- 论坛徽章:
- 2
|
Q.How do I verify that my ISP or my own recursive resolvers are free from
DNS
cache poisoning
bug
that is promised full disclosure of the flaw by Dan on August 7 at the Black Hat conference? How do I test my dns server for DNS cache pollution or DNS Cache Poisoning bug?
A.DNS cache poisoning (also known as DNS cache pollution) is a maliciously created or unintended situation that provides data to a Domain Name Server that did not originate from authoritative DNS sources. It occur if DNS "spoofing attack" has been encountered. An attacker will send malicious data / non-secure data in response to a DNS query. For example dns query for www.cyberciti.biz can be redirected to www.example.com.
But how do I find out if my DNS server is open to such attack or not?
Visit Dan Kaminsky java script page to
check your DNS
![]()
You can also use following command dig command, enter:
$ dig +short @{name-server-ip} porttest.dns-oarc.net txt
$ dig +short @ns1.example.comporttest.dns-oarc.net txt
$ dig +short @208.67.222.222porttest.dns-oarc.net txt
Sample output:
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"208.67.222.222 isGOOD: 26 queries in 0.1 seconds from 26
ports
with std dev 17746.18"
Another test,
$ dig +short @125.22.47.125 porttest.dns-oarc.net txt
Output:
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"125.22.47.139 isPOOR: 42 queries in 8.4 seconds from 1 ports with std dev 0.00"
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u/4206/showart_1358904.html |
|