DNS vulnerability testing
How to test if your caching nameserver is vulnerable to recently hot cache poisoning issue:
dig @ip_of_your_caching_ns +short porttest.dns-oarc.net TXT
$ dig @192.168.1.254 +short porttest.dns-oarc.net TXT
"x.y.z.q is GOOD: 26 queries in 5.0 seconds from 26 ports with std dev 17652.90"
2 thoughts on “DNS vulnerability testing”
er, an explination might help….
like what the output means ?!
porrtest dns server is trying to figure out standard deviation  for ports used in dns queries/replies. Bigger deviation is better. It also categorizes that with “GOOD” in provided example.