Verify DNS Cache Poisoning Bug Using Windows XP / Vista / 2003 / 2008 System Command Prompt

Posted on in Categories BIND Dns, Sys admin, Tips, Windows, Windows server, windows vista last updated July 24, 2008

I already wrote about verifying your own or ISP recursive resolvers using dig command under Linux and UNIX. However, most windows users don’t have dig command installed. You can use nslookup command as follows (open dos prompt by visiting Start > Run > type “cmd” > Enter:
nslookup -type=txt -timeout=30 porttest.dns-oarc.net
nslookup -type=txt -timeout=30 porttest.dns-oarc.net ns1.your-isp.com
nslookup -type=txt -timeout=30 porttest.dns-oarc.net NS-SERVER-IP

You must see the word GOOD otherwise your dns is open to attack.

Check DNS Cache Poisoning Under Windows Xp / Vista / Server Edition using nslookup command
Check DNS Cache Poisoning Under Windows Xp / Vista / Server Edition using nslookup command

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

1 comment

  1. Great command, it will surely help new admin to be perfect in DNS side. Can you explain what is porttest.dns-oarc.net exactly ? may be Checking our resolver’s source port behavior???? Any alternate service from this.

Leave a Comment