Testing DNS over TLS

There are several ways to validate that outbound queries are using DNS over TLS.

  • Test via Diagnostics > DNS Lookup and ensure the result from 127.0.0.1 is correct.
    • Check for states using port 853 going to the DNS servers in the configuration like those in Example State Table contents for DNS over TLS queries
  • Packet capture port 853 and inspect the capture in Wireshark. The contents of the query are not visible, but the TLS exchange is, and any TLS errors in negotiation should be visible in the capture.

Fig. 3: Example State Table contents for DNS over TLS queries

© Copyright 2025 . All Rights Reserved. AZTCO-FW| Developed By AZTCO-FW. Powered by AZTCO.