> How does it work? You make a request to a hostname with a unique prefix. All hostnames resolve to the same IP, but the DNS server records which IP address the query came from. The webserver looks for this record and returns it.
That's a smart way of detecting a user's DNS server - well done!
Is there a way to "fail" the first request and try to force the user's secondary DNS to kick in so that it can be detected too?
The extended test on https://www.dnsleaktest.com/ does that. There’s also various tests that reveal EDNS subnet leakage.
It’s pretty easy to implement; somehow don’t respond to a request, but do respond to a second. (If you’re clever you can probably do it without server side state, e.g. encode a deadline in the custom hostname.)
> How does it work? You make a request to a hostname with a unique prefix. All hostnames resolve to the same IP, but the DNS server records which IP address the query came from. The webserver looks for this record and returns it.
That's a smart way of detecting a user's DNS server - well done!
Is there a way to "fail" the first request and try to force the user's secondary DNS to kick in so that it can be detected too?