On 8/20/2012 12:12 PM, esolve esolve wrote:
Hi, all:
I'm interested in issues on open DNS resolvers. In the following
page,
http://dns.measurement-factory.com/surveys/openresolvers.html
It discusses how to probe open resolvers, but I have some questions
1 about the testing methodology, it needs to build a DNS server
and check whether it receives queries. Why can we just use "dig
@target_ip www.example.com <http://www.example.com>" and see whether we
can get a result?
2 for testing whether a ip is open resolver, the page recommends
to use the following command line:
dig +short
2.2.2.4.dnsbl.openresolvers.org <http://2.2.2.4.dnsbl.openresolvers.org>
I test many IPs from the link:
http://www.petercooper.co.uk/list-of-public-dns-servers-you-can-use-40.html
, and I got null results, which means
they are not open resolvers or they havn't been probed. for example,
I tested 67.138.54.100 and got null result
[usr@canard usr]$ dig
+short 67.138.54.100.dnsbl.openresolvers.org
<http://67.138.54.100.dnsbl.openresolvers.org>
[usr@canard usr]$
But since I tested many ips and only got null results. Is my
testing wrong or not?
3 I tried
dig @2.2.2.4 <http://2.2.2.4> www.google.com
<http://www.google.com>
and got no good results, but in the page, 2.2.2.4 is an open resolver
4 is there anybody who has a open resolver list? if so, can you
send me a copy? I need them to do some tests, thanks!
You got things reversed.
in step 2, the open resolver is at 4.2.2.2, not 2.2.2.4. But you test
against an rbl using the reverse of the ip address.
If you run dig @4.2.2.2 www.google.com, you will find that it is indeed
an open resolver.
If you think 67.138.54.100 is an open resolver then the query to
openresolvers is:
dig 100.54.138.67.ndsbl.openresolvers.org
Lyle Giese
LCR Computer Services, Inc.
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
