Multivendor DNS Flaw auditing tool

Earlier I discussed the multivendor DNS flaw and linked to Dan’s web page that contains a tool you can run to see if your DNS servers are vulnerable to cache poisioning.

Jose has developed a basic open source tool called CacheAudit that can be used to determine if the cache on your DNS server has been poisoned.  He describes the tool’s operation as:

“The overall concept was to take periodic dumps of the in-memory cache from the recursive server, validate these dumps against the authoritative name servers, and peer recursive name servers, alerting when something could not be validated.”

You can also view his presentation on Recursive DNS cache auditing.

Leave a Reply

Your email address will not be published. Required fields are marked *