Home     DNS ZoneCheck     Port Scan     TLD     Open Resolver     DNSBL     Contact

This is quick test to determine if a DNS server is an Open Resolver

DNS servers must only ever answer queries for authoritative domains, and local IP ranges, they must never answer for third parties.
The dangers in not doing so are many and serious, including DDoS attacks.

Enter a DNS Server Address (hostname or IP)   

Challenge Response 13 + 11 =


Securing DNS Examples

Securing Bind is as easy as adding an ACL, and permitting it in named.conf 

acl "trust" { localhost;; 2001:ffff:ffff:ffff::/64; };

options {
        allow-query { trust; };
        allow-query-cache { trust; };

Securing Unbound is as easy as adding access-control statements in unbound.conf 

	access-control: refuse
        access-control: allow
        access-control:2001:ffff:ffff:ffff::/64 allow

Copyright © Noel Butler 2021. All Rights Reserved.