Gadget DNS quick-deploy

This server answers DNS queries for gadget names under zone dnssrc.fibrecat.org. Each name returns a specific value (your IP, a counter, time, etc.). Copy and paste the dig commands below.

Some testing features inspired by whoami.akamai.net and nsec3.uk.
Tip: Use dig @dnssrc.fibrecat.org … to query this server directly, or use your normal resolver so it forwards to this server. Shift+click Copy to paste commands with @dnssrc.fibrecat.org already in each line.
Want to run your own instance? Use this project: github.com/davidgroves/gadget-dns-server.

help TXT

TXT record with a link to this docs page (https://www.dnssrc.fibrecat.org).

dig help.dnssrc.fibrecat.org TXT

myip / ip A AAAA TXT

Your client's IP address. Recommend using TXT so you always get the real address. A/AAAA return both record types for DNSSEC; if the packet came via IPv6, A is 0.0.0.0 (placeholder), and if via IPv4, AAAA is :: (placeholder).

dig myip.dnssrc.fibrecat.org TXT
dig ip.dnssrc.fibrecat.org TXT
dig myip.dnssrc.fibrecat.org A
dig myip.dnssrc.fibrecat.org AAAA

myport / port TXT

Your client's source port (TXT).

dig myport.dnssrc.fibrecat.org TXT
dig port.dnssrc.fibrecat.org TXT

myaddr / addr TXT

Your client's address and port (TXT, two strings).

dig myaddr.dnssrc.fibrecat.org TXT
dig addr.dnssrc.fibrecat.org TXT

connection / myconnection TXT

URL-like representation of how the client connected (TXT): doh://<ip4>:<port>, dot://[<ipv6>]:<port>, doq://, udp://, or tcp://.

dig connection.dnssrc.fibrecat.org TXT
dig myconnection.dnssrc.fibrecat.org TXT

counter TXT

Per-server incrementing counter (TXT).

dig counter.dnssrc.fibrecat.org TXT

random A AAAA TXT

Random value (A, AAAA, or TXT).

dig random.dnssrc.fibrecat.org A
dig random.dnssrc.fibrecat.org AAAA
dig random.dnssrc.fibrecat.org TXT

protocol TXT

Transport used: UDP, TCP, DoT, DoH, or DoQ (TXT).

dig protocol.dnssrc.fibrecat.org TXT

timestamp-N TXT

Current time in milliseconds (TXT), with TTL = N seconds (0–86400). Example: timestamp-60, timestamp-0.

dig timestamp-60.dnssrc.fibrecat.org TXT
dig timestamp-0.dnssrc.fibrecat.org TXT

ttl-N TXT

Current Unix time in seconds, with TTL = N (0–86400). Example: ttl-60, ttl-0.

dig ttl-60.dnssrc.fibrecat.org TXT
dig ttl-0.dnssrc.fibrecat.org TXT

edns TXT

EDNS options present on the request (TXT).

dig edns.dnssrc.fibrecat.org TXT

edns-cs / ecs

EDNS Client Subnet from the request (TXT).

dig edns-cs.dnssrc.fibrecat.org TXT
dig ecs.dnssrc.fibrecat.org TXT

cookie TXT

EDNS Cookie (RFC 7873) from the request, echoed as TXT. Use +cookie with dig to send a cookie.

dig +cookie cookie.dnssrc.fibrecat.org TXT

Stacking set-options TXT

You can combine multiple set-options in one query by listing them left to right. All apply: e.g. set-cookie-* (hex value), set-ede-*, set-nsid-*, set-noedns, set-nocompress, setednspad-N, set-flags-*, set-rcode-*, set-status-*, set-id-*, set-ttl-N, set-delay-*, set-answer-*. Example: set-cookie-616263.set-ttl-20.counter.dnssrc.fibrecat.org sets the EDNS cookie (hex 616263), the response TTL to 20, and returns the counter gadget. Exception: set-noedns always wins—when present, the response will have no OPT record even if other set-options (e.g. set-cookie-*, set-nsid-*) or client NSID would normally add EDNS.

dig set-ttl-60.counter.dnssrc.fibrecat.org TXT
dig set-rcode-3.set-id-0x1234.dnssrc.fibrecat.org TXT
dig set-cookie-78797a.set-ede-5-foo.mytoken.diag.dnssrc.fibrecat.org TXT

set-cookie-<string> TXT

Force the response to include an EDNS Cookie option with the given value (e.g. return a cookie when the client did not send one, or override the cookie). The string is hex-encoded; for a valid packet the cookie must be 16 bytes (RFC 7873: 8-byte client + 8-byte server), so use a 16-character string (e.g. set-cookie-1234567890123456). Setting a short cookie (e.g. set-cookie-abc) intentionally emits a malformed packet—useful for testing.

dig set-cookie-1234567890123456.dnssrc.fibrecat.org TXT
dig +cookie set-cookie-24a5ac1234567890.dnssrc.fibrecat.org TXT

Note: set-cookie-abc is valid as a label but produces a malformed EDNS cookie (3 bytes); use only when testing malformed responses.

set-ede-<number>-<string> TXT

Force the response to include an Extended DNS Error (RFC 8914) option with the given code and optional text, even when the response is otherwise successful.

dig set-ede-5.dnssrc.fibrecat.org TXT
dig set-ede-5-test.dnssrc.fibrecat.org TXT

set-nsid-<string> TXT

Force the response to include an EDNS NSID (Name Server Identifier, RFC 5001) option with the given string. When the client sends an NSID option (e.g. dig +nsid), the server returns NSID by default using the same value as hostname.bind (CH class). Use set-nsid-* to override that with a custom identifier (e.g. set-nsid-my-server-1). The value is the literal string after the prefix (hyphens allowed).

dig +nsid set-nsid-my-server.dnssrc.fibrecat.org TXT
dig +nsid dnssrc.fibrecat.org SOA

set-noedns TXT

Omit EDNS from the response: do not include an OPT record even when the client sent EDNS. Useful for testing clients that must handle non-EDNS responses.

Priority: set-noedns takes priority over any other set-option or behavior that would add EDNS to the response. When set-noedns is combined with set-cookie-*, set-ede-*, set-nsid-*, or when the client sends an NSID option (e.g. dig +nsid), the response will still have no OPT record.

dig set-noedns.dnssrc.fibrecat.org TXT
dig set-noedns.myip.dnssrc.fibrecat.org A
dig set-noedns.set-cookie-616263.dnssrc.fibrecat.org TXT

set-nocompress

Send the response without RFC 1035 label compression. The response is logically identical but uses more wire space (repeated names are not replaced by pointers). Use to test that resolvers accept uncompressed responses, or to compare compressed vs uncompressed size.

dig set-nocompress.counter.dnssrc.fibrecat.org TXT
dig set-nocompress.myip.dnssrc.fibrecat.org A

See examples/compression-example.md for a compression size comparison.

set-flags-<bitmask> TXT

Set the DNS response header flags to the given 16-bit value. Accepts binary (e.g. 100010100), decimal (e.g. 23), or hex with 0x prefix (e.g. 0x3c). The low 4 bits set the RCODE; higher bits set QR, Opcode, AA, TC, RD, RA, Z, AD, CD (see RFC 1035 / 4035).

Examples:

dig set-flags-0x8180.dnssrc.fibrecat.org TXT
dig set-flags-0x8580.dnssrc.fibrecat.org TXT
dig set-flags-23.dnssrc.fibrecat.org TXT
dig set-flags-0x0200.dnssrc.fibrecat.org TXT

set-rcode-<value> / set-status-<value> TXT

Set the DNS response RCODE (status code). Accepts decimal (0–15 or extended), hex with 0x prefix, or RCODE name (e.g. NOERROR, NXDOMAIN, SERVFAIL, REFUSED). set-status- is an alias for set-rcode-.

dig set-rcode-3.dnssrc.fibrecat.org TXT
dig set-status-NXDOMAIN.dnssrc.fibrecat.org TXT

set-id-<value> TXT

Set the DNS response transaction ID (16-bit). Accepts decimal (0–65535) or hex with 0x prefix.

dig set-id-12345.dnssrc.fibrecat.org TXT
dig set-id-0xabcd.dnssrc.fibrecat.org TXT

set-ttl-<N>

Set the TTL of all response RRs (Answer and Authority) to N seconds (0–86400). Useful for testing TTL behavior. set-ttl only modifies the TTL of whatever would be returned—it does not add records by itself. Stack it with a gadget or set-answer to get an answer with the desired TTL, e.g. set-ttl-60.counter.dnssrc.fibrecat.org or set-ttl-20.set-answer-txt-hello.dnssrc.fibrecat.org.

dig set-ttl-60.counter.dnssrc.fibrecat.org TXT
dig set-ttl-20.set-answer-txt-hello.dnssrc.fibrecat.org TXT

set-delay-N / set-delay-X-Y

Delay the response by N milliseconds, or by a random number of milliseconds between X and Y (inclusive). Works like delay-N / delay-X-Y, but as a set-option it applies to any query—stack it with a gadget or other set-options to delay whatever would be returned. Example: set-delay-100.counter.dnssrc.fibrecat.org returns the counter after 100 ms; set-delay-50-200.myip.dnssrc.fibrecat.org returns your IP after a random delay between 50 and 200 ms. Max delay 300000 ms (5 minutes).

dig set-delay-0.counter.dnssrc.fibrecat.org TXT
dig set-delay-100.myip.dnssrc.fibrecat.org TXT
dig set-delay-50-200.dnssrc.fibrecat.org TXT

set-answer-<value> (A and TXT only) A TXT

Override the response Answer section with the given values. Only A and TXT record types are supported. You can stack multiple values; each set-answer-* label adds one value.

A records: set-answer-<a>-<b>-<c>-<d> — four hyphen-separated octets (0–255), e.g. set-answer-1-2-3-4 returns A record 1.2.3.4. Multiple labels return multiple A records.

TXT records: set-answer-txt-<string> — the rest of the label is the TXT string (hyphens allowed). Multiple set-answer-txt-* labels produce one TXT RR with multiple strings.

dig set-answer-1-2-3-4.set-answer-5-6-7-8.dnssrc.fibrecat.org A
dig set-answer-txt-hello.set-answer-txt-world.dnssrc.fibrecat.org TXT
dig set-answer-1-2-3-4.set-answer-5-6-7-8.foo.diag.dnssrc.fibrecat.org A

setednspad-N

Pad the response with EDNS padding so the wire size is at least N bytes (128–4096). Stack with any gadget or set-option, e.g. setednspad-256.counter.dnssrc.fibrecat.org returns the counter with padding; setednspad-512.myip.dnssrc.fibrecat.org returns your IP with a 512-byte response.

dig setednspad-256.counter.dnssrc.fibrecat.org TXT
dig setednspad-512.myip.dnssrc.fibrecat.org A

size-N TXT

Response wire size approximately N bytes (128–4096). Returns random TXT content to reach the requested size. TXT only.

dig size-256.dnssrc.fibrecat.org TXT

delay-N / delay-X-Y TXT

Gadget that delays the response by N milliseconds, or by a random number of milliseconds between X and Y (inclusive). Returns a TXT record (e.g. delayed 100ms). Useful for timeout and latency testing. For delaying any query (e.g. counter, myip), use the set-option set-delay-N or set-delay-X-Y instead. Example: delay-500, delay-100-500.

dig delay-500.dnssrc.fibrecat.org TXT
dig delay-100-500.dnssrc.fibrecat.org TXT

qname-min TXT

QNAME minimization testing (RFC 7816). Query any name under *.qname-min.dnssrc.fibrecat.org (e.g. a.b.c.d.qname-min.dnssrc.fibrecat.org). The TXT response includes the QNAME received and the sequence of qnames the server saw from that resolver (oldest first). Because all names are in the same zone on this server, the full sequence is visible.

With QNAME minimization: For a.b.c.d.dnssrc.fibrecat.org you should see 2 queries: first qname-min.dnssrc.fibrecat.org (or dnssrc.fibrecat.org), then a.b.c.d.qname-min.dnssrc.fibrecat.org. The resolver discovers there is no delegation and then sends the full name.

Other outcomes:

  1. Whole name straight away — one query for a.b.c.d.qname-min.dnssrc.fibrecat.org; indicates no QNAME minimization.
  2. Buggy minimization — queries for qname-min.dnssrc.fibrecat.org, then d.qname-min.dnssrc.fibrecat.org, then c.d.qname-min.dnssrc.fibrecat.org, etc.; the resolver keeps adding one label at a time instead of jumping to the full name after a non-referral.

Why 2 queries is expected:

dig zzzzzzz.qname-min.dnssrc.fibrecat.org TXT
dig a.b.c.d.qname-min.dnssrc.fibrecat.org TXT

txt-test (display / injection testing) TXT

Fixed TXT records under txt-test.dnssrc.fibrecat.org for testing how resolvers, tools, or UIs display or escape TXT data. Use to check for XSS, link injection, or SQL-injection-style payload handling.

dig alert.txt-test.dnssrc.fibrecat.org TXT
dig href.txt-test.dnssrc.fibrecat.org TXT
dig bobby-tables.txt-test.dnssrc.fibrecat.org TXT

ns-test (referral testing)

unresolvable.ns-test.dnssrc.fibrecat.org returns a referral (NS records in Authority) pointing to names this server does not serve (no A/AAAA glue). A recursive resolver that follows the delegation will try to resolve those NS targets and should eventually get NXDOMAIN or timeout, leading to SERVFAIL. Use to test how resolvers handle broken delegations.

dig unresolvable.ns-test.dnssrc.fibrecat.org A

DNSSEC fail tests (dnssec-failed subdomain)

These names deliberately break DNSSEC so you can check that your resolver validates (you should get SERVFAIL or no answer when validation is on). All fail-case names live under dnssec-failed.dnssrc.fibrecat.org.

dig sig-fail.dnssec-failed.dnssrc.fibrecat.org A
dig rrsig-expired.dnssec-failed.dnssrc.fibrecat.org A
dig nsec-missing.dnssec-failed.dnssrc.fibrecat.org A

entropy

Port and transaction ID entropy check. The browser triggers DNS lookups; results show source port and ID randomness (GREAT/GOOD/POOR).

Open /entropy to run the check.

DoT and DoH with dig

You need a modern dig (BIND 9.17+ for +https, BIND 9.19+ for +tls). Query directly at this server (@dnssrc.fibrecat.org), not via a recursive resolver.

Use the connection gadget so the TXT response shows the transport in use (dot://…, doh://…, or doq://…).

DoT (port 853):

dig +tls @dnssrc.fibrecat.org connection.dnssrc.fibrecat.org TXT

DoH (port 443, path /dns-query):

dig +https @dnssrc.fibrecat.org connection.dnssrc.fibrecat.org TXT

DoQ (port 8853): dig doesn't support DNS over QUIC. Use the doggo client (install: go install github.com/mr-karan/doggo/cmd/doggo@latest or brew install doggo). Query directly at this server; the response will show doq://….

doggo TXT connection.dnssrc.fibrecat.org @quic://dnssrc.fibrecat.org:8853

Recursive–to–authority security: Today, stub→recursive and recursive→authority are often unencrypted. The DELEG (Extensible Delegation for DNS) internet draft aims to allow delegation records to carry server capabilities (e.g. DoT/DoH), so recursive resolvers can securely reach authoritative servers in the future.

token.diag and gadget.token.diag TXT

Record a query for a token, then open the dashboard in a browser. Replace mytoken with any label.

dig mytoken.diag.dnssrc.fibrecat.org TXT

Then open https://diag.dnssrc.fibrecat.org/ to enter your token, or go directly to https://diag.dnssrc.fibrecat.org/<token> to view recorded queries for that token.

You can also run a gadget under diag: <gadget>.<token>.diag.dnssrc.fibrecat.org returns the gadget response (e.g. connection URL, myip) and still records the query to the diag dashboard for that token. Example: connection.foo.diag.dnssrc.fibrecat.org returns the connection URL and records under token foo.

dig connection.foo.diag.dnssrc.fibrecat.org TXT
dig myip.mytoken.diag.dnssrc.fibrecat.org TXT