DNS vulnerability testing

How to test if your caching nameserver is vulnerable to recently hot cache poisoning issue:

dig @ip_of_your_caching_ns +short porttest.dns-oarc.net TXT


$ dig @ +short porttest.dns-oarc.net TXT
"x.y.z.q is GOOD: 26 queries in 5.0 seconds from 26 ports with std dev 17652.90"

2 thoughts on “DNS vulnerability testing

  1. bob says:

    er, an explination might help….

    like what the output means ?!

    Reply to bob

  2. arekm says: Post Author

    porrtest dns server is trying to figure out standard deviation [1] for ports used in dns queries/replies. Bigger deviation is better. It also categorizes that with “GOOD” in provided example.

    1. http://en.wikipedia.org/wiki/Standard_deviation

    Reply to arekm

Leave a Reply

Your email address will not be published. Required fields are marked *