DNS over TLS using IPv6

  • DNS Benchmark v2 is Finished and Available!
    Guest:
    That's right. It took an entire year, but the result far more accurate and feature laden than we originally planned. The world now has a universal, multi-protocol, super-accurate, DNS resolver performance-measuring tool. This major second version is not free. But the deal is, purchase it once for $9.95 and you own it — and it's entire future — without ever being asked to pay anything more. For an overview list of features and more, please see The DNS Benchmark page at GRC. If you decide to make it your own, thanks in advance. It's a piece of work I'm proud to offer for sale. And if you should have any questions, many of the people who have been using and testing it throughout the past year often hang out here.
    /Steve.
  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.

  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

C

caffee1

New member
Dec 13, 2025
2
0
I'm new to v2 and downloaded the current version (2.0.9477.3) today.
In benchmarking some DNS over TLS servers, I noticed the results does not appear to plot any ipv6 dns servers I included in the benchmark (e.g. google at 2001:4860:4860::8888 and 2001:4860:4860::8844). These are green in the list of servers indicating they are not sidelined. Nevertheless no plot or tabular data was produced for these servers. Is this perhaps a "more-to-come" or have I missed something in my configuration ?

I should note that I specified running DNS over TLS servers. On closer examination of the add/remove function, I see I am only able to specify DNS over TLS servers by their name and not their address. Perhaps this would be a useful addition since I am accustomed to specifying DNS servers by address.
 
Last edited:
caffee1 said:
I should note that I specified running DNS over TLS servers.
Click to expand...
That is why DNSB is only testing DOT servers. Because you told it to. :)

Have you saved an INI file?

If you have NOT saved an INI file:

Click the red icon in the UL corner of DNSB's main window (no benchmark running) to display the drop down main menu. About a fourth of the way down there are four DNS protocols. Click them to enable or disable as you wish.

If you have saved an INI file:

With DNSB not running:

You will have to either delete or rename the INI file, or move the INI file out of the DNSB folder. Then restart DNSB. DNSB will enable all protocols. After selecting the number of measurements DNSB will again ask you which protocol(s) you wish to test.

The presence of an INI file overrides the choice of protocols on the main drop down menu.
 
What are the Alt Spacebar menu settings and the
on-the-way-to-Benchmark settings for
IPv4, IPv6, DoH, and DoT?

1765669942759.png
 
  • Like
Reactions: GreenWine
DanR said:
That is why DNSB is only testing DOT servers. Because you told it to. :)

Have you saved an INI file?

If you have NOT saved an INI file:

Click the red icon in the UL corner of DNSB's main window (no benchmark running) to display the drop down main menu. About a fourth of the way down there are four DNS protocols. Click them to enable or disable as you wish.

If you have saved an INI file:

With DNSB not running:

You will have to either delete or rename the INI file, or move the INI file out of the DNSB folder. Then restart DNSB. DNSB will enable all protocols. After selecting the number of measurements DNSB will again ask you which protocol(s) you wish to test.

The presence of an INI file overrides the choice of protocols on the main drop down menu.
Click to expand...
Thank you for your thoughts. I always learn something when someone favors me with a reply.
Let me try another tack on my question: using the DNS over TLS entry for tls://dns.google.com as an example, how can I know whether the benchmark is testing over ipv6 ? Is there a way to add an entry specifically for one of google's ipv6 tls addresses to ensure ipv6 is used ?
 
@caffee1 : You found a bug! Thank you!

Although just placing an IP in the Add/Remove dialog will light up the [ Add IP ] button, if you preface that IP with https:// or tls:// then it will light up either the [ Add DoT ] or [ Add DoH ] buttons, thus allowing you to add a DoH or DoT resolver with an IP.

At least, it's supposed to. It DOES work for IPv4 addresses but the bug you just found was that it should also work for IPv6 addresses... And it does not. I've made a note about that and I'll get that fixed for the 4th release. (y)

Thank you!!
 
caffee1 said:
how can I know whether the benchmark is testing over ipv6 ? Is there a way to add an entry specifically for one of google's ipv6 tls addresses to ensure ipv6 is used ?
Click to expand...
At the moment no (for DoH/DoT domain inputs), but you can check if it does: by running wireshark/packet capture on the machine to see where outgoing packets are destined to. But IIRC on Win11 may default to giving IPv6 address resolution priority, IPv4 on Win10? unsure about other platforms
 
Schrodinger's Cat said:
@Steve I think this maybe similar/related and not fully addressed; DNSB doesnt use the convention for IPv6 addreses input for URIs eg. https://[2001:4860:4860::8888]/dns-query

Newsgroup discussion: [1] and [2]

Issue Ticket: https://dev.grc.com/support/33/
Click to expand...
Done! I implemented this last evening. The new feature will be present in the forthcoming Release #4.

Since every source shows that IPv6 addresses in URLs -must- be enclosed in [square brackets], the Benchmark follows that protocol. (y)
 
You must log in or register to reply here.

Similar threads

W
Windows 11 DNS Over TLS "This system does not support required TLS version(s)"
Replies
20
Views
2K
DNS Benchmark
peterblaise
peterblaise
T
  • Contains 1 staff post(s)
DNS over TLS in DNSB v2 r4
Replies
2
Views
591
DNS Benchmark
Texas Flyer
T
G
Display bug with IPv6 Link Local addresses
Replies
2
Views
655
DNS Benchmark
GoonerW
G
shoulders
Local network DNS Hijacking detection
Replies
8
Views
383
DNS Benchmark
shoulders
shoulders
argel1200
  • Contains 1 staff post(s)
Internal DNS?
Replies
16
Views
2K
DNS Benchmark
argel1200
argel1200
Top Bottom
Back