DNS vulnerability testing
How to test if your caching nameserver is vulnerable to recently hot cache poisoning issue:
dig @ip_of_your_caching_ns +short porttest.dns-oarc.net TXT
Example:
$ dig @192.168.1.254 +short porttest.dns-oarc.net TXT
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"x.y.z.q is GOOD: 26 queries in 5.0 seconds from 26 ports with std dev 17652.90"
er, an explination might help….
like what the output means ?!
porrtest dns server is trying to figure out standard deviation [1] for ports used in dns queries/replies. Bigger deviation is better. It also categorizes that with “GOOD” in provided example.
1. http://en.wikipedia.org/wiki/Standard_deviation