OpenDNS Checker
Automatic Testing for Open DNS Resolvers
On a monthly basis we scan customer IPv4 blocks to look for DNS servers; we will email if any are found to be open to possible abuse. There is no problem in customers running DNS servers but depending on its configuration it may be vulnerable to 'amplification attacks'.
The scans will come from 81.187.30.21 and will look up dnstesting.aa.org.uk.
Manual Testing for Open DNS Resolvers
There is a page on the AAISP control pages that lists your IPs that have an open DNS server running, and can also re-scan your IP blocks (IPv4). AAISP will re-scan automatically every so often and will alert customers by email if an open DNS resolver is found. Sorry, but we don't have enough time to scan IPv6 addresses :-)
Accessing This Feature
Access is via the Control Pages as follows:
- Log in to the Control Pages with your xxx@a login
- either: a) click on one of your IPv4 addresses, and then click the 'View/run' link
- or b) Click the 'DNS Resolvers' link on the left menu
- ...follow the instructions from there
You will be able run a scan there and then and also view historical results.
More About DNS Server Vulnerabilities
Disabling Automatic Scans
If you like, you can disable our regular scans on a per IP block basis. From the Control Pages, click on the IP block and change the setting.
You will still be able to run the checks manually.