Skip to content

Instantly share code, notes, and snippets.

@michele-tn

michele-tn/DNS Speed Test Script.md

Created August 9, 2025 13:51
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save michele-tn/cb3ea408de612b897c2a5f6ede256a51 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save michele-tn/cb3ea408de612b897c2a5f6ede256a51 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
DNS Speed Test Script.md

DNS Speed Test Script

A simple Bash script to measure and compare DNS query response times from popular public DNS servers.
Outputs aligned ASCII tables showing raw and sorted results by speed.

Tested Environment

This script has been tested on the following Linux distribution:

  • Distributor ID: Ubuntu
  • Description: Ubuntu 22.04.5 LTS
  • Release: 22.04
  • Codename: jammy

Note: On this system, /etc/resolv.conf is a symbolic link to /run/systemd/resolve/stub-resolv.conf.

Features

  • Tests multiple well-known DNS servers (Cloudflare, Google, Quad9, OpenDNS, AdGuard, ControlD)
  • Measures query time to resolve a specified domain (default: example.com)
  • Handles no-response cases gracefully by marking them as NO RESP
  • Outputs two clean, ASCII-aligned tables:
    • Original unsorted results
    • Results sorted from fastest to slowest
  • Fully ASCII-safe with dynamic column width adjustment

DNS Servers Tested

  • Cloudflare (1.1.1.1)
  • Google Primary (8.8.8.8)
  • Google Backup (8.8.4.4)
  • Quad9 (9.9.9.9)
  • OpenDNS Primary (208.67.222.222)
  • OpenDNS Backup (208.67.220.220)
  • AdGuard Primary (94.140.14.14)
  • AdGuard Backup (94.140.15.15)
  • ControlD Primary (76.76.2.0)
  • ControlD Backup (76.76.10.0)

Usage

./dns-speed-test.sh [domain]
  • domain — Optional. The domain to resolve. Defaults to example.com if omitted.

Download Script

You can download the latest version of the DNS Speed Test script from GitHub:

Download dns-speed-test.sh

Example Output

+-----------+-------------+--------+
| Name      | IP          |  Time  |
+-----------+-------------+--------+
| Cloudflare| 1.1.1.1     |    12ms|
| Google    | 8.8.8.8     |    14ms|
| Quad9     | 9.9.9.9     | NO RESP|
+-----------+-------------+--------+

Sorted (from fastest to slowest):
+-----------+-------------+--------+
| Name      | IP          |  Time  |
+-----------+-------------+--------+
| Cloudflare| 1.1.1.1     |    12ms|
| Google    | 8.8.8.8     |    14ms|
| Quad9     | 9.9.9.9     | NO RESP|
+-----------+-------------+--------+

How It Works

  • Uses dig to query each DNS server for the provided domain.
  • Extracts the query time from the dig output.
  • If no response is received within the timeout, marks it as NO RESP with a high sort value to appear last.
  • Prints two tables:
    1. The original order of DNS servers tested
    2. Sorted results by ascending query time

Dependencies

  • bash
  • dig (from bind-utils or dnsutils package)

License

MIT License

@michele-tn
Copy link
Author

michele-tn commented Aug 9, 2025

Note: To convert a text file from DOS/Windows format (CRLF line endings) to Linux/Unix format (LF line endings), you can use the following sed command:

sed -i 's/\r$//' filename

This command removes the carriage return character (\r) at the end of each line, converting the file to Unix-style line endings.

Alternatively, if available, the dos2unix tool can be used for a straightforward conversion:

dos2unix filename

@michele-tn
Copy link
Author

michele-tn commented Aug 9, 2025

DNS Configuration Note for systemd-resolved

Note:
If you want to modify DNS settings, keep in mind that the file /run/systemd/resolve/resolv.conf is managed dynamically by systemd-resolved and should not be edited directly. Instead, you should modify the configuration file:

/etc/systemd/resolved.conf

For example, add or modify the [Resolve] section like this:

#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it under the
#  terms of the GNU Lesser General Public License as published by the Free
#  Software Foundation; either version 2.1 of the License, or (at your option)
#  any later version.
#
# Entries in this file show the compile time defaults. Local configuration
# should be created by either modifying this file, or by creating "drop-ins" in
# the resolved.conf.d/ subdirectory. The latter is generally recommended.
# Defaults can be restored by simply deleting this file and all drop-ins.
#
# Use 'systemd-analyze cat-config systemd/resolved.conf' to display the full config.
#
# See resolved.conf(5) for details.

[Resolve]
# Some examples of DNS servers which may be used for DNS= and FallbackDNS=:
# Cloudflare: 1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com 2606:4700:4700::1111#cloudflare-dns.com 2606:4700:4700::1001#cloudflare-dns.com
# Google:     8.8.8.8#dns.google 8.8.4.4#dns.google 2001:4860:4860::8888#dns.google 2001:4860:4860::8844#dns.google
# Quad9:      9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
#DNS=
DNS=1.1.1.1 208.67.222.222
#FallbackDNS=
#Domains=
#DNSSEC=no
#DNSOverTLS=no
#MulticastDNS=no
#LLMNR=no
#Cache=no-negative
#CacheFromLocalhost=no
#DNSStubListener=yes
#DNSStubListenerExtra=
#ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no

After saving the changes, restart the service with:

sudo systemctl restart systemd-resolved.service

To verify that the DNS servers are correctly applied, run:

resolvectl status

@michele-tn
Copy link
Author

michele-tn commented Aug 9, 2025

image

@michele-tn
Copy link
Author

michele-tn commented Jan 7, 2026
edited
Loading

DNS Configuration for IONOS VPS (Ubuntu Server)

This How-TO provides a complete, correct, and IONOS‑proof guide on how to enforce Cloudflare DNS (1.1.1.1 / 1.0.0.1) on an IONOS VPS running Ubuntu Server, while keeping the public IP address and gateway assigned via DHCP.

🧠 IONOS VPS Specifics

🔹 DNS Servers Assigned via DHCP

During installation or at boot time, you may see DNS servers such as:

212.227.123.16
212.227.123.17

✔️ Official IONOS / 1&1 DNS servers
✔️ Assigned via DHCP
NOT mandatory

IONOS:

  • does not enforce DNS at firewall level
  • does not block custom DNS resolvers
  • does not overwrite systemd-networkd configurations

➡️ This makes IONOS an excellent provider for advanced network hardening.

🏗️ Typical IONOS VPS Network Stack (Ubuntu Server)

On Ubuntu Server, IONOS almost always uses:

  • systemd-networkd
  • systemd-resolved
  • NetworkManager (not installed)

⚠️ DHCP is mandatory for:

  • Public IP address
  • Default gateway
  • Routing

🎯 Goal

  • Use Cloudflare as the only DNS resolver
  • Ignore DNS servers received via DHCP
  • Keep DHCP enabled for IP and gateway
  • Ensure a persistent, reboot‑safe configuration
  • Avoid any networking issues on IONOS VPS

📁 Correct Configuration File

Correct file path:

/etc/systemd/network/10-ens6.network

✏️ Exact vi Command

sudo vi /etc/systemd/network/10-ens6.network

Full File Content

[Match]
Name=ens6

[Network]
DHCP=yes
DNS=1.1.1.1
DNS=1.0.0.1
Domains=~.

✅ Effective Result on IONOS

  • Public IP → assigned by DHCP (IONOS)
  • Gateway → assigned by DHCP (IONOS)
  • DNS → Cloudflare only
  • IONOS DNS → ❌ ignored
  • Reboot → ✅ safe
  • DHCP renew → ✅ safe

IONOS does not overwrite this configuration.

🔍 What Happens at Boot

  1. VPS starts
  2. systemd-networkd activates interface ens6
  3. DHCP assigns IP address and gateway
  4. DHCP DNS servers are received but discarded
  5. systemd-resolved uses:
1.1.1.1 → primary
1.0.0.1 → fallback

✔️ No silent fallback to ISP DNS

🔄 Apply the Configuration

sudo systemctl restart systemd-networkd
sudo systemctl restart systemd-resolved

🧪 IONOS‑Proof Verification

Check Active DNS Resolver

resolvectl query ionos.com

resolvectl status

Expected output:

-- link: ens6
-- server: 1.1.1.1

Expected output:

Global
         Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: stub
Current DNS Server: 1.1.1.1
       DNS Servers: 1.1.1.1 208.67.222.222

Link 2 (ens6)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 1.1.1.1
       DNS Servers: 1.1.1.1 1.0.0.1 212.227.123.16 212.227.123.17
        DNS Domain: ~.

Verify Actual DNS Traffic

sudo tcpdump -i ens6 port 53

✔️ Destination ≠ 212.227. → OK*

🔐 Recommended Hardening (PRO Level)

🔹 DNS‑over‑TLS (Cloudflare)

Edit the file:

sudo vi /etc/systemd/resolved.conf

Add or modify:

[Resolve]
DNSOverTLS=yes
DNSSEC=no

Apply changes:

sudo systemctl restart systemd-resolved

✔️ Encrypted DNS traffic
✔️ No ISP inspection

🔹 Block Unauthorized DNS (nftables)

sudo nft add rule inet filter output udp dport 53 ip daddr != 1.1.1.1 drop
sudo nft add rule inet filter output tcp dport 53 ip daddr != 1.1.1.1 drop

✔️ Fully allowed on IONOS
✔️ Prevents DNS leaks

⚠️ What NOT to Do on IONOS

❌ Install NetworkManager
❌ Manually edit /etc/resolv.conf
❌ Configure static IPs without recovery console access

✅ Conclusion

This configuration is:

  • ✔️ 100% IONOS‑compatible
  • ✔️ Clean
  • ✔️ Secure
  • ✔️ Persistent
  • ✔️ Production‑grade

👉 Ideal DNS configuration for hardened IONOS VPS environments.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment