Find Out If My DNS Server Free From DNS Cache Poisoning Bug Or Not

Q. How do I verify that my ISP or my own recursive resolvers are free from DNS cache poisoning bug that is promised full disclosure of the flaw by Dan on August 7 at the Black Hat conference? How do I test my dns server for DNS cache pollution or DNS Cache Poisoning bug?

A. DNS cache poisoning (also known as DNS cache pollution) is a maliciously created or unintended situation that provides data to a Domain Name Server that did not originate from authoritative DNS sources. It occur if DNS “spoofing attack” has been encountered. An attacker will send malicious data / non-secure data in response to a DNS query. For example dns query for www.cyberciti.biz can be redirected to www.example.com.

ADVERTISEMENTS

But how do I find out if my DNS server is open to such attack or not?

Visit Dan Kaminsky java script page to check your DNS

You can also use following command dig command, enter:
$ dig +short @{name-server-ip} porttest.dns-oarc.net txt
$ dig +short @ns1.example.com porttest.dns-oarc.net txt
$ dig +short @208.67.222.222 porttest.dns-oarc.net txt

Sample output:

z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"208.67.222.222 is GOOD: 26 queries in 0.1 seconds from 26 ports with std dev 17746.18"

Another test,
$ dig +short @125.22.47.125 porttest.dns-oarc.net txt
Output:

z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"125.22.47.139 is POOR: 42 queries in 8.4 seconds from 1 ports with std dev 0.00"
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
9 comments… add one
  • MT Jul 16, 2008 @ 16:23

    I see no output at all, what does this mean ?

  • if Jul 23, 2008 @ 5:17

    It means that your ns do not permit recursive queries from where you test.

  • pardeep Jul 24, 2008 @ 23:39

    my dns test showing poor result, so how do i fix it??

  • 🐧 nixCraft Jul 25, 2008 @ 8:38

    If you are DNS server admin, patch your dns server and remove source query port 53 from named.conf file.

  • pardeep Jul 27, 2008 @ 8:25

    thanks vivek.
    i have fixed it.

  • diay Jul 27, 2008 @ 10:05

    Centos user with bind 9 running for my lan. how do I fix this, I’m also getting poor result.

  • 🐧 nixCraft Jul 27, 2008 @ 10:19

    Run yum update
    yum update
    Open named.conf file and remove following two lines:
    query-source port 53;
    query-source-v6 port 53;

    Make sure recursion is limited to your LAN only. Set ACL. Restart bind to take effect:
    rndc reload

  • Jam Jul 29, 2008 @ 13:51

    What if the answer has the word GREAT and not GOOD?

    thx

  • Toni Sep 10, 2015 @ 17:51

    i have a weird issues in my server.. people would be on my site chatting as its a chat site, all of the sudden everyone get transferred to another chatting site! it happens at least 3 times daily. how can i detect whats going on

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.