I kept running into DNS issues, and needed to triple-check that I was pointing to the right DNS servers, so I made this utility website that does exactly that: which-dns [1]
This isn't a new idea ([2]), but mine supports https (hat tip to Matt Holt's certmagic [3]), is ad-free, and the source is available [4].
> How does it work? You make a request to a hostname with a unique prefix. All hostnames resolve to the same IP, but the DNS server records which IP address the query came from. The webserver looks for this record and returns it.
That's a smart way of detecting a user's DNS server - well done!
Is there a way to "fail" the first request and try to force the user's secondary DNS to kick in so that it can be detected too?
The extended test on https://www.dnsleaktest.com/ does that. There’s also various tests that reveal EDNS subnet leakage.
It’s pretty easy to implement; somehow don’t respond to a request, but do respond to a second. (If you’re clever you can probably do it without server side state, e.g. encode a deadline in the custom hostname.)
It only sees the "last hop" of recursive DNS resolution [1]. If you have internal DNS servers, you would need to run a copy of which-dns internally, and your internal DNS servers would need have the which-dns entries added.
If you want to see if a local workstation is pointing to a different public/external DNS server than the rest of your network, it should work.
This isn't a new idea ([2]), but mine supports https (hat tip to Matt Holt's certmagic [3]), is ad-free, and the source is available [4].
Let me know what you think!
[1] https://which.nameserve.rs
[2] http://www.whatsmydnsserver.com/
[3] https://github.com/caddyserver/certmagic
[4] AGPL. It is my first foray into golang. https://github.com/redirect2me/which-dns