// Tool
DoH (DNS-over-HTTPS) Tester
Test any RFC 8484-compatible DoH endpoint. Pick a public resolver or paste your own DoH URL, then issue a JSON query. DoT (port 853) requires a TCP-capable client and can't be tested from the browser — use this for DoH only.
Presets:
Frequently Asked Questions
What is DNS-over-HTTPS (DoH)?
DoH sends DNS queries inside encrypted HTTPS requests, preventing on-path observers from seeing or tampering with lookups and letting them blend in with ordinary web traffic.
How is DoH different from DoT?
Both encrypt DNS. DoT (DNS-over-TLS) uses a dedicated port 853, which is easy to identify and block. DoH uses 443 alongside web traffic, making it harder to single out.
What does a DoH RCODE tell me?
The response code reports the outcome: NOERROR (success), NXDOMAIN (name does not exist), SERVFAIL (resolver error, often DNSSEC), or REFUSED — the same status set as classic DNS.
