[nsp-sec] Open DNS resolvers
Fouant, Stefan
Stefan.Fouant at neustar.biz
Thu Oct 1 11:33:58 EDT 2009
First advice for the newbie... Don't use Windows!!! ;)
Seriously though... Send me your IPs... I'll dig em for you...
Stefan Fouant
Neustar, Inc. / Principal Engineer
46000 Center Oak Plaza Sterling, VA 20166
Office: +1.571.434.5656 ▫ Mobile: +1.202.210.2075 ▫ GPG ID: 0xB5E3803D ▫ stefan.fouant at neustar.biz
----- Original Message -----
From: Hank Nussbacher <hank at efes.iucc.ac.il>
To: Fouant, Stefan
Cc: nsp-security at puck.nether.net <nsp-security at puck.nether.net>
Sent: Thu Oct 01 11:29:16 2009
Subject: RE: [nsp-sec] Open DNS resolvers
On Thu, 1 Oct 2009, Fouant, Stefan wrote:
I need a GUI for a newbie to do it. This is not for me to do. So far
zilch.
-Hank
> Ok, so back at my computer now... looks like what Team Cymru has is the "Million Resolvers Project" which is basically a list of known open resolvers. You could probably take a look at that list to see if certain hosts are listed.
>
> Alternatively, you could run the following commands which should give you an indication as to whether or not a certain nameserver allows for recursion:
>
> /usr/bin/dig +recurs @yournameserver_ip www.facebook.com
>
> The above command would indicate whether the nameserver specified allows for recursive queries for www.facebook.com (assuming that nameserver is not authoritative for facebook.com domain).
>
> Another thing you might want to look for is whether the name server allows for root referrals:
>
> /usr/bin/dig . NS @yournameserver_ip
>
> Generally, most Internet-facing authoritative DNS servers should not respond to recursive 3rd party queries for root.
>
> Also, you can look for an "RA" entry in the "Flags" section of the response which should give you some indication as to whether the resolver allows for recursion...
>
> HTHs.
>
> Stefan Fouant
> Neustar, Inc. / Principal Engineer
> 46000 Center Oak Plaza Sterling, VA 20166
> Office: +1.571.434.5656 ▫ Mobile: +1.202.210.2075 ▫ GPG ID: 0xB5E3803D ▫ stefan.fouant at neustar.biz
>
>> -----Original Message-----
>> From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-
>> bounces at puck.nether.net] On Behalf Of Fouant, Stefan
>> Sent: Thursday, October 01, 2009 9:35 AM
>> To: hank at efes.iucc.ac.il; nsp-security at puck.nether.net
>> Subject: Re: [nsp-sec] Open DNS resolvers
>>
>> ----------- nsp-security Confidential --------
>>
>> I'm not at my computer right now, but if I recall Team Cymru had some
>> widget which could test for Open Resolvers. I haven't had my coffee
>> this AM yet, so I could be way off base though...
>>
>> Stefan Fouant
>> Neustar, Inc. / Principal Engineer
>> 46000 Center Oak Plaza Sterling, VA 20166
>> Office: +1.571.434.5656 ▫ Mobile: +1.202.210.2075 ▫ GPG ID: 0xB5E3803D
>> ▫ stefan.fouant at neustar.biz
>>
>> ----- Original Message -----
>> From: nsp-security-bounces at puck.nether.net <nsp-security-
>> bounces at puck.nether.net>
>> To: nsp-security at puck.nether.net <nsp-security at puck.nether.net>
>> Sent: Thu Oct 01 06:33:08 2009
>> Subject: [nsp-sec] Open DNS resolvers
>>
>> ----------- nsp-security Confidential --------
>>
>> Can someone point me at a web page that can test a few specific IPs
>> whether
>> they are open. Not:
>> http://dns.measurement-factory.com/cgi-bin/openresolvercheck.pl
>> which only checks what is in their cache from the last time they did
>> their
>> check - but I am looking for a check now.
>>
>> Thanks,
>> Hank
>>
>>
>>
>> _______________________________________________
>> nsp-security mailing list
>> nsp-security at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/nsp-security
>>
>> Please do not Forward, CC, or BCC this E-mail outside of the nsp-
>> security
>> community. Confidentiality is essential for effective Internet security
>> counter-measures.
>> _______________________________________________
>>
>>
>> _______________________________________________
>> nsp-security mailing list
>> nsp-security at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/nsp-security
>>
>> Please do not Forward, CC, or BCC this E-mail outside of the nsp-
>> security
>> community. Confidentiality is essential for effective Internet security
>> counter-measures.
>> _______________________________________________
>
More information about the nsp-security
mailing list