Back up to the Diagnostics Category

OpenDNS Checker

From AAISP Support Site
Jump to: navigation, search

Automatic Testing for Open DNS Resolvers

On a monthly basis we scan customer IPv4 blocks to look for DNS servers; we will email if any are found to be open to possible abuse. There is no problem in customers running DNS servers but depending on its configuration it may be vulnerable to 'amplification attacks'.

The scans will come from 81.187.30.21 and will look up dnstesting.aa.org.uk.

Manual Testing for Open DNS Resolvers

There is a page on the AAISP control pages that lists your IPs that have an open DNS server running, and can also re-scan your IP blocks (IPv4). AAISP will re-scan automatically every so often and will alert customers by email if an open DNS resolver is found. Sorry, but we don't have enough time to scan IPv6 addresses :-)


Click to Access the Control Pages

Accessing This Feature

Access is via the Control Pages as follows:

  1. Log in to the Control Pages with your xxx@a login
  2. either: a) click on one of your IPv4 addresses, and then click the 'View/run' link
  3. or b) Click the 'DNS Resolvers' link on the left menu
  4. ...follow the instructions from there

You will be able run a scan there and then and also view historical results.

DNS Checker results

More About DNS Server Vulnerabilities

Disabling Automatic Scans

If you like, you can disable our regular scans on a per IP block basis. From the Control Pages, click on the IP block and change the setting.

Disabling our automatic testing

You will still be able to run the checks manually.