DNS vulnerability testing
How to test if your caching nameserver is vulnerable to recently hot cache poisoning issue:
dig @ip_of_your_caching_ns +short porttest.dns-oarc.net TXT
Example:
$ dig @192.168.1.254 +short porttest.dns-oarc.net TXT
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"x.y.z.q is GOOD: 26 queries in 5.0 seconds from 26 ports with std dev 17652.90"
on November 11th, 2008 at 19:44
er, an explination might help….
like what the output means ?!
on November 29th, 2008 at 21:43
porrtest dns server is trying to figure out standard deviation [1] for ports used in dns queries/replies. Bigger deviation is better. It also categorizes that with “GOOD” in provided example.
1. http://en.wikipedia.org/wiki/Standard_deviation