If this question is bugging you, here’s web page to find out:

https://using.dnscrypt.pl

 

It is a DNS-based test which shows one of the two possible outcomes:

Regular queries will resolve using.dnscrypt.pl to 178.62.233.48 DNSCrypt queries will resolve using.dnscrypt.pl to 163.172.177.187
You are NOT using DNSCrypt Poland Yes, you are using DNSCrypt Poland!

 

Nothing fancy, really, but it works.

UPDATE: the IP addresses of the “vanilla” and “dnscrypt” versions have beeb swapped on 07-JAN-2018 for administrative convenience purposes.

Caution: If you are not using DNSSEC, a rogue DNS server could send a spoofed response with 178.62.233.48 tricking you into thinking you’re using DNSCrypt Poland, when in reality you are not.

18 Responses to “Am I using DNSCrypt Poland?”

  1. freegigi

    Hi, I’m using soltysiak and everything seems to work fine, except using.dnscrypt.pl :-) When dnscrypt is disabled I get 188.226.192.48, but with dnscrypt I can’t resolve the domain.

    Can you check if everything is ok? It really seems to work fine on my end.
    Thanks.

  2. Maciej Soltysiak

    Thanks for checking it and reporting. I’ve checked it and I’m not observing any issues but I’ll get in touch with by email.

  3. Doriath

    Hi,
    I just have configured my tomato-based router to use your resolver, and it’s working fine, except the using.dnscrypt.pl address. I can observe some weird behavior – the ip address seems to be resolved fine, but firefox shouts there is some problem with the certificate and as the site uses HSTS I cannot add an exception to proceed. I also use HE ipv6 tunnel, maybe this causes issues? Lookup result looks like this:
    Non-authoritative answer:
    Name: using.dnscrypt.pl
    Addresses: 2a03:b0c0:2:d0::4d:c001
    178.62.233.48

    Please contact me via email if you’d like more informations. You can write in Polish, I’m from PL :)

    Regards,
    Marcin

  4. Maciej Soltysiak

    Sure, I just wrote to you.
    Maciej

  5. Doriath

    It was a false alarm, sorry! It seems I’ve something wrong on my PC, on every other device I’ve tried in the same network it works correctly.
    BTW thank you Maciej for fast contact and for doing this :)

    Regards,
    Marcin

  6. zeratax

    Any device not using gives me “Yes, you are using […]”: https.//my.mixtape.moe/belujm.png
    While my laptop using dnscrypt gives me “DNS_PROBE_FINISHED_NXDOMAIN” https://my.mixtape.moe/kgxupz.png

    Same goes for any namecoin address, I’ve tried so far.

  7. Maciej Soltysiak

    Hey there! Are you still getting the same error? Are you getting it in other browsers?
    I’m asking for 2 reasons. One is because around the time you left a comment, there was an issue with the master zone for dnscrypt.pl.
    The second is, it might be because using.dnscrypt.pl name, when accessed over dnscrypt is the only name which is not DNSSEC-signed, therefore a DNS-client, like some versions of Chrome, would see lack of DNSSEC RRSIG as invalid, and therefore might say NXDOMAIN.

    Sorry for late reply!
    Maciej

  8. ZerataX

    Sorry for the very late reply.
    I still can’t open it with any Browser and I get in Chromium: ERR_ICANN_NAME_COLLISION
    But I think I’ve located the problem, I think it’s unbound.

    dig using.dnscrypt.pl
    ; <> DiG 9.11.0-P1 <> using.dnscrypt.pl
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44985
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ; COOKIE: 091757046701158a (echoed)
    ;; QUESTION SECTION:
    ;using.dnscrypt.pl. IN A

    ;; Query time: 612 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Fr Jan 13 00:02:41 CET 2017
    ;; MSG SIZE rcvd: 58

    dig @127.0.0.1 using.dnscrypt.pl -p 5353

    ; <> DiG 9.11.0-P1 <> @127.0.0.1 using.dnscrypt.pl -p 5353
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41401
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;using.dnscrypt.pl. IN A

    ;; ANSWER SECTION:
    using.dnscrypt.pl. 3600 IN A 178.62.233.48

    ;; Query time: 40 msec
    ;; SERVER: 127.0.0.1#5353(127.0.0.1)
    ;; WHEN: Fr Jan 13 00:05:08 CET 2017
    ;; MSG SIZE rcvd: 62

    port 5353 is dnscrypt port 53 is unbound
    dnscrypt returns the url you would expect, though

    dig @8.8.8.8 using.dnscrypt.pl returns
    163.172.177.187
    which is not the ip stated above, but maybe that changed?
    My unbound config:

    server:
    interface: 0.0.0.0
    interface: ::0
    access-control: 192.168.188.0/16 allow
    access-control: ::1 allow
    verbosity: 1
    trust-anchor-file: "/etc/unbound/trusted-key.key"
    use-syslog: yes
    directory: "/etc/unbound"
    username: "unbound"
    do-not-query-localhost: no
    include: "/etc/unbound/adservers"
    forward-zone:
    name: "."
    forward-addr: 127.0.0.1@5353

    So when I disable unbound and set dnscrypt to port 53 it works, though as I thought the info on top is slightly out of date as the resulting page looks slightly different in both cases than described, not that it matters much.

    Thank you very much for your patience and running this amazing service, I hope this is not too off-topic and I would thank you very much if you could help me with this, or if this is we could continue this per email.
    pgp: https://keybase.io/zeratax/pgp_keys.asc?fingerprint=44f7b7979d3a27b189e0841e8333735e784df9d4

  9. swieczkos

    There’s something wrong with using.dnscrypt.pl. I’m not using it and when I enter using.dnscrypt.pl I have i a photo “You are using” and on the right of the picture I have a text “No, You Are Not!” (without photo). Tested on FF, Chrome and Edge and two different ISP

  10. Maciej Soltysiak

    Hi, thanks for reporting this.
    Indeed, the image on the page of “not using” got replaced with the “using” one. I fixed it just now.
    Can you confirm, please?

  11. Beverly

    NET::ERR_CERT_COMMON_NAME_INVALID

    This server could not prove that it is using.dnscrypt.pl; its security certificate is from dc0.dnscrypt.pl

  12. Rob

    The https://using.dnscrypt.pl always says I am not using dnscrypt.

    Dig seems to suggest that I am:

    ; <> DiG 9.10.3-P4-Ubuntu <> using.dnscrypt.pl
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2683
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;using.dnscrypt.pl. IN A

    ;; ANSWER SECTION:
    using.dnscrypt.pl. 3600 IN A 178.62.233.48

    ;; Query time: 40 msec
    ;; SERVER: 127.0.2.1#53(127.0.2.1)
    ;; WHEN: Tue Dec 19 15:07:13 GMT 2017
    ;; MSG SIZE rcvd: 62

    Any idea what is wrong?

  13. Maciej Soltysiak

    Hi Rob, if you’re getting 178.62.233.48 for using.dnscrypt.pl, then you are using dnscrypt.pl. When I do it now, I get the drinking Obama, maybe you misread the page?

    if you query using.dnscrypt.pl under regular DNS conditions then you would get a CNAME to not-using.dnscrypt.pl which has A record of 163.172.177.187

    Let me know if you can verify this works or not.

  14. Rob

    Checking again with nslookup and verifying with netstat, I am defintely hitting 178.62.233.48, but I get the wrong image. Strange.

  15. Maciej Soltysiak

    Hm, not sure. A few days ago the certificates were renewed and I swapped the “vanilla” and “dnscrypt” versions of using.dnscrypt.pl for administrative convenience. The IPs are swapped, but it should be all good now.
    Can you check how it is at your end?

  16. Rob

    I get the new IP address (163.172.177.187) but still the picture which says I am not using DNSCrypt.

  17. Filip

    for me it works fine, web page shows correctly as I’m using dnscrypt.pl
    dig output
    ;; QUESTION SECTION:
    ;using.dnscrypt.pl. IN A

    ;; ANSWER SECTION:
    uSInG.DNScryPT.pl. 3600 IN A 163.172.177.187

    ;; Query time: 0 msec
    ;; SERVER: 127.0.0.9#53(127.0.0.9)
    ;; WHEN: Thu Feb 15 14:46:21 Central Europe Standard Time 2018
    ;; MSG SIZE rcvd: 77

    though not sure about that random capital/lower letters in answer section uSInG.DNScryPT.pl

    using google 8.8.8.8 returns
    ;; ANSWER SECTION:
    using.dnscrypt.pl. 59 IN CNAME not-using.dnscrypt.pl.
    not-using.dnscrypt.pl. 59 IN A 178.62.233.48

  18. Maciej Soltysiak

    That sounds right, thanks Filip.
    Lower/upper-case is 0x20 encoding, kind of strange because I’ve got it disabled with unbound configuration by setting use-caps-for-id to no.

Leave a Reply