[dns-operations] porttest.dns-oarc.net: check your resolver's source port behavior

Stephane Bortzmeyer bortzmeyer at nic.fr
Thu Jul 10 07:53:46 UTC 2008

On Wed, Jul 09, 2008 at 06:57:46PM +0000,
 Duane Wessels <wessels at dns-oarc.net> wrote 
 a message of 17 lines which said:

> I've put together a quick hack that you can use to check your
> resolver's source port characteristics.  Use 'dig' to send a query
> to porttest.dns-oarc.net:

On most machines, I get the same result from porttest.dns-oarc.net and
from Michael C. Toren's "noclicky".

But I found a resolver where it does not match:

%  perl noclicky-1.00.pl
Looking up d9cr6ej9ziw9.toorrr.com against
Requests seen for d9cr6ej9ziw9.toorrr.com: TXID=31148 TXID=47685 TXID=61808 TXID=41194 TXID=56445
Your nameserver appears vulnerable; all requests came from the same port.

% dig +short porttest.dns-oarc.net TXT 
" is GOOD: 13 queries in 1.9 seconds from 13 ports with std dev 20832.02"

Do note that the IP address is different. May be is
using a forwarder?

More information about the dns-operations mailing list