[dns-operations] About open DNS resolvers
Francisco J. Gómez Rodríguez
ffranz at iniqua.com
Tue Aug 21 00:55:15 UTC 2012
Hi esolve.
I have good news for you ;-)
1. Try this service to check DNS servers: * porttest.dns-oarc.net*
You can check if it's an open resolver and get the "backend" IP.
Example:
dig @208.67.222.222 porttest.dns-oarc.net txt
; <<>> DiG 9.7.3 <<>> @208.67.222.222 porttest.dns-oarc.net txt
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56520
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;porttest.dns-oarc.net. IN TXT
;; ANSWER SECTION:
porttest.dns-oarc.net. 60 IN CNAME
porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
60 IN TXT "*208.69.35.15* is GREAT: 26 queries in 3.8 seconds from 26 ports
with std dev 18197"
;; Query time: 4209 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Tue Aug 21 02:32:54 2012
;; MSG SIZE rcvd: 209
This means that the server 208.67.222.222 is an open resolver and use
resolve the query using another IP addr.
2.Do you need an IP addr list? You'll like this:*
http://www.chaz6.com/files/resolv.conf
*
Would you like to read some about DNS? OpenEmmiter? DNS Proxy?
- Malware distribution using DNS servers:
http://www.slideshare.net/rootedcon/francisco-jess-gmez-carlos-juan-diaz-cloud-malware-distribution-dns-will-be-your-friend-rootedcon-2011
- DNS Servers as botnet cover channel:
http://www.slideshare.net/ffranz/rootedcon2012-dns-a-botnet-dialect-carlos-diaz-francisco-j-gomez
- OpenNIC tier2 (openresolvers) survey:
http://www.iniqua.com/2011/06/28/opennic-tier2-servers-minimal-survey/?lang=en
Finally, if you are developing some service DNS related and need help,
please count on me.
-
*@**ffranz* (cc) 2012
On Mon, Aug 20, 2012 at 7:12 PM, esolve esolve <esolvepolito at gmail.com>wrote:
> Hi, all:
>
> I'm interested in issues on open DNS resolvers. In the following
> page,
> http://dns.measurement-factory.com/surveys/openresolvers.html
>
> It discusses how to probe open resolvers, but I have some questions
>
> 1 about the testing methodology, it needs to build a DNS server and
> check whether it receives queries. Why can we just use "dig @target_ip
> www.example.com" and see whether we can get a result?
>
> 2 for testing whether a ip is open resolver, the page recommends to
> use the following command line:
> dig +short 2.2.2.4.dnsbl.openresolvers.org
>
>
> I test many IPs from the link:
> http://www.petercooper.co.uk/list-of-public-dns-servers-you-can-use-40.html, and I got null results, which means
> they are not open resolvers or they havn't been probed. for example, I
> tested 67.138.54.100 and got null result
>
> [usr at canard usr]$ dig +short
> 67.138.54.100.dnsbl.openresolvers.org
> [usr at canard usr]$
>
> But since I tested many ips and only got null results. Is my
> testing wrong or not?
>
> 3 I tried
> dig @2.2.2.4 www.google.com
> and got no good results, but in the page, 2.2.2.4 is an open
> resolver
>
> 4 is there anybody who has a open resolver list? if so, can you send
> me a copy? I need them to do some tests, thanks!
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs<https://lists.dns-oarc.net/mailman/listinfo/dns-operations%0Adns-jobs>mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20120821/66348d68/attachment.html>
More information about the dns-operations
mailing list