[dns-operations] open resolver version.bind responses
Jared Mauch
jared at puck.nether.net
Tue Apr 16 12:52:39 UTC 2013
On Apr 16, 2013, at 8:21 AM, Jared Mauch <jared at puck.nether.net> wrote:
> Greetings,
>
> I took the latest 'Open Resolver' list and queried the hosts another time with a version.bind query.
>
> You can view the results here:
>
> http://openresolverproject.org/version.bind.report.txt
Ok, I didn't expect everyone to post this to twitter/facebook so fast :)
FYI: The data in the OpenResolverProject is available for derivative works. I don't want to directly share where to find the lists of data, but some notes about it.
1) We run a weekly query for a unique name per IP
2) We match the response w/ query and note mismatches
3) I have per-ASN (ask your network people what it is) reports available if you email me from a corporate email address for your domain. Same if you are a national CERT.
4) The queries take ~6.5 hours to run ; Don't try to bulk scrape the data, it's easier to just ask/trick me or run your own scan.
5) I log the full response packet for the weekly scan. There are interesting sets of data encoded in there.
6) Many IPs repeat SERVFAIL for days/weeks after the query
7) Many hosts respond from a port other than 53 (!) meaning while they are a resolver, they are 'broken'.
Some basic weekly summary data is available here:
http://www.openresolverproject.org/breakdown.html
If there's something specific you want parsed out of the responses, let me know and I can automate it.
- Jared
More information about the dns-operations
mailing list