A custom developed DNS nameserver that creates dynamic delegated subdomains to enable clients to always query for never-seen-before resource records in order to support a general-purpose framework for testing DNS resolvers. Back to checking!
With the special crafted subdomains and the ability to send "wrong" DNS answers it is possible to analyze the functionality and hopefully tell what RFCs the clients DNS resolver infrastructure supports.
Using an API backend and JavaScript at the clients browser we can analyze every step of the DNS and provide full packet trace.
While many of the checks are simple checks for transport and protocol support, such as IPv6 and TCP, some are for advance features.
This checks if RPKI origin validation is enabled between the DNS resolver and authority.
Please read the blog post RPKI origin validation for resolvers! for more information.
This checks if querying is done as described in RFC 7816, DNS Query Name Minimisation to Improve Privacy.
Feedback, comments or issues can be made on GitHub or if that does not work there is also Twitter @dnsoarc and email.
The DNS Operations, Analysis, and Research Center (DNS-OARC) brings together key operators, implementors, and researchers on a trusted platform so they can coordinate responses to attacks and other concerns, share information and learn together.
OARC, Inc. is a nonprofit corporation formed under the laws of the State of Delaware. The corporation was created June 30, 2008 (file number 4569769).
For more information please visit https://www.dns-oarc.net.