Find Out If My DNS Server Free From DNS Cache Poisoning Bug Or Not

last updated in Categories , , , , , , , , , , , ,

Q. How do I verify that my ISP or my own recursive resolvers are free from DNS cache poisoning bug that is promised full disclosure of the flaw by Dan on August 7 at the Black Hat conference? How do I test my dns server for DNS cache pollution or DNS Cache Poisoning bug?

A. DNS cache poisoning (also known as DNS cache pollution) is a maliciously created or unintended situation that provides data to a Domain Name Server that did not originate from authoritative DNS sources. It occur if DNS “spoofing attack” has been encountered. An attacker will send malicious data / non-secure data in response to a DNS query. For example dns query for can be redirected to

But how do I find out if my DNS server is open to such attack or not?

Visit Dan Kaminsky java script page to check your DNS

You can also use following command dig command, enter:
$ dig +short @{name-server-ip} txt
$ dig +short txt
$ dig +short @ txt

Sample output:
" is GOOD: 26 queries in 0.1 seconds from 26 ports with std dev 17746.18"

Another test,
$ dig +short @ txt
" is POOR: 42 queries in 8.4 seconds from 1 ports with std dev 0.00"

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

9 comment

  1. If you are DNS server admin, patch your dns server and remove source query port 53 from named.conf file.

  2. Run yum update
    yum update
    Open named.conf file and remove following two lines:
    query-source port 53;
    query-source-v6 port 53;

    Make sure recursion is limited to your LAN only. Set ACL. Restart bind to take effect:
    rndc reload

  3. i have a weird issues in my server.. people would be on my site chatting as its a chat site, all of the sudden everyone get transferred to another chatting site! it happens at least 3 times daily. how can i detect whats going on

    Still, have a question? Get help on our forum!