[dns-operations] open resolver version.bind responses
Jared Mauch
jared at puck.nether.net
Mon Apr 22 01:02:16 UTC 2013
On Apr 16, 2013, at 8:52 AM, Jared Mauch <jared at puck.nether.net> wrote:
>
> On Apr 16, 2013, at 8:21 AM, Jared Mauch <jared at puck.nether.net> wrote:
>
>> Greetings,
>>
>> I took the latest 'Open Resolver' list and queried the hosts another time with a version.bind query.
>>
>> You can view the results here:
>>
>
> Ok, I didn't expect everyone to post this to twitter/facebook so fast :)
>
> FYI: The data in the OpenResolverProject is available for derivative works. I don't want to directly share where to find the lists of data, but some notes about it.
>
> 1) We run a weekly query for a unique name per IP
> 2) We match the response w/ query and note mismatches
> 3) I have per-ASN (ask your network people what it is) reports available if you email me from a corporate email address for your domain. Same if you are a national CERT.
> 4) The queries take ~6.5 hours to run ; Don't try to bulk scrape the data, it's easier to just ask/trick me or run your own scan.
> 5) I log the full response packet for the weekly scan. There are interesting sets of data encoded in there.
> 6) Many IPs repeat SERVFAIL for days/weeks after the query
> 7) Many hosts respond from a port other than 53 (!) meaning while they are a resolver, they are 'broken'.
>
> Some basic weekly summary data is available here:
>
> http://www.openresolverproject.org/breakdown.html
>
> If there's something specific you want parsed out of the responses, let me know and I can automate it.
Here's an updated list based on the 20130421 results:
http://openresolverproject.org/version.bind.20130421.final.txt
- Jared
More information about the dns-operations
mailing list