dnsprobe v1
about

A small tool for people who care about their DNS and TLS.

dnsprobe is a free tool for sysadmins, SREs and developers who need to verify two things, fast: has my DNS change actually propagated, and is my certificate healthy.

Instead of running dig @1.1.1.1, dig @8.8.8.8, dig @9.9.9.9 in three shells, dnsprobe fans out the lookup across 12 global recursive resolvers in parallel and folds the answers into a single propagation verdict per record type.

Underneath, every probe is a real shell-out: dig for records, openssl s_client for TLS, curl for HTTP/2 and HTTP/3. There is no proprietary API in between — you'd get the same answers from your own shell.

What it isn't

It is not a monitoring product, not a paid SaaS, not an uptime service. There is no login, no account, no API key, no plan. It's a stateless probe with a one-hour cache so we don't hammer upstream resolvers.

Caveats

  • Public resolvers cache. A "propagated" verdict means these 12 resolvers see the same answer — not the entire internet.
  • TLS handshakes run from a single host. Regional CDN behaviour (anycast cert variations) is not captured.
  • HTTP/3 probing requires a libcurl built with nghttp3; some hosts can only mark it as "not probeable" rather than "not supported".

FAQ

How accurate is dnsprobe’s propagation verdict?

A “propagated” verdict means these 12 public resolvers agree on the answer. The entire global recursive layer caches, so even a “propagated” status does not guarantee every consumer ISP resolver in the world has the new record yet.

Why does my probe show partial propagation right after a DNS change?

Each resolver caches based on the TTL of the prior record. Until that TTL elapses, the resolver keeps serving the old answer. Lower your TTL ahead of planned changes.

Is it free?

Yes. No signup, no API key, no paid plan. Hosting is covered by Google AdSense.

Do you store the domains I check?

The probe result is cached by domain only for one hour (latest copy kept seven days for landing pages). No IP, fingerprint or identifier is stored alongside it.

Why HTTP/3 sometimes shows “not probeable”?

HTTP/3 detection uses curl built with nghttp3. If the host lacks that build, we mark HTTP/3 as “not probeable” rather than incorrectly reporting “unsupported”.

Contact

Feedback, bug reports, “your tool said partial but it’s actually propagated” — mail [email protected].