[nsp-sec] Open DNS resolvers

Hank Nussbacher hank at efes.iucc.ac.il
Thu Oct 1 11:42:22 EDT 2009 

On Thu, 1 Oct 2009, Fouant, Stefan wrote:

Nope.  They need to be able to check on their own whether their 
consultants have done the job and closed down their open DNS servers and 
they don't have Unix and don't know what is dig and don't want to 
outsource that job to you. :-)

-Hank

> First advice for the newbie... Don't use Windows!!! ;)
>
> Seriously though... Send me your IPs... I'll dig em for you...
>
> Stefan Fouant
> Neustar, Inc. / Principal Engineer
> 46000 Center Oak Plaza Sterling, VA 20166
> Office: +1.571.434.5656 â–« Mobile: +1.202.210.2075 â–« GPG ID: 0xB5E3803D â–« stefan.fouant at neustar.biz
>
> ----- Original Message -----
> From: Hank Nussbacher <hank at efes.iucc.ac.il>
> To: Fouant, Stefan
> Cc: nsp-security at puck.nether.net <nsp-security at puck.nether.net>
> Sent: Thu Oct 01 11:29:16 2009
> Subject: RE: [nsp-sec] Open DNS resolvers
>
> On Thu, 1 Oct 2009, Fouant, Stefan wrote:
>
> I need a GUI for a newbie to do it.  This is not for me to do.  So far
> zilch.
>
> -Hank
>
>> Ok, so back at my computer now... looks like what Team Cymru has is the "Million Resolvers Project" which is basically a list of known open resolvers.  You could probably take a look at that list to see if certain hosts are listed.
>>
>> Alternatively, you could run the following commands which should give you an indication as to whether or not a certain nameserver allows for recursion:
>>
>> /usr/bin/dig +recurs @yournameserver_ip www.facebook.com
>>
>> The above command would indicate whether the nameserver specified allows for recursive queries for www.facebook.com (assuming that nameserver is not authoritative for facebook.com domain).
>>
>> Another thing you might want to look for is whether the name server allows for root referrals:
>>
>> /usr/bin/dig . NS @yournameserver_ip
>>
>> Generally, most Internet-facing authoritative DNS servers should not respond to recursive 3rd party queries for root.
>>
>> Also, you can look for an "RA" entry in the "Flags" section of the response which should give you some indication as to whether the resolver allows for recursion...
>>
>> HTHs.
>>
>> Stefan Fouant
>> Neustar, Inc. / Principal Engineer
>> 46000 Center Oak Plaza Sterling, VA 20166
>> Office: +1.571.434.5656 â–« Mobile: +1.202.210.2075 â–« GPG ID: 0xB5E3803D â–« stefan.fouant at neustar.biz
>>
>>> -----Original Message-----
>>> From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-
>>> bounces at puck.nether.net] On Behalf Of Fouant, Stefan
>>> Sent: Thursday, October 01, 2009 9:35 AM
>>> To: hank at efes.iucc.ac.il; nsp-security at puck.nether.net
>>> Subject: Re: [nsp-sec] Open DNS resolvers
>>>
>>> ----------- nsp-security Confidential --------
>>>
>>> I'm not at my computer right now, but if I recall Team Cymru had some
>>> widget which could test for Open Resolvers. I haven't had my coffee
>>> this AM yet, so I could be way off base though...
>>>
>>> Stefan Fouant
>>> Neustar, Inc. / Principal Engineer
>>> 46000 Center Oak Plaza Sterling, VA 20166
>>> Office: +1.571.434.5656 â–« Mobile: +1.202.210.2075 â–« GPG ID: 0xB5E3803D
>>> â–« stefan.fouant at neustar.biz
>>>
>>> ----- Original Message -----
>>> From: nsp-security-bounces at puck.nether.net <nsp-security-
>>> bounces at puck.nether.net>
>>> To: nsp-security at puck.nether.net <nsp-security at puck.nether.net>
>>> Sent: Thu Oct 01 06:33:08 2009
>>> Subject: [nsp-sec] Open DNS resolvers
>>>
>>> ----------- nsp-security Confidential --------
>>>
>>> Can someone point me at a web page that can test a few specific IPs
>>> whether
>>> they are open.  Not:
>>> http://dns.measurement-factory.com/cgi-bin/openresolvercheck.pl
>>> which only checks what is in their cache from the last time they did
>>> their
>>> check - but I am looking for a check now.
>>>
>>> Thanks,
>>> Hank
>>>
>>>
>>>
>>> _______________________________________________
>>> nsp-security mailing list
>>> nsp-security at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/nsp-security
>>>
>>> Please do not Forward, CC, or BCC this E-mail outside of the nsp-
>>> security
>>> community. Confidentiality is essential for effective Internet security
>>> counter-measures.
>>> _______________________________________________
>>>
>>>
>>> _______________________________________________
>>> nsp-security mailing list
>>> nsp-security at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/nsp-security
>>>
>>> Please do not Forward, CC, or BCC this E-mail outside of the nsp-
>>> security
>>> community. Confidentiality is essential for effective Internet security
>>> counter-measures.
>>> _______________________________________________
>>
>

More information about the nsp-security mailing list