Informatiques

Lightning Talk: Identifying DNS Open Resolvers in IPv6

Introduction
As all of you know, having DNS servers considered Open Resolvers is very negative, both for those who leave the service open, for the Internet and for online security. To read about Open Resolvers I recommend reading this link: https://www.certsi.es/blog/dns

Identifying a DNS Open Resolvers in IPv6 (open DNS servers)
Identifying Open Resolvers servers or open DNS servers in the world of IPv4 is easy, due to the short length of the IPv4 space (2 ** 32) it is relatively easy to run check every IP.
In the world of IPv6 it is virtually impossible to verify each IP address, I mean, to test IP by IP. If we try this test can last thousands of years

How is a DNS Open Resolver identified?
A recursive DNS server should only answer queries to its own clients (yes, there are few exceptions) and should reject any other. For example, the DNS servers of the ACME ISP should only respond to queries from their own clients, to no one else.
Our test consist in querying a domain name (such as www.lacnic.net) to a list of DNS servers, if the DNS server responds with a response then it is considered Open Resolver, if it returns a rejection (Query refused) or simply timed out it is not an Open Resolver.

How we find the list IPv6 resolvers?
Lacnic manages a server that can be called: Reverse Root Server, specifically the letter « D », that is, d.ip6-servers.arpa. Many queries looking information for reverse DNS goes throughout this server, in general this server ONLY receives queries from DNS servers. This is where they get IPv6 addresses from DNS queries. Since this server does not allow recursion every IP that queries this device can be considered a resolver.

What is going to be shown
In case this paper is accepted for presentation we are going to show results & statistics and how Lacnic notifies our members about this situation

Views : 345
ipv6

Source by NANOG

Mourad ELGORMA

Fondateur de summarynetworks, passionné des nouvelles technologies et des métiers de Réseautique , Master en réseaux et système de télécommunications. ,j’ai affaire à Pascal, Delphi, Java, MATLAB, php …Connaissance du protocole TCP / IP, des applications Ethernet, des WLAN …Planification, installation et dépannage de problèmes de réseau informatique……Installez, configurez et dépannez les périphériques Cisco IOS. Surveillez les performances du réseau et isolez les défaillances du réseau. VLANs, protocoles de routage (RIPv2, EIGRP, OSPF.)…..Manipuler des systèmes embarqués (matériel et logiciel ex: Beaglebone Black)…Linux (Ubuntu, kali, serveur Mandriva Fedora, …). Microsoft (Windows, Windows Server 2003). ……Paquet tracer, GNS3, VMware Workstation, Virtual Box, Filezilla (client / serveur), EasyPhp, serveur Wamp,Le système de gestion WORDPRESS………Installation des caméras de surveillance ( technologie hikvision DVR………..). ,

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *