[dns-operations] Best Practices in DNS security
David Ulevitch
davidu at everydns.net
Mon Mar 20 04:30:08 UTC 2006
On Mar 19, 2006, at 10:03 AM, Geo. wrote:
> You need to test an open recursive dns server at 5.5.5.5 so you
> spoof a
> query to it with a source address of 5.5.5.4 and 5.5.5.6 with the
> query
> being 5.5.5.5.bcp38test.com. You then watch your dns server for
> this query,
> if it shows up you know that network is not BCP38
Bad test. Me checking glue or actually resolving for qname
5.5.5.5.bcp38test.com is not any indication of my BCP38 compliance as
an operator of said recursive nameserver's network.
Sorry.
-David
More information about the dns-operations
mailing list