Individual Server Details

  • DNS Benchmark v2 Release 5 with Consultant License
    Guest:
    If you own any earlier release of our DNS Benchmark you may immediately download its release #5 replacement. Running an earlier release will detect the new release and help you upgrade.

    Although this release is cosmetic, appearance matters and affects ease of use. The biggest change, as seen in the image above, is that the DNS Benchmark now has a traditional Windows application menu to more fully expose its many features. This release is also "Consultant License Aware" and GRC will now issue a Consultant version when owners have previously purchased four "Personal Use" licenses. If you have previously purchased four DNSB licenses, or if you wish to upgrade your "Personal Use" license to Consultant, GRC's purchase process will direct you through that process.
    /Steve.
  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.

  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

P

pat wei

New member
Dec 17, 2025
3
0
Hi

I'm running the dns benchmark v2r3 tool in different environments and use it also to see what is working in which environment and what not. I.e. we have many times regular DNS blocked by firewalls, DOT as well, but rarely DOH.

Example: In my main environment many DOH servers report that "DNS queries are not being answered here" and I would like to understand what went wrong.

1) Is there a way to access the details of each server, individually, to see if the tools was able to get:
  • DNS of server resolved,
  • UDP/TCP Connectivity,
  • TLS Session establishment,
  • number of dns queries sent and also
  • what dns queries were sent and maybe not answered?

or do you already display part of that information but I just don't know what details you report for which step that breaks?

If I compare to DOT outputs, which none work in this environment, I get different status replies "refuses secure TLS handshake", "refuses secure transactions", "never replies to bad domains".

So maybe for DOH, when it says DNS queries are not being answered here it actually means, that the dns lookup, tcp connectivity, tls session were sucessfully established but no answer?

2) is there a way to re-trigger a single server of the list and maybe get all details for this server and its attempt?
 
Hi @pat wei,
Since the benchmark is targeted more toward a broad general audience who's interested mostly in performance, the sorts of details you're looking for are not being gathered. There is much more detailed data available from the CSV file that can be saved after the benchmark finishes. Note, this is not the "save benchmark results", which is a deliberately trimmed summary, but rather the "Export last results to CSV file" command.

I am (informally) collecting (not really soliciting) ideas for a future round of significant improvements (once I've finished work on several other app priorities). I have capture your requests for that future work. Thanks!
 
  • Like
Reactions: pat wei
pat wei said:
If I compare to DOT outputs, which none work in this environment, I get different status replies "refuses secure TLS handshake", "refuses secure transactions", "never replies to bad domains".

So maybe for DOH, when it says DNS queries are not being answered here it actually means, that the dns lookup, tcp connectivity, tls session were sucessfully established but no answer?

2) is there a way to re-trigger a single server of the list and maybe get all details for this server and its attempt?
Click to expand...
Sounds like something flakey is going on, is there something interfering with your traffic perhaps? Perhaps elaborating on your environment might help

There is a way to manually re-trigger a server, that is you remove that one single server and re add it. (It is known during dnsbv2 development that under certain conditions(we dont know why), remove and re add might turn a previously red server green, I have one of those environments.. lol... and it is (mostly) specific to Quad9 resolvers at my location.

PS: some DoT servers require TLS1.3 and up... DNSB relies on Windows scrypt that (for unknown to me) reason does only up to TLS1.2 [This is not steve's fault as Microsoft themself claim support for TLS1.3 in Windows 11 but in reality they are still using TLS1.2 for their own apps ie. windows update / Onedrive client. DoH uses a different windows API that suports HTTP2 and has TLS1.3 support.

PS2: for the details you might be looking for, might i suggest (if you are adventurous) external tools eg. `dig` / `kdig` to figure out ip resolved, or if a DoT or DoH is supposed to work and Wireshark to watch all the packets sent and received, tls handshake and all
 
Last edited:
  • Like
Reactions: pat wei
Schrodinger's Cat said:
Sounds like something flakey is going on, is there something interfering with your traffic perhaps? Perhaps elaborating on your environment might help

There is a way to manually re-trigger a server, that is you remove that one single server and re add it. (It is known during dnsbv2 development that under certain conditions(we dont know why), remove and re add might turn a previously red server green, I have one of those environments.. lol... and it is (mostly) specific to Quad9 resolvers at my location.

PS: some DoT servers require TLS1.3 and up... DNSB relies on Windows scrypt that (for unknown to me) reason does only up to TLS1.2 [This is not steve's fault as Microsoft themself claim support for TLS1.3 in Windows 11 but in reality they are still using TLS1.2 for their own apps ie. windows update / Onedrive client. DoH uses a different windows API that suports HTTP2 and has TLS1.3 support.

PS2: for the details you might be looking for, might i suggest (if you are adventurous) external tools eg. `dig` / `kdig` to figure out ip resolved, or if a DoT or DoH is supposed to work and Wireshark to watch all the packets sent and received, tls handshake and all
Click to expand...
PS2: I can definitely use other tools to dig into the issue, but since dns benchmark is probably already doing the steps for me, I was hoping it would add details about the connections, so for me to avoid having to individually troubleshoot the issues ;)
 
Feedback/Feature Request?

Have others also asked to get all the data of the tabs in one tab?

I click through Name, Owner, Status, Response Time all the time and for me it would be great to have all of that data in different columns but together, as I loose sometimes the context of what I was looking for ;( Especially hard to see in response time what the actual server was without going back and forth.


Some additional questions:

1) Start up DNS Tests

Is there some documentation about what DNS servers are tested when the program starts up?

In my main environment we block Internet UDP DNS Access and therefore I get an error message and have to press the ignore every time.


But I would be interested to see what was tested and probably the results. In my environment only my internal ones work and some DOH (as the corporate firewall probably cannot block these good enough)

2) More details about the different symbols and colors and status?

I'm a bit color blind and wonder about some of the colors and status:

This full circle probably means all good:

1766078164712.png


This non full circle might indicate nothing works?

1766078200278.png

(probably red)

This non full circle might indicate partially working?

1766078275473.png

(for me this looks lighter than the one above) and the text suggests it is working, or maybe only partially and thats why no full circle?

Then this circle stays the same but the text changes colors for sidelining

1766078366227.png


For the DOT I have some messages that I probably need to google for but I would love to understand from the program what they mean, i.e. which step they are:

1766078449309.png

1766078461400.png

1766078476065.png
- especially this one"never replies to bad domains" I find interesting what that means

From the list that comes by default, I find a few entries in IPv6 with this Name:

1766078577153.png



After running a benchmark, what is the meaning of the symbol left over and what did it mean while running?

1766078776795.png


And what does the thin black line stand for?
1766078973920.png
 
"... to get all the data of the tabs in one tab ..."

... scour Tabular Data after a Benchmark - it's all there in text and math.
 
You must log in or register to reply here.

Similar threads

B
Configuring the default DNS Server addresses
Replies
4
Views
1K
DNS Benchmark
MichaelRSorg
MichaelRSorg
C
DNS Benchmark on Windows Server - Set the DNS Forwarder? Good idea or not?
Replies
2
Views
995
DNS Benchmark
PHolder
P
T
DNS Benchmark, Which DNS Server is best for me ?
Replies
12
Views
12K
DNS Benchmark
peterblaise
peterblaise
M
Why are all of the top performing servers listed as unknown name, unknown owner?
Replies
1
Views
492
DNS Benchmark
PHolder
P
Tazz
Bell Canada DNS servers - BAD
Replies
0
Views
1K
DNS Benchmark
Tazz
Tazz
Top Bottom
Back