§ dns

dns.

Side-by-side DoH lookup against three public resolvers. Different resolvers may legitimately see different answers (GeoLB, split-horizon, cache lag) — or they may not, and that's information.

resolvers

cloudflare-dns.com (1.1.1.1), dns.google (8.8.8.8), dns.quad9.net (9.9.9.9). queried in parallel via JSON-over-HTTPS (RFC 8484 application/dns-json).

dnssec

the AD (Authenticated Data) bit per resolver. all three validate DNSSEC by default; an unset AD bit means the zone is unsigned or validation failed. inconsistency between resolvers usually means a partial DNSSEC rollout.

ttl

TTLs differ across resolvers based on cache age. ignored when deciding whether resolvers agree on the data. only the record set (rdata) is compared.

share

the input is reflected in the URL after lookup. share or bookmark the result page to recheck the same query later.

upstream: 1.1.1.1, 8.8.8.8, 9.9.9.9 (DoH, in parallel).