Dnsscan is a tool for finger printing open recursive resolvers. It runs in conjuction with a small server that knows how to reply to queries forwarded from probed resolvers. For example, assume that you have delegated osd.example.org:
|
1 2 |
osd.example.org. 900 IN NS ns1.example.org. ns1.example.org. 900 IN A 10.0.0.1 |
On 10.0.0.1, you would run:
|
1 |
# ./dnsresponder -Q .osd.example.org |
On the client that initiates the DNS probes, you would run
|
1 |
$ ./dnsscan -Q .osd.example.org 10.0.0.0/8 |
Progress of the dnsscan tool can be monitored via a web browser on port 8080. If the tool crashes or gets terminated, it can be restarted from the checkpoint file.
Both of the tools log their output into files, the output can be inspected with the dnsreader tool.
If this does not mean anything to you, you should probably not use this tool. This tool has been released to support repeatable research, some of the results obtained with tools such as these have been published at NDSS’08.
Notice
Use of dnsscan across a large network block requires coordination with your network provider. In all likelihood, you will receive (and must manage) abuse complaints due to the volume of DNS queries. You should consult RFC 1262 for suggestions on how to conduct such Internet-wide studies.
You can download dnsscan v1.0 here:
Or read more here.
Comments are closed.