OpenDNS Checker

From AAISP Support Site
Revision as of 09:18, 14 April 2015 by AA-Andrew (talk | contribs)

Automatic Testing for Open DNS Resolvers

On a monthly basis we scan customer IPv4 blocks to look for DNS servers; we will email if any are found to be open to possible abuse. There is no problem in customers running DNS servers but depending on its configuration it may be vulnerable to 'amplification attacks'.

The scans will come from 81.187.30.21 and will look up dnstesting.aa.org.uk.

Manual Testing for Open DNS Resolvers

There is a page on the AAISP control pages that lists your IPs that have an open DNS server running, and can also re-scan your IP blocks (IPv4). AAISP will re-scan automatically every so often and will alert customers by email if an open DNS resolver is found. Sorry, but we don't have enough time to scan IPv6 addresses :-)


Accessing This Feature

Access is via the Control Pages as follows:

  1. Log in to the Control Pages with your xxx@a login
  2. either: a) click on one of your IPv4 addresses, and then click the 'View/run' link
  3. or b) Click the 'DNS Resolvers' link on the left menu
  4. ...follow the instructions from there

You will be able run a scan there and then and also view historical results.

 
DNS Checker results

Disabling Automatic Scans

If you like, you can disable our regular scans on a per IP block basis. From the Control Pages, click on the IP block and change the setting.

 

You will still be able to run the checks manually.

More About DNS Server Vulnerabilities