DNS leak testing

I've been trying to use this DNS-OARC site for a few days now, and every time I click on "Test My DNS" I get a "Server not found" message in Firefox. Is the site just down temporarily? Is this happening to anybody else?

Is there another site that reliably tests this?

 

It works fine here, I just tried it 5min ago, as far as I know there isn't anywhere else to test this, which is sad given the millions of sites out there.

https://www.dns-oarc.net/oarc/services/dnsentropy

 

I got, "Transaction ID Randomness: GREAT" on that www

Yes, here's another good one

I got “Excellent.” on GRC

 

On that GRC site I'm getting 2 different sets of results. On image to the left "Query Source Port Distribution", I get these results:

Max Entropy: 11.99 (Moderate)
Lost Entropy: 0.01 (Excellent)
Dir Bias: 1.01% (Excellent)
Stuck Bits: 1 (Moderate)

Then the query to the right "Query Transaction ID Distribution", I get these results:

Max Entropy: 15.98 (Excellent)
Lost Entropy: 0 (Excellent)
Dir Bias: 9.09% (Excellent)
Stuck Bits: 0 (Excellent)

I also saw this:

"Spoofability Mitigation Note: Even though one or more of the individual “spoofability” parameters
shown above does indicate a worrying spoofability grade of “Moderate”, our attempt to directly query
this server from the Internet failed. Therefore, “Kaminsky-style” cache poisoning attacks will be either
more difficult or impossible to conduct. As long as this nameserver remains inaccessible to Internet
queries, there is little danger of it becoming a victim of Kaminsky-style cache poisoning attacks."

And this:

"This nameserver has no associated domain name"

I read through everything on the page and I'm still not exactly sure what to make of all it. I'm just relieved to not see any poor ratings.

... perhaps it's my VPN that's blocking OARC from working? I'll try some other time with it disconnected.

 

Okay, it all makes sense now. I did it without my VPN and it all came back excellent. And the OARC test also worked, with ratings of "Great" all around using Comodo Secure DNS servers.

I'm satisfied with my protection in this regard now, so I'll stop obsessing.

 

In the context of testing VPN services, what's relevant is simply what DNS servers GRC reports that you're using. If you're using only the VPN service's DNS server(s), that's good. If you're using your ISP's DNS server(s), that's bad -- you're leaking DNS lookups. DNS spoofability is a different issue, relating to a type of MITM attack.

 

Yeah it was testing my VPN's DNS server. I don't use my ISP's at all, I use Comodo Secure DNS when I'm not using my VPN.

 

I get that a lot with oarc. I just click the refresh button and it works after that.