Public DoH Resolver Test — A Record Reachability
Query Cloudflare, Google, Quad9, and OpenDNS DoH for A records — not an open-recursive UDP scan
How to Use This Tool
- Enter the hostname you want resolved via public DoH.
- Four parallel DoH JSON queries run to provider endpoints.
- Each probe collects A answers, latency, and success boolean.
- Failures capture ERROR status and error message when thrown.
- workingCount summarizes how many of four providers succeeded.
- Compare answers and latency across resolvers for consistency.
About This Tool
Searching open resolver test often implies scanning the internet for misconfigured recursive servers on UDP port 53 — a security audit with amplification risk implications. VSPIC open resolver test runs the doh-test action instead: four parallel DNS-over-HTTPS queries to major public providers for A records on the domain you enter, returning per-resolver success, answers, latencyMs, status, workingCount, and summary fraction.
This measures whether encrypted public resolvers return consistent A answers from our network path — useful for troubleshooting DoH reachability and comparing resolver behavior. It does not probe arbitrary IPs for open recursion or send amplification payloads. Read limitations before treating results as an infrastructure open-resolver audit.
Common use cases
- •Inspect HTTP headers and user-agent strings
- •Analyze email headers for phishing investigation
- •Generate strong passwords for staging environments
Why use VSPIC for ?
- Four major public DoH providers tested in one run.
- Per-resolver latency for performance comparison.
- A answers listed for mismatch detection between resolvers.
- success boolean simplifies pass/fail dashboards.
- Useful when evaluating encrypted DNS paths.
- Free sanity check — no client DoH configuration required.
Honest scope — DoH test not open-recursion scan
True open resolver audits send controlled queries to candidate IPs to detect recursion open to the internet — often UDP-based with operational safety constraints. Our handler is doh-test: HTTPS queries to four named public providers for A records only.
Results describe DoH reachability and answer consistency from our service — not whether your authoritative servers or random IPs expose open recursion.
Providers tested in doh-test
Cloudflare, Google Public DNS, Quad9, and OpenDNS DoH endpoints are queried in parallel. Each returns resolver name, latencyMs, status, answers array, and success when NOERROR with A data.
workingCount and summary report how many succeeded — 4/4 with matching answers indicates strong consistency on A records.
When providers disagree on answers
Legitimate causes include propagation delay, GeoDNS returning region-specific A records, or malware-blocking resolvers refusing some names while others answer. Quad9 may filter differently from Cloudflare.
Do not treat single-provider failure alone as DNS misconfiguration — inspect pattern across repeated runs.
Open resolver security versus this test
Open recursive resolvers on the internet amplify DDoS when misconfigured. Remediation requires scanning your own netblocks with specialized tools and firewall policy — not this page.
Pair with dns-amplification-vulnerability-test sibling for response-size timing signals on authoritative zones you own — still not a substitute for professional pentest scope.
Reading success, answers, and latency
success true when the provider returned usable A answers. latencyMs is HTTPS round-trip from our servers. null latency accompanies ERROR rows with error message text when thrown.
Mismatching A lists between providers during cutover may reflect TTL cache skew — combine with dns-history snapshots on authoritative intent.
Relationship to dns-over-https-tester
Identical doh-test backend and JSON. DNS-over-HTTPS tester emphasizes encrypted DNS evaluation language; open resolver test clarifies it is not a UDP open-recursion scan despite search terminology.
API: GET /ip-tools/api/extended?action=doh-test&domain=example.com.
Enterprise proxy and TLS inspection
Corporate TLS interception may break some DoH from office networks while succeeding here. Policy blockers affect DoH differently than UDP 53 — failures may be network policy not DNS data.
Document approved DoH endpoints separately from open-recursion remediation projects.
AAAA and record-type limits
doh-test queries A only. IPv6-only hosts may show empty answers while AAAA exists — not necessarily DoH failure. Query AAAA through other tools after confirming A behavior.
Mail and authentication troubleshooting still needs MX/TXT lookups elsewhere.
Privacy and responsible use
DoH queries hit public providers for names you submit under their privacy policies. Use for legitimate troubleshooting, not high-rate enumeration of third-party names.
We do not configure DoH on your devices or scan your IP ranges for open recursion.
Important notes & limitations
- NOT an internet-wide open recursive resolver scan.
- Does not test UDP port 53 open recursion on your IPs.
- A records only — not AAAA, MX, TXT, or other types.
- Tests from our infrastructure path — not your LAN directly.
- Provider filtering may cause intentional answer differences.
- Single sample per run — not long-term SLA monitoring.
Frequently Asked Questions
Yes. VSPIC offers this open resolver test at no cost with no account required. Results load in real time.
We do not permanently store your queries on our servers. Some tools run entirely in your browser; others fetch public data for the request only.
Yes. Open the page in any modern phone or tablet browser. Results work on Wi‑Fi and mobile data.
No. It queries four named public DoH providers for A records — not a UDP open-recursion scan of arbitrary IPs.
doh-test with a domain parameter.
A records only via DNS-over-HTTPS JSON APIs.
Filtering policies, network path issues, or provider outages cause partial failures — inspect per-row error messages.
No. Use dedicated security scanning on infrastructure you own with proper authorization — this tests public DoH providers, not your servers.
Same doh-test backend and JSON. Page copy differs — this one emphasizes honest limits versus open-recursion search intent.
Next step for your check
Continue with dns-over-https tester on VSPIC.
Related Tools
Explore more free VSPIC tools for IP, DNS, security, and network diagnostics.
DNS-over-HTTPS Tester
Test Cloudflare, Google, Quad9, and OpenDNS DoH for A record answers
Use Free →Recursive DNS Lookup
Recursive DNS Lookup — free online tool
Use Free →DNS Amplification Vulnerability Test
DNS Amplification Vulnerability Test — free online tool
Use Free →DNS Response Time Test
Measure resolver latency per record type — A, MX, TXT, NS, SOA
Use Free →Header Checker
Inspect HTTP request and response headers
Use Free →Link Checker
Verify if a URL is reachable and check HTTP status
Use Free →
Trusted by Users Who Value Privacy
Always Free
No premium plan ever
100% Private
Files processed in browser
Instant Results
Convert in seconds
Works Everywhere
Any device, any OS