Verify DNS Cache Poisoning Bug Using Windows XP / Vista / 2003 / 2008 System Command Prompt

Posted on in Categories BIND Dns, Sys admin, Tips, Windows, Windows server, windows vista last updated July 24, 2008

I already wrote about verifying your own or ISP recursive resolvers using dig command under Linux and UNIX. However, most windows users don’t have dig command installed. You can use nslookup command as follows (open dos prompt by visiting Start > Run > type “cmd” > Enter:
nslookup -type=txt -timeout=30 porttest.dns-oarc.net
nslookup -type=txt -timeout=30 porttest.dns-oarc.net ns1.your-isp.com
nslookup -type=txt -timeout=30 porttest.dns-oarc.net NS-SERVER-IP

You must see the word GOOD otherwise your dns is open to attack.

Check DNS Cache Poisoning Under Windows Xp / Vista / Server Edition using nslookup command
Check DNS Cache Poisoning Under Windows Xp / Vista / Server Edition using nslookup command

1 comment

  1. Great command, it will surely help new admin to be perfect in DNS side. Can you explain what is porttest.dns-oarc.net exactly ? may be Checking our resolver’s source port behavior???? Any alternate service from this.

Leave a Comment