On Mon, 20 Aug 2012 19:12:47 +0200 esolve esolve <[email protected]> wrote:
> 1 about the testing methodology, it needs to build a DNS server > and check whether it receives queries. Why can we just use "dig > @target_ip www.example.com" and see whether we can get a result? You can, but target_ip may just forward to another resolver, which ultimately fetches the answer on it's behalf. So target_ip itself may not strictly be considered an open resolver, but an "open forwarder". Depending on what you're querying for, it is possible it nor any forwarder is truly open, but may return cached answers. Therefore, the www.example.com qname is best set to a one-time unique value to help ensure you're not getting a cached response. Furthermore, it may be possible, unless you're very careful about checking the answer you get and asking for that unique answer, do not confuse any answer with a valid answer. For instance, the resolver may be giving you a response based on a locally configured wild card record. > 4 is there anybody who has a open resolver list? if so, can you > send me a copy? I need them to do some tests, thanks! Yes, then no, but sort of. Team Cymru monitors for open resolvers so we have the data, but we do not make the entire population of open resolvers available to the public. We are happy to provide a complete list of open resolvers for a specific network (e.g. ASN) to an authorized representative for that network however. If that will suffice, we welcome requests to get a data feed for your network. Details here: <http://www.team-cymru.org/Services/Resolvers/> I do not know of any publicly available source of open resolvers, but I have seen some posted from time to time. The trouble is often in the methodology used may result in many false positives and that the address list can change frequently thanks to the nature transitive nature of IP addresses. John _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
