Watch it: Multiple DNS implementations vulnerable to cache
poisoning
Ian
cobalt-users1 at fishnet.co.uk
Thu Jul 10 12:50:38 IST 2008
On 9 Jul 2008 at 17:50, Ken A wrote:
> This nice little tool was posted to the dns operations list.
> Cut and paste this into your linux or BSD (Mac) to check your configured
> DNS resolver for cache poisoning vulnerability.
>
> dig +short porttest.dns-oarc.net TXT
>
> In windows you can use nslookup
> > nslookup
> > set type=txt
> > porttest.dns-oarc.net
>
> Might be good to know how spoofable the DNS you are using is!
>
> Ken
Hi,
Thanks for this Ken, its helped me fix several configs that I thought were ok! They were
patched but still had a query-source set. Had to fiddle with some firewalls too.
On windows though I don't see the same results as on linux:
nslookup
> set type=txt
> set timeout=30
> porttest.dns-oarc.net
porttest.dns-oarc.net canonical name =
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net
ie no actual TXT record
Any ideas?
Regards
Ian
--
More information about the MailScanner
mailing list