Skip to content

Instantly share code, notes, and snippets.

@michele-tn

michele-tn/DNS Speed Test Script.md

Created August 9, 2025 13:51
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save michele-tn/cb3ea408de612b897c2a5f6ede256a51 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save michele-tn/cb3ea408de612b897c2a5f6ede256a51 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
DNS Speed Test Script.md

DNS Speed Test Script

A simple Bash script to measure and compare DNS query response times from popular public DNS servers.
Outputs aligned ASCII tables showing raw and sorted results by speed.

Tested Environment

This script has been tested on the following Linux distribution:

  • Distributor ID: Ubuntu
  • Description: Ubuntu 22.04.5 LTS
  • Release: 22.04
  • Codename: jammy

Note: On this system, /etc/resolv.conf is a symbolic link to /run/systemd/resolve/stub-resolv.conf.

Features

  • Tests multiple well-known DNS servers (Cloudflare, Google, Quad9, OpenDNS, AdGuard, ControlD)
  • Measures query time to resolve a specified domain (default: example.com)
  • Handles no-response cases gracefully by marking them as NO RESP
  • Outputs two clean, ASCII-aligned tables:
    • Original unsorted results
    • Results sorted from fastest to slowest
  • Fully ASCII-safe with dynamic column width adjustment

DNS Servers Tested

  • Cloudflare (1.1.1.1)
  • Google Primary (8.8.8.8)
  • Google Backup (8.8.4.4)
  • Quad9 (9.9.9.9)
  • OpenDNS Primary (208.67.222.222)
  • OpenDNS Backup (208.67.220.220)
  • AdGuard Primary (94.140.14.14)
  • AdGuard Backup (94.140.15.15)
  • ControlD Primary (76.76.2.0)
  • ControlD Backup (76.76.10.0)

Usage

./dns-speed-test.sh [domain]
  • domain — Optional. The domain to resolve. Defaults to example.com if omitted.

Download Script

You can download the latest version of the DNS Speed Test script from GitHub:

Download dns-speed-test.sh

Example Output

+-----------+-------------+--------+
| Name      | IP          |  Time  |
+-----------+-------------+--------+
| Cloudflare| 1.1.1.1     |    12ms|
| Google    | 8.8.8.8     |    14ms|
| Quad9     | 9.9.9.9     | NO RESP|
+-----------+-------------+--------+

Sorted (from fastest to slowest):
+-----------+-------------+--------+
| Name      | IP          |  Time  |
+-----------+-------------+--------+
| Cloudflare| 1.1.1.1     |    12ms|
| Google    | 8.8.8.8     |    14ms|
| Quad9     | 9.9.9.9     | NO RESP|
+-----------+-------------+--------+

How It Works

  • Uses dig to query each DNS server for the provided domain.
  • Extracts the query time from the dig output.
  • If no response is received within the timeout, marks it as NO RESP with a high sort value to appear last.
  • Prints two tables:
    1. The original order of DNS servers tested
    2. Sorted results by ascending query time

Dependencies

  • bash
  • dig (from bind-utils or dnsutils package)

License

MIT License

@michele-tn
Copy link
Author

michele-tn commented Aug 9, 2025

image

@michele-tn
Copy link
Author

michele-tn commented Jan 7, 2026
edited
Loading

DNS Configuration for IONOS VPS (Ubuntu Server)

This How-TO provides a complete, correct, and IONOS‑proof guide on how to enforce Cloudflare DNS (1.1.1.1 / 1.0.0.1) on an IONOS VPS running Ubuntu Server, while keeping the public IP address and gateway assigned via DHCP.

🧠 IONOS VPS Specifics

🔹 DNS Servers Assigned via DHCP

During installation or at boot time, you may see DNS servers such as:

212.227.123.16
212.227.123.17

✔️ Official IONOS / 1&1 DNS servers
✔️ Assigned via DHCP
NOT mandatory

IONOS:

  • does not enforce DNS at firewall level
  • does not block custom DNS resolvers
  • does not overwrite systemd-networkd configurations

➡️ This makes IONOS an excellent provider for advanced network hardening.

🏗️ Typical IONOS VPS Network Stack (Ubuntu Server)

On Ubuntu Server, IONOS almost always uses:

  • systemd-networkd
  • systemd-resolved
  • NetworkManager (not installed)

⚠️ DHCP is mandatory for:

  • Public IP address
  • Default gateway
  • Routing

🎯 Goal

  • Use Cloudflare as the only DNS resolver
  • Ignore DNS servers received via DHCP
  • Keep DHCP enabled for IP and gateway
  • Ensure a persistent, reboot‑safe configuration
  • Avoid any networking issues on IONOS VPS

📁 Correct Configuration File

Correct file path:

/etc/systemd/network/10-ens6.network

✏️ Exact vi Command

sudo vi /etc/systemd/network/10-ens6.network

Full File Content

[Match]
Name=ens6

[Network]
DHCP=yes
DNS=1.1.1.1
DNS=1.0.0.1
Domains=~.

✅ Effective Result on IONOS

  • Public IP → assigned by DHCP (IONOS)
  • Gateway → assigned by DHCP (IONOS)
  • DNS → Cloudflare only
  • IONOS DNS → ❌ ignored
  • Reboot → ✅ safe
  • DHCP renew → ✅ safe

IONOS does not overwrite this configuration.

🔍 What Happens at Boot

  1. VPS starts
  2. systemd-networkd activates interface ens6
  3. DHCP assigns IP address and gateway
  4. DHCP DNS servers are received but discarded
  5. systemd-resolved uses:
1.1.1.1 → primary
1.0.0.1 → fallback

✔️ No silent fallback to ISP DNS

🔄 Apply the Configuration

sudo systemctl restart systemd-networkd
sudo systemctl restart systemd-resolved

🧪 IONOS‑Proof Verification

Check Active DNS Resolver

resolvectl query ionos.com

resolvectl status

Expected output:

-- link: ens6
-- server: 1.1.1.1

Expected output:

Global
         Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: stub
Current DNS Server: 1.1.1.1
       DNS Servers: 1.1.1.1 208.67.222.222

Link 2 (ens6)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 1.1.1.1
       DNS Servers: 1.1.1.1 1.0.0.1 212.227.123.16 212.227.123.17
        DNS Domain: ~.

Verify Actual DNS Traffic

sudo tcpdump -i ens6 port 53

✔️ Destination ≠ 212.227. → OK*

🔐 Recommended Hardening (PRO Level)

🔹 DNS‑over‑TLS (Cloudflare)

Edit the file:

sudo vi /etc/systemd/resolved.conf

Add or modify:

[Resolve]
DNSOverTLS=yes
DNSSEC=no

Apply changes:

sudo systemctl restart systemd-resolved

✔️ Encrypted DNS traffic
✔️ No ISP inspection

🔹 Block Unauthorized DNS (nftables)

sudo nft add rule inet filter output udp dport 53 ip daddr != 1.1.1.1 drop
sudo nft add rule inet filter output tcp dport 53 ip daddr != 1.1.1.1 drop

✔️ Fully allowed on IONOS
✔️ Prevents DNS leaks

⚠️ What NOT to Do on IONOS

❌ Install NetworkManager
❌ Manually edit /etc/resolv.conf
❌ Configure static IPs without recovery console access

✅ Conclusion

This configuration is:

  • ✔️ 100% IONOS‑compatible
  • ✔️ Clean
  • ✔️ Secure
  • ✔️ Persistent
  • ✔️ Production‑grade

👉 Ideal DNS configuration for hardened IONOS VPS environments.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment