DNS Global Query & Hijack Detection Tool
DNS Ultimate Diagnostic PRO
Massive global node concurrent probing with packet-level parameters, grid layout, expected IP anti-pollution hijack map alerts and report screenshot archiving.
| Monitor Node | Protocol / Time | Status (RCODE) | Flags | Answer Section | TTL | Action |
|---|
💡 DNS Header Flags Guide
0 for query, 1 for response. The diagnostic panel shows response data, so this bit is always highlighted.
Directly from the authoritative server managing this domain, not from intermediate DNS cache, most reliable data.
UDP response exceeds 512 bytes and was truncated. Usually suggests switching to TCP protocol for complete records.
Client requests the server to perform recursive query if it does not know the answer.
DNS server declares it supports recursive queries (public DNS mostly supports, authoritative DNS mostly does not).
DNSSEC extension flag. Indicates the server has verified these records using digital signatures, untampered.
Online DNS Global Resolution Query & Diagnostic Tool
This page performs globally distributed DNS resolution tests, visually displaying the actual resolution status of domains across countries and ISP nodes.
- Supports querying A, AAAA, CNAME, MX, NS, TXT, CAA, SOA and other core record types.
- Supports native low-level protocol selection: UDP, TCP, and encrypted resolution DoT / DoH.
- Exclusive Expected IP anti-pollution alert - one-click verification of global node IPs against ISP redirects.
- Fully restores terminal dig command packet-level output, providing Flags, TTL and RCODE precision diagnostics.
FAQ: What are the signs of DNS pollution and hijacking?
If DNS resolution returns IPs that differ from your official configuration in certain regions, it likely indicates DNS pollution or hijacking. The anti-hijack alert and global map highlighting features can quickly locate such issues.
FAQ: Why test DoH and DoT?
Traditional DNS queries use UDP port 53 in plaintext, vulnerable to eavesdropping and MITM attacks. DoH and DoT use encrypted tunnels. Testing these protocols helps verify if your network supports encrypted resolution.
FAQ: What is DNSSEC and why enable +DO?
DNSSEC uses digital signatures to ensure DNS responses are complete and untampered. Enable DNSSEC (+DO) and check if the ad flag is lit in responses to verify your domain signature chain is effective globally.
