Infrastructure Connectivity Tests | threatER Documentation

threatER has two different ways to confirm that your system can effectively connect to the EnforceDNS infrastructure.

IMPORTANT: You must ensure that all tests pass before contacting threatER support. If a test fails, you must make the necessary network or firewall adjustments on your side and re-test until the expected result is achieved. threatER support can only proceed once your system has successfully passed the checks.

Powershell Script (Windows Only)

Download the EnforceDNS test at https://apps.threater.ai/test/enforcednstest.ps1
Open Windows PowerShell and set the directory to the location of the download (usually C:\users\username\downloads)
Enter the following into Powershell:
powershell -ExecutionPolicy Bypass -File .\enforcednstest.ps1
The script will run 11 tests to check connectivity between your system and the EnforceDNS infrastructure.
1. Tests that PASS will be displayed in green.
2. Tests that FAIL will be displayed in red.

Learn more about the Powershell Script.

Individual Commands (Windows and macOS)

A different way to test connectivity for Windows, and currently the only way to test for macOS, is to run a series of commands. It is important to do each command in order.

Test 1: Primary DNS Resolution

Checkpoint	Expected Value/Requirement
Command Prompt	`nslookup dns.anycast.threater.ai 45.39.53.53`
Address: Line	Must display `45.39.53.53`
Non-authoritative answer	Must list both `45.39.53.53` and `35.71.179.113`

Test 2: Secondary DNS Resolution

Checkpoint	Expected Value/Requirement
Command Prompt	`nslookup dns.anycast.threater.ai 35.71.179.113`
Address: Line	Must display `35.71.179.113`
Non-authoritative answer	Must list both `45.39.53.53` and `35.71.179.113`

Test 3: Resolve API using Anycast Servers

Checkpoint	Expected Value/Requirement
Command Prompt	`nslookup api.threater.ai dns.anycast.threater.ai`
Address: Line	Must display either `45.39.53.53` or `35.71.179.113`
Non-authoritative Addresses	Must list `45.39.53.1` and `166.117.194.88`

Test 4: Connect to the API

Checkpoint	Expected Value/Requirement
Command Prompt	`curl https://api.threater.ai/`
Response Content	Must be the literal text `Not Found`

Test 5: Confirm DoH (DNS over HTTPS)

Checkpoint

Expected Value/Requirement

Command Prompt

curl "https://dns.anycast.threater.ai/dns-lookup?name=threater.ai"

Response Content

Must list 172.67.192.166 and 104.21.11.211

Next Steps

If any test fails (e.g., a "Timeout" error, "Host not found," or different addresses), it indicates a local network or firewall configuration issue. You must address these issues on your side and re-run the tests until all tests pass.

Only once all tests have pass and returned their expected results should you contact threatER support. Please be prepared to provide the complete output when opening a support ticket.