Network and DNS Test Tools

ZoneCheck

This is quick test to determine if a DNS server is an Open Resolver

DNS servers must only ever answer queries for authoritative domains, and local IP ranges, they must never answer for third parties.
The dangers in not doing so are many and serious, including DDoS attacks.


Enter a DNS Server Address (hostname or IP)   

Challenge Response 2 + 7 =

 


Securing DNS Examples

Securing Bind is as easy as adding an ACL, and permitting it in named.conf 

acl "trust" { localhost; 10.100.100.0/24; 2001:ffff:ffff:ffff::/64; };

options {
        ...
        allow-query { trust; };
        allow-query-cache { trust; };
        ...
}

Securing Unbound is as easy as adding access-control statements in unbound.conf 

server:
	access-control: 0.0.0.0/0 refuse
        access-control: 10.100.100.0/24 allow
        access-control:2001:ffff:ffff:ffff::/64 allow
	...


Copyright © Noel Butler 2021. All Rights Reserved.