Verify DNS Cache Poisoning Bug Using Windows XP / Vista / 2003 / 2008 System Command Prompt

by Vivek Gite · 1 comment

I already wrote about verifying your own or ISP recursive resolvers using dig command under Linux and UNIX. However, most windows users don't have dig command installed. You can use nslookup command as follows (open dos prompt by visiting Start > Run > type "cmd" > Enter:
nslookup -type=txt -timeout=30 porttest.dns-oarc.net
nslookup -type=txt -timeout=30 porttest.dns-oarc.net ns1.your-isp.com
nslookup -type=txt -timeout=30 porttest.dns-oarc.net NS-SERVER-IP

You must see the word GOOD otherwise your dns is open to attack.

Check DNS Cache Poisoning Under Windows Xp / Vista / Server Edition using nslookup command

Check DNS Cache Poisoning Under Windows Xp / Vista / Server Edition using nslookup command

Featured Articles:

Want to read Linux tips and tricks, but don't have time to check our blog everyday? Subscribe to our daily email newsletter to make sure you don't miss a single tip/tricks. Subscribe to our weekly newsletter here!

{ 1 comment… read it below or add one }

1 Kiran 08.16.09 at 3:23 am

Great command, it will surely help new admin to be perfect in DNS side. Can you explain what is porttest.dns-oarc.net exactly ? may be Checking our resolver’s source port behavior???? Any alternate service from this.

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Previous post:

Next post: