Avast WEBforum

Other => General Topics => Topic started by: polonus on November 10, 2009, 06:51:30 PM

Title: Detect DNS problems with DNSKnife and ZoneCheck.......
Post by: polonus on November 10, 2009, 06:51:30 PM

Hi malware fighters,

A DNS-server with a wrong configuration could mean a serious security risk.
But checking manually to establish whether your server meets all demands, is not an easy task to perform.

Fortunately there are tools like DNSKnife and ZoneCheck that for the greater part perform this analysis
automattically. DNSKnife is an online tool to check on a server's DNS-setup: http://www.dnsknife.com/

The tool will check whether your nameservers are know to the parent servers, whether nameservers can be reached, whether they are authoritative for your domain, whether there are more nameservers  etc. etc.
DNSKnife also warns against a couple of security risks or misconfigurations like an open DNS relay,
an illegit value for EXPIRE or MINIMUM TTL, or just one single MX-server.
These warnings should be taken “cum granis salis”: DNSKnife sees a domain without MX-record as illegit,
while not everyone is in need of an MX-domain.

Another handy dandy checktool is ZoneCheck, you could try out online http://www.zonecheck.fr/    
or use it like a commandline program inside your favourite Linux-distribution.
This program even links to the right RFC's for info about failing tests.
ZoneCheck also has a batch mode and can generate reports per host or will launch warnings per type.
With the following command you can read out domains from stdin,
and ZoneCheck will show how many tests there are still to go
and generates a short report:

Code: [Select]

zonecheck -v c -1 -B –
polonus

Title: Re: Detect DNS problems with DNSKnife and ZoneCheck.......
Post by: scythe944 on November 10, 2009, 09:51:51 PM

Also, by using www.opendns.com, their DNS servers automatically check to see if your computer is looking for sites that have been reported as malicious, and prevent bad programs running on your computer from accessing those sites.

It's not perfect, but it helps.  Besides, opendns rocks!  It's fast, customizable, and my favorite, FREE!

Title: Re: Detect DNS problems with DNSKnife and ZoneCheck.......
Post by: SafeSurf on November 14, 2009, 09:06:14 AM

Polonus,

Under the DNSKnife link, do you enter your IP address to check your system?  Thanks.

Title: Re: Detect DNS problems with DNSKnife and ZoneCheck.......
Post by: YoKenny on November 14, 2009, 09:13:55 AM

Quote from: scythe944 on November 10, 2009, 09:51:51 PM

Also, by using www.opendns.com, their DNS servers automatically check to see if your computer is looking for sites that have been reported as malicious, and prevent bad programs running on your computer from accessing those sites.

It's not perfect, but it helps.  Besides, opendns rocks!  It's fast, customizable, and my favorite, FREE!

+1

DNSstuff Tools:
http://www.dnsstuff.com