Author Topic: Detect DNS problems with DNSKnife and ZoneCheck.......  (Read 2752 times)

Online polonus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 20133
  • Gender: Male
  • malware fighter
    • Personal Message (Online)
Detect DNS problems with DNSKnife and ZoneCheck.......
« on: November 10, 2009, 04:51:30 PM »
Hi malware fighters,

A DNS-server with a wrong configuration could mean a serious security risk.
But checking manually to establish whether your server meets all demands, is not an easy task to perform.

Fortunately there are tools like DNSKnife and ZoneCheck that for the greater part perform this analysis
automattically. DNSKnife is an online tool to check on a server's DNS-setup: http://www.dnsknife.com/

The tool will check whether your nameservers are know to the parent servers, whether nameservers can be reached, whether they are authoritative for your domain, whether there are more nameservers  etc. etc.
DNSKnife also warns against a couple of security risks or misconfigurations like an open DNS relay,
an illegit value for EXPIRE or MINIMUM TTL, or just one single MX-server.
These warnings should be taken “cum granis salis”: DNSKnife sees a domain without MX-record as illegit,
while not everyone is in need of an MX-domain.

Another handy dandy checktool is ZoneCheck, you could try out online http://www.zonecheck.fr/    
or use it like a commandline program inside your favourite Linux-distribution.
This program even links to the right RFC's for info about failing tests.
ZoneCheck also has a batch mode and can generate reports per host or will launch warnings per type.
With the following command you can read out domains from stdin,
and ZoneCheck will show how many tests there are still to go
and generates a short report:
Code: [Select]
zonecheck -v c -1 -B –
polonus
« Last Edit: November 10, 2009, 05:14:13 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline scythe944

  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 2904
  • Gender: Male
    • My Tech Blog
    • Personal Message (Offline)
Re: Detect DNS problems with DNSKnife and ZoneCheck.......
« Reply #1 on: November 10, 2009, 07:51:51 PM »
Also, by using www.opendns.com, their DNS servers automatically check to see if your computer is looking for sites that have been reported as malicious, and prevent bad programs running on your computer from accessing those sites.

It's not perfect, but it helps.  Besides, opendns rocks!  It's fast, customizable, and my favorite, FREE!
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

Offline SafeSurf

  • avast! Evangelist
  • Ultra Poster
  • ***
  • Posts: 4926
    • Personal Message (Offline)
Re: Detect DNS problems with DNSKnife and ZoneCheck.......
« Reply #2 on: November 14, 2009, 07:06:14 AM »
Polonus,

Under the DNSKnife link, do you enter your IP address to check your system?  Thanks.
iMac (Mavericks)/Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Prem)/ Avast Mobile Security with MBAM Pro/ iPad 4th gen.

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8800
  • Gender: Male
    • Personal Message (Offline)
Re: Detect DNS problems with DNSKnife and ZoneCheck.......
« Reply #3 on: November 14, 2009, 07:13:55 AM »
Also, by using www.opendns.com, their DNS servers automatically check to see if your computer is looking for sites that have been reported as malicious, and prevent bad programs running on your computer from accessing those sites.

It's not perfect, but it helps.  Besides, opendns rocks!  It's fast, customizable, and my favorite, FREE!
+1

DNSstuff Tools:
http://www.dnsstuff.com
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now