dnsscan – DNS Open Recursive Resolver Scanner/Scanning Tool

Last updated: September 9, 2015 | 10,197 views

Dnsscan is a tool for finger printing open recursive resolvers. It runs in conjuction with a small server that knows how to reply to queries forwarded from probed resolvers. For example, assume that you have delegated osd.example.org:

osd.example.org.         900     IN      NS      ns1.example.org.
ns1.example.org.         900     IN      A       10.0.0.1

1 2	osd.example.org. 900 IN NS ns1.example.org. ns1.example.org. 900 IN A 10.0.0.1

On 10.0.0.1, you would run:

# ./dnsresponder -Q .osd.example.org

1	# ./dnsresponder -Q .osd.example.org

On the client that initiates the DNS probes, you would run

$ ./dnsscan -Q .osd.example.org 10.0.0.0/8

1	$ ./dnsscan -Q .osd.example.org 10.0.0.0/8

Progress of the dnsscan tool can be monitored via a web browser on port 8080. If the tool crashes or gets terminated, it can be restarted from the checkpoint file.

Both of the tools log their output into files, the output can be inspected with the dnsreader tool.

If this does not mean anything to you, you should probably not use this tool. This tool has been released to support repeatable research, some of the results obtained with tools such as these have been published at NDSS’08.

Notice

Use of dnsscan across a large network block requires coordination with your network provider. In all likelihood, you will receive (and must manage) abuse complaints due to the volume of DNS queries. You should consult RFC 1262 for suggestions on how to conduct such Internet-wide studies.

You can download dnsscan v1.0 here:

dnsscan-1.0.tar.gz

Or read more here.

Share4

Buffer

4 Shares