SNDDNS - DNS Debugging Service

🌐 What is SNDDNS?

SNDDNS is a DNS debugging service that helps you troubleshoot DNS configuration issues by responding with the IP address that made the DNS request.

🔧 How to Use

Simply make a DNS query to snddns.uk and the response will contain your public IP address. This is useful for:

Verifying which IP address your DNS queries are coming from
Debugging DNS resolver configurations
Testing DNS propagation and routing
Troubleshooting network address translation (NAT) issues

💻 Example Usage

Using dig:

dig snddns.uk dig snddns.uk +short

Using nslookup:

nslookup snddns.uk

Using host:

host snddns.uk

Testing for DNS Interception

Some ISPs silently intercept all DNS requests and proxy them through their own resolvers, regardless of which DNS server you specify. To test if this is happening:

                dig snddns.uk +short
                dig @139.162.234.137 snddns.uk +short
            

Normal behavior (no interception): The first command returns your DNS resolver's IP (e.g., your ISP's DNS server, 1.1.1.1, or 8.8.8.8), while the second returns your own public IP.

DNS interception detected: If both commands return the same IP address (your public IP), your ISP is intercepting all DNS traffic regardless of the destination server you specify.

📋 How It Works

When you query snddns.uk, the DNS server captures your source IP address and returns it in the DNS response. This allows you to see exactly which IP address your DNS queries appear to originate from, which is particularly useful when working with:

VPNs and proxies
Corporate networks with complex routing
Cloud environments with NAT gateways
IPv4/IPv6 dual-stack configurations

⚠️ DNS Source IP vs. Web Traffic IP

Important: SNDDNS returns the DNS query source IP, which is often different from your web traffic IP address because:

Your DNS queries may go through your ISP's nameservers
You may be using a DNS service like Cloudflare (1.1.1.1) or Google (8.8.8.8)
Your device may be configured to use a specific DNS resolver
DNS protective services may intercept and forward your queries

This is different from HTTP-based IP detection services like ifconfig.me or icanhazip.com, which show where your web browser traffic comes from. SNDDNS shows where your DNS queries actually originate.

Note: SNDDNS is a DNS-only service. There is no website hosted at snddns.uk - it only responds to DNS queries.

🎲 Advanced Usage: Subdomains

SNDDNS responds to requests for any subdomain of snddns.uk in the same way. This enables two powerful debugging techniques:

Avoiding Cached Responses

If you want to avoid cached DNS responses, query a random subdomain:

                dig $(uuidgen).snddns.uk
                dig random-string-12345.snddns.uk
            

Each unique subdomain will bypass DNS caching, ensuring you get a fresh response from the authoritative server.

Enumerating DNS Servers

To discover how many different DNS servers your traffic passes through, send multiple queries with different random subdomains and observe how many unique IP addresses you receive in the responses:

for i in {1..10}; do dig test-$i.snddns.uk +short; done | sort -u

This technique helps you:

Identify DNS load balancing or anycast configurations
Detect multiple egress points in your network
Understand DNS resolver distribution patterns
Troubleshoot inconsistent DNS behavior

📊 Comparison with Other Services

Service	Method	Shows	Use Case
ifconfig.me	HTTP	Web traffic IP	Find your public IP
icanhazip.com	HTTP	Web traffic IP	Find your public IP
ipify.org	HTTP	Web traffic IP	Find your public IP
SNDDNS	DNS	DNS query source IP	Find your DNS resolver IP

When to use SNDDNS:

Verify which DNS server is actually making queries
Check if protective DNS (1.1.1.1, 8.8.8.8) is active
Test if DNS is being intercepted/proxied by your ISP
Works in DNS-only environments (no HTTP access required)

💾 Using in Scripts

Bash:

MY_IP=$(dig snddns.uk +short)
echo "My DNS source IP is: $MY_IP"

Python (using subprocess):

import subprocess
result = subprocess.run(['dig', 'snddns.uk', '+short'], capture_output=True, text=True)
print(f"My DNS source IP: {result.stdout.strip()}")

Python (using dnspython):

import dns.resolver
answer = dns.resolver.resolve('snddns.uk', 'A')
print(f"My DNS source IP: {answer[0]}")

PowerShell (Windows):

$result = Resolve-DnsName -Name "snddns.uk" -Type A
Write-Host "My DNS source IP is: $($result.IPAddress)"

SNDDNS works with standard DNS libraries in any programming language: Go (net.LookupIP), Node.js (dns.resolve4), Java (InetAddress.getAllByName), C/C++ (getaddrinfo), Rust (dns_lookup crate), and more.

🔍 Troubleshooting

No response:

Check that port 53 (DNS) is accessible
Try both UDP and TCP: dig snddns.uk +tcp
Verify network connectivity and firewall settings

Different IP than expected:

SNDDNS returns the DNS query source IP, not your device IP
If using ISP DNS, you'll see your ISP's nameserver IP
If using 1.1.1.1 or 8.8.8.8, you'll see Cloudflare/Google's IP
This is normal - it shows where DNS queries actually come from

Timeout:

Increase timeout: dig snddns.uk +time=5
Check network connectivity and firewall rules
Ensure port 53 (UDP/TCP) is allowed

← Back to Workshop1