[dns-operations] About open DNS resolvers

John Kristoff jtk at cymru.com
Wed Aug 22 15:13:33 UTC 2012

On Mon, 20 Aug 2012 19:12:47 +0200
esolve esolve <esolvepolito at gmail.com> wrote:

>       1 about the testing methodology, it needs to build a DNS server
> and check whether it receives queries. Why can we just use "dig
> @target_ip www.example.com" and see whether we can get a result?

You can, but target_ip may just forward to another resolver, which
ultimately fetches the answer on it's behalf.  So target_ip itself may
not strictly be considered an open resolver, but an "open forwarder".

Depending on what you're querying for, it is possible it nor any
forwarder is truly open, but may return cached answers.  Therefore, the
www.example.com qname is best set to a one-time unique value to help
ensure you're not getting a cached response.

Furthermore, it may be possible, unless you're very careful about
checking the answer you get and asking for that unique answer, do not
confuse any answer with a valid answer.  For instance, the resolver may
be giving you a response based on a locally configured wild card record.

>      4 is there anybody who has a open resolver list?  if so, can you
> send me a copy? I need them to do some tests, thanks!

Yes, then no, but sort of.  Team Cymru monitors for open resolvers so
we have the data, but we do not make the entire population of open
resolvers available to the public.  We are happy to provide a complete
list of open resolvers for a specific network (e.g. ASN) to an
authorized representative for that network however.  If that will
suffice, we welcome requests to get a data feed for your network.
Details here:


I do not know of any publicly available source of open resolvers, but I
have seen some posted from time to time.  The trouble is often in the
methodology used may result in many false positives and that the
address list can change frequently thanks to the nature transitive
nature of IP addresses.


More information about the dns-operations mailing list