux and macOS, you can also use the <span style="font-family:courier;">dig</span> command to see which DNS server is being used.
<br>On macOS, do Applications -> Utilities -> Terminal
<br> For Linux see <a href="https://www.howtogeek.com/663056/how-to-use-the-dig-command-on-linux/">How to Use the dig Command on Linux</a> by Dave McKay (April 2020). A simple
<br> <span style="font-family:courier;">dig <i>somedomain.com</i></span>
<br>command should display the DNS server used to answer the question. Look for "SERVER:" in the output.</p>
<p>I am not an iOS developer, but from what I have read about DNS on iOS it is far too complicated for non-developers to understand. Perhaps the best support for this opinion, is a video for iOS developers, <a href="https://developer.apple.com/videos/play/wwdc2020/10047/">Enable encrypted DNS</a>, where the description says "... enable encrypted DNS within an app using standard networking APIs..." So, if each app can have its own DNS configuration, what testing/checking could anyone do? Also, in my blog on <a href="https://michaelhorowitz.com/VPNs.on.iOS.are.scam.php">VPNs on iOS are a scam</a>, I noticed iOS 15.6 making normal old UDP port 53 DNS requests to the router despite its being configured to use NextDNS system-wide. iOS does not fully honor the system wide DNS setting. There is much more on this in the DNS Long Explanation (click at the top of the page). </p>
<!-- ----------------------------------------------------------------------- -->
<h3>AND...</h3>
<!-- ----------------------------------------------------------------------- -->
<p>Hard to believe, there is still <a href="dns.still.more.php">more to say about DNS</a>. </p>
<p> </p>
<div style="font-size:90%; text-align:center; background-color:#FFF1E6; color:#935E3F; border-top:1px solid #FF9043;">
<div style="float:right;"><a href="#topofpage" title="Go to the top of the page">Top</a> </div>
Page Created: November 13, 2018 <span class="desktoponly"> </span><span class="phoneonly"><br></span>
Last Updated: August 31, 2024 6PM CT
</div>
<div style="font-family:verdana; font-size:90%; background-color:#FFF1E6; color:#935E3F; text-align:center;">Viewed 1,159,607 times<span class="phoneonly"><br></span> (542/day over 2,138 days) </div>
<div style="padding-left:0px; margin-top:0px; margin-bottom:0px; padding-top:0px;
line-height:240%; font-family:verdana; font-size:90%; text-align:center; color: #FCDABC;
background-color:#935E3F;
border-bottom:2px solid #FF9043;"> <!-- bkgrnd color was FF9043 -->
Website by <a style="color:white;" href="https://www.michaelhorowitz.com">Michael Horowitz</a>
<span class="desktoponly"> </span>
<span class="phoneonly"><br></span>
Feedback: routers __at__ michaelhorowitz dot com
<span class="desktoponly"> </span>
<span class="phoneonly"><br></span>
<a style="color:white;" href="changelog.php">Changelog</a></div>
<div style="text-align:center; font-size:80%; margin-top:0px; padding-top:0px; line-height:110%; margin-bottom:10px;
font-family:courier;">Copyright 2015 - 2024</div>
<script language="JavaScript">
document.getElementById("MenuDNS").className="thismenuitem";
</script>
</div></body></html>