Watch it: Multiple DNS implementations vulnerable to cache poisoning

Scott Silva ssilva at
Thu Jul 10 18:41:27 IST 2008

on 7-9-2008 4:47 PM shuttlebox spake the following:
> On Thu, Jul 10, 2008 at 12:50 AM, Ken A <ka at> wrote:
>> This nice little tool was posted to the dns operations list.
>> Cut and paste this into your linux or BSD (Mac) to check your configured DNS
>> resolver for cache poisoning vulnerability.
>> dig +short TXT
> What's a good result supposed to look like?
> I understand that this is not good since it's classified as poor and
> comes from only one source port:
> "a.b.c.d is POOR: 26 queries in 1.4 seconds from 1 ports with std dev 0.00"
> But why is this also classified as poor when all 44 queries come from new ports?
> "e.f.g.h is POOR: 44 queries in 18.0 seconds from 44 ports with std dev 165.43"
All my good tests have had a much larger standard deviation. You need more 
randomness in your dns output.
> By the way, I don't know if server e.f.g.h is updated or not, I'm just
> curious about the result.

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url :

More information about the MailScanner mailing list