ZoneCheck

Home |  Ping | Trace | Whois | RBL |  TLD |  Port Scanner |  Contact

This is quick test to determine if a DNS server is an Open Resolver

DNS servers must only ever answer queries for authoritative domains, and local IP ranges, they must never answer for third parties.
The dangers in not doing so are many and serious, including DDoS attacks.


Enter a DNS Server Address (hostname or IP)
* Names default to IPv4  

Challenge Response 5 + 14 =

 


Securing DNS Examples

Securing Bind is as easy as adding an ACL, and permitting it in named.conf 
acl "trust" { localhost; 10.100.100.0/24; 2001:ffff:ffff:ffff::/64; };

options {
        ...
        allow-query { trust; };
        allow-query-cache { trust; };
        ...
}
Securing Unbound is as easy as adding access-control statements in unbound.conf 
server:
	access-control: 0.0.0.0/0 refuse
        access-control: 10.100.100.0/24 allow
        access-control:2001:ffff:ffff:ffff::/64 allow
	...
Copyright © Noel Butler 1994-2019. All Rights Reserved.