[dns-operations] About open DNS resolvers
Francisco J. Gómez Rodríguez
ffranz at iniqua.com
Tue Aug 21 00:55:15 UTC 2012
I have good news for you ;-)
1. Try this service to check DNS servers: * porttest.dns-oarc.net*
You can check if it's an open resolver and get the "backend" IP.
dig @188.8.131.52 porttest.dns-oarc.net txt
; <<>> DiG 9.7.3 <<>> @184.108.40.206 porttest.dns-oarc.net txt
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56520
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;porttest.dns-oarc.net. IN TXT
;; ANSWER SECTION:
porttest.dns-oarc.net. 60 IN CNAME
60 IN TXT "*220.127.116.11* is GREAT: 26 queries in 3.8 seconds from 26 ports
with std dev 18197"
;; Query time: 4209 msec
;; SERVER: 18.104.22.168#53(22.214.171.124)
;; WHEN: Tue Aug 21 02:32:54 2012
;; MSG SIZE rcvd: 209
This means that the server 126.96.36.199 is an open resolver and use
resolve the query using another IP addr.
2.Do you need an IP addr list? You'll like this:*
Would you like to read some about DNS? OpenEmmiter? DNS Proxy?
- Malware distribution using DNS servers:
- DNS Servers as botnet cover channel:
- OpenNIC tier2 (openresolvers) survey:
Finally, if you are developing some service DNS related and need help,
please count on me.
*@**ffranz* (cc) 2012
On Mon, Aug 20, 2012 at 7:12 PM, esolve esolve <esolvepolito at gmail.com>wrote:
> Hi, all:
> I'm interested in issues on open DNS resolvers. In the following
> It discusses how to probe open resolvers, but I have some questions
> 1 about the testing methodology, it needs to build a DNS server and
> check whether it receives queries. Why can we just use "dig @target_ip
> www.example.com" and see whether we can get a result?
> 2 for testing whether a ip is open resolver, the page recommends to
> use the following command line:
> dig +short 188.8.131.52.dnsbl.openresolvers.org
> I test many IPs from the link:
> http://www.petercooper.co.uk/list-of-public-dns-servers-you-can-use-40.html, and I got null results, which means
> they are not open resolvers or they havn't been probed. for example, I
> tested 184.108.40.206 and got null result
> [usr at canard usr]$ dig +short
> [usr at canard usr]$
> But since I tested many ips and only got null results. Is my
> testing wrong or not?
> 3 I tried
> dig @220.127.116.11 www.google.com
> and got no good results, but in the page, 18.104.22.168 is an open
> 4 is there anybody who has a open resolver list? if so, can you send
> me a copy? I need them to do some tests, thanks!
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> dns-jobs<https://lists.dns-oarc.net/mailman/listinfo/dns-operations%0Adns-jobs>mailing list
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations