[dns-operations] About open DNS resolvers
Lyle Giese
lyle at lcrcomputer.net
Mon Aug 20 21:03:03 UTC 2012
On 8/20/2012 12:12 PM, esolve esolve wrote:
> Hi, all:
>
> I'm interested in issues on open DNS resolvers. In the following
> page,
> http://dns.measurement-factory.com/surveys/openresolvers.html
>
> It discusses how to probe open resolvers, but I have some questions
>
> 1 about the testing methodology, it needs to build a DNS server
> and check whether it receives queries. Why can we just use "dig
> @target_ip www.example.com <http://www.example.com>" and see whether we
> can get a result?
>
> 2 for testing whether a ip is open resolver, the page recommends
> to use the following command line:
> dig +short
> 2.2.2.4.dnsbl.openresolvers.org <http://2.2.2.4.dnsbl.openresolvers.org>
>
> I test many IPs from the link:
> http://www.petercooper.co.uk/list-of-public-dns-servers-you-can-use-40.html
> , and I got null results, which means
> they are not open resolvers or they havn't been probed. for example,
> I tested 67.138.54.100 and got null result
>
> [usr at canard usr]$ dig
> +short 67.138.54.100.dnsbl.openresolvers.org
> <http://67.138.54.100.dnsbl.openresolvers.org>
> [usr at canard usr]$
>
> But since I tested many ips and only got null results. Is my
> testing wrong or not?
>
> 3 I tried
> dig @2.2.2.4 <http://2.2.2.4> www.google.com
> <http://www.google.com>
> and got no good results, but in the page, 2.2.2.4 is an open resolver
>
> 4 is there anybody who has a open resolver list? if so, can you
> send me a copy? I need them to do some tests, thanks!
>
>
You got things reversed.
in step 2, the open resolver is at 4.2.2.2, not 2.2.2.4. But you test
against an rbl using the reverse of the ip address.
If you run dig @4.2.2.2 www.google.com, you will find that it is indeed
an open resolver.
If you think 67.138.54.100 is an open resolver then the query to
openresolvers is:
dig 100.54.138.67.ndsbl.openresolvers.org
Lyle Giese
LCR Computer Services, Inc.
More information about the dns-operations
mailing list