Encrypted DNS Tester - DoH & DoT Compatibility

Check whether popular DNS over HTTPS (DoH) and DNS over TLS (DoT) providers are reachable from your network, compare their performance against standard DNS, and review a security assessment of encrypted DNS support.

Click below to test DoH and DoT providers (Cloudflare, Google, Quad9 and more). The test makes several encrypted connections and may take a few seconds.

Understanding This Tool

What It Does

This is a server-side tool: when you click the button, ShowMyIP's server makes connections from our network to several well-known public DNS providers (Cloudflare, Google, Quad9 and OpenDNS) and reports a status and timing for each. It tests DNS over HTTPS (DoH) by sending real JSON DNS queries over HTTPS with certificate verification, and runs a separate timing check labeled DNS over TLS (DoT) whose per-domain lookups actually use the server's own system resolver rather than a true DoT exchange. Because everything runs on our server, the results show behavior from our network and may differ from what you would see on your own connection. Each run returns numeric scores, per-provider tables for DoH and DoT, a speed ranking and a short list of recommendations.

Understanding the Results

  • Overall score (/100): A composite figure combining DoH response speed, the security score and how many providers were reachable. It rates behavior as seen from our network, not the safety or privacy of your own DNS setup.
  • Security score (/100): Shown only when available, this is the share of provider entries (across both DoH and DoT) marked fully functional. Note that the DoT entries reach that state through the server's own system resolver, so the figure is partly an artifact of the server's DNS rather than a measure of reaching each provider. It is not an audit of encryption or of your network.
  • Test duration (ms): Total time the whole test took to run on our server, in milliseconds.
  • DoH table - Provider: The provider name tested over DNS over HTTPS (Cloudflare, Google, Quad9, OpenDNS).
  • DoH table - Status: One of fully functional, partially functional, not functional, error or unknown, based on how many of the test domains resolved successfully over that provider's HTTPS endpoint. A provider can show not functional simply because the connection was blocked or timed out between our server and that provider.
  • DoH table - Avg Response (ms): The average measured response time, in milliseconds, across the test-domain queries to that provider, including any that errored after a delay. It reflects the round trip from our server, not from your device.
  • DoT table - Provider: The provider name listed in the DNS over TLS section (Cloudflare, Google, Quad9).
  • DoT table - Status: Uses the same fully functional / partially functional / not functional / error / unknown labels, but the underlying per-domain check uses the server's ordinary system resolver rather than a true DNS-over-TLS exchange, so treat it as a general timing signal, not a measurement of reaching that DoT provider.
  • DoT table - Avg Response (ms): Average resolution time for those queries; because it relies on standard server-side resolution rather than a real DoT round trip, it will often look similar to plain DNS regardless of the provider listed.
  • Performance Ranking: An ordered list (fastest first) of the three protocol categories - DoH, DoT and Standard DNS - sorted by their average measured times.
  • Recommendations: Short generated suggestions, such as which category was fastest or a reminder to enable encrypted DNS, derived from the scores and reachability above.

Common Use Cases

  • Compare DoH provider reachability from a neutral vantage point: See which major DoH providers respond, and how fast, from our server when you want a reference point outside your own connection.
  • Get a quick speed ordering of protocols: Use the Performance Ranking to see whether DoH, DoT or standard DNS resolution was fastest in this particular run.
  • Learn which providers offer encrypted DNS: The list of tested endpoints (Cloudflare, Google, Quad9, OpenDNS) is a useful starting point when choosing a public DoH or DoT provider to configure yourself.
  • Sanity-check that a provider's public DoH endpoint is online: A fully functional DoH status confirms the provider's HTTPS DNS service answered our queries at test time.
  • Spot transient outages or rate-limiting on DoH: Re-running the test and seeing a DoH provider move between fully functional, partially functional and not functional can indicate intermittent availability or throttling on the path between our server and that provider.

Pro Tips & Best Practices

  • Read the results as server-side, not as your own network: Every measurement here comes from ShowMyIP's server. To know whether encrypted DNS works on your own device, configure it locally and test from there.
  • Run the test more than once: Response times and statuses vary with network conditions and provider load, so a single run is only a snapshot. Several runs give a more reliable picture.
  • Treat the DoT and Standard DNS times as a rough guide: The DoT section's per-domain lookups use the server's ordinary resolver, so they do not represent a true DNS-over-TLS handshake and may closely match plain DNS.
  • Use the scores as relative signals, not guarantees: The overall and security scores reflect reachability and speed during the test, not a guaranteed verdict on the privacy or safety of any DNS configuration.

Frequently Asked Questions

No. The tool runs entirely on ShowMyIP's server, which makes the connections and resolves the test domains. It cannot see your device or your local network, so it does not tell you whether your own DNS traffic is encrypted. To check your own setup, enable DoH or DoT on your device and test it locally.

The DoT section's per-domain timing uses the server's standard system resolver rather than performing a real DNS-over-TLS exchange on port 853. Because it falls back to ordinary resolution, those times often resemble plain DNS regardless of which provider is listed. Treat the DoT figures as a general timing signal, not a precise DoT benchmark.

It is the share of provider entries, across both the DoH and DoT lists, that were marked fully functional during the run. Because the DoT entries reach that state through the server's own system resolver rather than by connecting to each DoT provider, the figure is partly an artifact of the server's DNS working at all. It is not an audit of certificate strength, encryption quality, or the security of your own network, and it is shown only when it is available in the results.

Not necessarily. The status only reflects whether the queries succeeded at test time. For DoH, a not functional or error result can be caused by the connection being blocked, rate-limited, or timing out on the path between our server and the provider, even when the provider is working fine for other users. For DoT, the status reflects the server's own resolver rather than reaching that specific provider.

For DNS over HTTPS it tests Cloudflare, Google, Quad9 and OpenDNS. The DNS over TLS section lists Cloudflare, Google and Quad9, though its per-domain timing uses the server's system resolver rather than a true DoT exchange. Standard DNS is included only as a category in the performance ranking, not as its own results table.

Frequently Asked Questions

Does this test my own computer's DNS settings?
No. The tool runs entirely on ShowMyIP's server, which makes the connections and resolves the test domains. It cannot see your device or your local network, so it does not tell you whether your own DNS traffic is encrypted. To check your own setup, enable DoH or DoT on your device and test it locally.
Why do the DoT and Standard DNS response times look similar?
The DoT section's per-domain timing uses the server's standard system resolver rather than performing a real DNS-over-TLS exchange on port 853. Because it falls back to ordinary resolution, those times often resemble plain DNS regardless of which provider is listed. Treat the DoT figures as a general timing signal, not a precise DoT benchmark.
What does the security score actually measure?
It is the share of provider entries, across both the DoH and DoT lists, that were marked fully functional during the run. Because the DoT entries reach that state through the server's own system resolver rather than by connecting to each DoT provider, the figure is partly an artifact of the server's DNS working at all. It is not an audit of certificate strength, encryption quality, or the security of your own network, and it is shown only when it is available in the results.
A provider shows 'not functional' - does that mean it is down?
Not necessarily. The status only reflects whether the queries succeeded at test time. For DoH, a not functional or error result can be caused by the connection being blocked, rate-limited, or timing out on the path between our server and the provider, even when the provider is working fine for other users. For DoT, the status reflects the server's own resolver rather than reaching that specific provider.
Which providers does the tool check?
For DNS over HTTPS it tests Cloudflare, Google, Quad9 and OpenDNS. The DNS over TLS section lists Cloudflare, Google and Quad9, though its per-domain timing uses the server's system resolver rather than a true DoT exchange. Standard DNS is included only as a category in the performance ranking, not as its own results table.
Last reviewed: Reviewed by the

How this tool works: This tool runs in your browser and on our server in real time. Depending on the tool, results are computed directly from the input you provide or retrieved from live, authoritative data sources at the moment you run a lookup. We do not sell your data, and your lookups are kept private — any history shown here is stored only on your device.

Related Tools

Explore these related tools to get more insights and complete your analysis:

IP Lookup

Enter any IP address to instantly find its geographic location, ISP, hostname, and organization. Our IP lookup tool provides accurate geolocation data worldw...

DNS Lookup

Check DNS records for any domain instantly. Our free DNS lookup tool queries authoritative nameservers to show A, AAAA, MX, TXT, NS, SOA, and CNAME records.

WHOIS Lookup

Look up WHOIS data for any domain to see registration details, nameservers, registrar information, creation and expiration dates, and contact information.

SSL Certificate Checker

Check any website's SSL/TLS certificate. View expiration date, issuer, certificate chain, supported protocols, and get a security grade with recommendations.

Port Scanner

Scan any host to discover open ports and identify running services. Essential for security audits, firewall testing, and network troubleshooting.