免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
最近访问板块 发新帖
查看: 1974 | 回复: 0
打印 上一主题 下一主题

Find Out If My DNS Server Free From DNS Cache Pois [复制链接]

论坛徽章:
2
丑牛
日期:2013-09-29 09:47:222015七夕节徽章
日期:2015-08-21 11:06:17
跳转到指定楼层
1 [收藏(0)] [报告]
发表于 2008-11-04 09:41 |只看该作者 |倒序浏览

Q.How do I verify that my ISP or my own recursive resolvers are free from
DNS
cache poisoning
bug
that is promised full disclosure of the flaw by Dan on August 7 at the Black Hat conference? How do I test my dns server for DNS cache pollution or DNS Cache Poisoning bug?
A.DNS cache poisoning (also known as DNS cache pollution) is a maliciously created or unintended situation that provides data to a Domain Name Server that did not originate from authoritative DNS sources. It occur if DNS "spoofing attack" has been encountered. An attacker will send malicious data / non-secure data in response to a DNS query. For example dns query for www.cyberciti.biz can be redirected to www.example.com.
But how do I find out if my DNS server is open to such attack or not?
Visit Dan Kaminsky java script page to
check your DNS

You can also use following command dig command, enter:
$ dig +short @{name-server-ip} porttest.dns-oarc.net txt
$ dig +short @ns1.example.comporttest.dns-oarc.net txt
$ dig +short @208.67.222.222porttest.dns-oarc.net txt
Sample output:
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"208.67.222.222 isGOOD: 26 queries in 0.1 seconds from 26
ports
with std dev 17746.18"
Another test,
$ dig +short @125.22.47.125 porttest.dns-oarc.net txt
Output:
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"125.22.47.139 isPOOR: 42 queries in 8.4 seconds from 1 ports with std dev 0.00"

本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u/4206/showart_1358904.html
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP