Open Resolver Problems

• Previous message (by thread): Open Resolver Problems
• Next message (by thread): Open Resolver Problems
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On 25/03/2013 14:33, Mikael Abrahamsson wrote:
>> I would like to be able to request an IP list of open resolvers in my ASN,
>> perhaps sent to the contact details in RIPE whois database to make sure I'm
>> not falsely representing that ASN.

Or you could just get an off-site system (cloud VM), get the software from 
http://monkey.org/~provos/dnsscan/, and find all your own open recursive 
DNS servers.

There are different levels of openness for recursive DNS servers though. 
It looks like Jared's project lists any DNS server that responds with 
anything other than refused as open.  A DNS server could have open 
recursion "disabled", but still respond with referrals to the 
root-servers.  Older versions of bind seem to do this when configured with 
allow-recursion for a limited range of IPs.  While not really "open" such 
servers are still useful for DNS amplification.  The example config at

http://www.team-cymru.org/Services/Resolvers/instructions.html

for a bind 9.x caching server can be adapted for older bind versions 
doing caching+authoratative such that it'll provide recursion to 
those who should have it, and authority for zones for which it needs to do 
so.

----------------------------------------------------------------------
  Jon Lewis, MCP :)           |  I route
                              |  therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

• Previous message (by thread): Open Resolver Problems
• Next message (by thread): Open Resolver Problems
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]