[dns-operations] porttest.dns-oarc.net: check your resolver's source port behavior
bortzmeyer at nic.fr
Thu Jul 10 07:53:46 UTC 2008
On Wed, Jul 09, 2008 at 06:57:46PM +0000,
Duane Wessels <wessels at dns-oarc.net> wrote
a message of 17 lines which said:
> I've put together a quick hack that you can use to check your
> resolver's source port characteristics. Use 'dig' to send a query
> to porttest.dns-oarc.net:
On most machines, I get the same result from porttest.dns-oarc.net and
from Michael C. Toren's "noclicky".
But I found a resolver where it does not match:
% perl noclicky-1.00.pl 188.8.131.52
Looking up d9cr6ej9ziw9.toorrr.com against 184.108.40.206
Requests seen for d9cr6ej9ziw9.toorrr.com:
Your nameserver appears vulnerable; all requests came from the same port.
% dig +short porttest.dns-oarc.net TXT
"220.127.116.11 is GOOD: 13 queries in 1.9 seconds from 13 ports with std dev 20832.02"
Do note that the IP address is different. May be 18.104.22.168 is
using a forwarder?
More information about the dns-operations