[dns-operations] About open DNS resolvers

Francisco J. Gómez Rodríguez ffranz at iniqua.com
Tue Aug 21 00:55:15 UTC 2012


Hi esolve.

I have good news for you ;-)

1. Try this service to check DNS servers: * porttest.dns-oarc.net*
You can check if it's an open resolver and get the "backend" IP.
Example:
dig @208.67.222.222 porttest.dns-oarc.net txt

; <<>> DiG 9.7.3 <<>> @208.67.222.222 porttest.dns-oarc.net txt
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56520
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;porttest.dns-oarc.net.         IN      TXT

;; ANSWER SECTION:
porttest.dns-oarc.net.  60      IN      CNAME
porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
60 IN TXT "*208.69.35.15* is GREAT: 26 queries in 3.8 seconds from 26 ports
with std dev 18197"

;; Query time: 4209 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Tue Aug 21 02:32:54 2012
;; MSG SIZE  rcvd: 209

This means that the server 208.67.222.222 is an open resolver and use
resolve the query using another IP addr.

2.Do you need an IP addr list? You'll like this:*
http://www.chaz6.com/files/resolv.conf
*
Would you like to read some about DNS? OpenEmmiter? DNS Proxy?


   - Malware distribution using DNS servers:
   http://www.slideshare.net/rootedcon/francisco-jess-gmez-carlos-juan-diaz-cloud-malware-distribution-dns-will-be-your-friend-rootedcon-2011
   - DNS Servers as botnet cover channel:
   http://www.slideshare.net/ffranz/rootedcon2012-dns-a-botnet-dialect-carlos-diaz-francisco-j-gomez
   - OpenNIC tier2 (openresolvers) survey:
   http://www.iniqua.com/2011/06/28/opennic-tier2-servers-minimal-survey/?lang=en


Finally, if you are developing some service DNS related and need help,
please count on me.
-
*@**ffranz* (cc) 2012


On Mon, Aug 20, 2012 at 7:12 PM, esolve esolve <esolvepolito at gmail.com>wrote:

> Hi, all:
>
>        I'm interested in issues on open DNS resolvers. In the following
> page,
>           http://dns.measurement-factory.com/surveys/openresolvers.html
>
>       It discusses how to probe open resolvers, but I have some questions
>
>       1 about the testing methodology, it needs to build a DNS server and
> check whether it receives queries. Why can we just use "dig @target_ip
> www.example.com" and see whether we can get a result?
>
>       2 for testing whether a ip is open resolver, the page recommends to
> use the following command line:
>                                dig +short 2.2.2.4.dnsbl.openresolvers.org
>
>
>          I test many IPs from the link:
> http://www.petercooper.co.uk/list-of-public-dns-servers-you-can-use-40.html, and I got null results, which means
>  they are not open resolvers or they havn't been probed.  for example, I
> tested 67.138.54.100 and got null result
>
>                                              [usr at canard usr]$ dig +short
> 67.138.54.100.dnsbl.openresolvers.org
>                                              [usr at canard usr]$
>
>           But since I tested many ips and only got null results. Is my
> testing wrong or not?
>
>      3 I tried
>                            dig @2.2.2.4 www.google.com
>         and got no good results, but in the page, 2.2.2.4 is an open
> resolver
>
>      4 is there anybody who has a open resolver list?  if so, can you send
> me a copy? I need them to do some tests, thanks!
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs<https://lists.dns-oarc.net/mailman/listinfo/dns-operations%0Adns-jobs>mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20120821/66348d68/attachment.html>


More information about the dns-operations mailing list