[dns-operations] About open DNS resolvers

Lyle Giese lyle at lcrcomputer.net
Mon Aug 20 21:03:03 UTC 2012

On 8/20/2012 12:12 PM, esolve esolve wrote:
> Hi, all:
>         I'm interested in issues on open DNS resolvers. In the following
> page,
> http://dns.measurement-factory.com/surveys/openresolvers.html
>        It discusses how to probe open resolvers, but I have some questions
>        1 about the testing methodology, it needs to build a DNS server
> and check whether it receives queries. Why can we just use "dig
> @target_ip www.example.com <http://www.example.com>" and see whether we
> can get a result?
>        2 for testing whether a ip is open resolver, the page recommends
> to use the following command line:
>                                 dig +short
> <>
>           I test many IPs from the link:
> http://www.petercooper.co.uk/list-of-public-dns-servers-you-can-use-40.html
> , and I got null results, which means
>   they are not open resolvers or they havn't been probed.  for example,
> I tested and got null result
>                                               [usr at canard usr]$ dig
> +short
> <>
>                                               [usr at canard usr]$
>            But since I tested many ips and only got null results. Is my
> testing wrong or not?
>       3 I tried
>                             dig @ <> www.google.com
> <http://www.google.com>
> and got no good results, but in the page, is an open resolver
>       4 is there anybody who has a open resolver list?  if so, can you
> send me a copy? I need them to do some tests, thanks!

You got things reversed.

in step 2, the open resolver is at, not  But you test 
against an rbl using the reverse of the ip address.

If you run dig @ www.google.com, you will find that it is indeed 
an open resolver.

If you think is an open resolver then the query to 
openresolvers is:


Lyle Giese
LCR Computer Services, Inc.

More information about the dns-operations mailing list