The sensor's core network tests include checking if the provided DNS servers are working. This is true for DNS servers provided by the DHCP lease, as well as DNS servers manually specified in a static configuration.

The sensor tests this by trying to resolve a known domain that is automatically decided on by the sensor software. This algorithm is changed occasionally, but the approximate flow is as follows:

  • If a PAC proxy URL is provided and is a domain, use that
  • If a proxy is manually configured, use a random service test domain
  • Otherwise use cdn.capenetworks.io  

If you would prefer to use your own domain to test DNS resolution against, or have a network requirement for this, you can specify it in your network configuration on the dashboard. 

Disable EDNS on dig setting:

The sensor uses dig for testing DNS. In its original form DNS had very strict size restrictions on parameters and packets; EDNS is a specification for expanding the size of several parameters to allow increased functionality in the DNS protocol. Most DNS software supports EDNS now but older firewalls (or legacy firewall rules) will drop DNS packets with EDNS extensions. If this is effecting you, you can disable EDNS extensions with this option.

Did this answer your question?