Find Out If My DNS Server Free From DNS Cache Poisoning Bug Or Not
Q. How do I verify that my ISP or my own recursive resolvers are free from DNS cache poisoning bug that is promised full disclosure of the flaw by Dan on August 7 at the Black Hat conference? How do I test my dns server for DNS cache pollution or DNS Cache Poisoning bug?
A. DNS cache poisoning (also known as DNS cache pollution) is a maliciously created or unintended situation that provides data to a Domain Name Server that did not originate from authoritative DNS sources. It occur if DNS "spoofing attack" has been encountered. An attacker will send malicious data / non-secure data in response to a DNS query. For example dns query for www.cyberciti.biz can be redirected to www.example.com.
But how do I find out if my DNS server is open to such attack or not?
Visit Dan Kaminsky java script page to check your DNS
You can also use following command dig command, enter:
$ dig +short @{name-server-ip} porttest.dns-oarc.net txt
$ dig +short @ns1.example.com porttest.dns-oarc.net txt
$ dig +short @208.67.222.222 porttest.dns-oarc.net txt
Sample output:
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"208.67.222.222 is GOOD: 26 queries in 0.1 seconds from 26 ports with std dev 17746.18"
Another test,
$ dig +short @125.22.47.125 porttest.dns-oarc.net txt
Output:
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"125.22.47.139 is POOR: 42 queries in 8.4 seconds from 1 ports with std dev 0.00"
E-mail
Print
Can't find an answer to your question? Contact us
Related Other Helpful FAQs:
Discussion on This FAQ
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Tags: black hat, dan kaminsky, dns query, dns server, domain name server, full disclosure, isp, java script, malicious data, pollution, ports, queries, resolvers, server ip
July 16th, 2008 at 4:23 pm
I see no output at all, what does this mean ?
July 23rd, 2008 at 5:17 am
It means that your ns do not permit recursive queries from where you test.
July 24th, 2008 at 11:39 pm
my dns test showing poor result, so how do i fix it??
July 25th, 2008 at 8:38 am
If you are DNS server admin, patch your dns server and remove source query port 53 from named.conf file.
July 27th, 2008 at 8:25 am
thanks vivek.
i have fixed it.
July 27th, 2008 at 10:05 am
Centos user with bind 9 running for my lan. how do I fix this, I’m also getting poor result.
July 27th, 2008 at 10:19 am
Run yum update
yum updateOpen named.conf file and remove following two lines:
query-source port 53;query-source-v6 port 53;
Make sure recursion is limited to your LAN only. Set ACL. Restart bind to take effect:
rndc reloadJuly 29th, 2008 at 1:51 pm
What if the answer has the word GREAT and not GOOD?
thx