Re: Quick DNS perfromance measurement trick
On July 10, 2008, Jeff Kinz sent me the following: > It appears that "good" resolvers have lots of ports. > > Anyone who wants to take a whack at explaining what this means is very > welcome! http://www.kb.cert.org/vuls/id/800113 Basically, if you have a single port or small range of ports that you generate DNS queries from, it becomes easier to poison your cache with invalid answers. Since that security announcement, there's been a big push to deploy updated versions of BIND that use a wider souce port range. -- Chip Marshall <[EMAIL PROTECTED]> http://weblog.2bithacker.net/PGP key ID 43C4819E v4sw5PUhw4/5ln5pr5FOPck4ma4u6FLOw5Xm5l5Ui2e4t4/5ARWb7HKOen6a2Xs5IMr2g6CM signature.asc Description: Digital signature ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Quick DNS perfromance measurement trick
Michael ODonnell wrote: >"aaa.bbb.ccc.ddd is POOR: 26 queries in 3.1 seconds from 1 ports with std > dev 0.00" > > That aaa.bbb.ccc.ddd address seems to be the (possibly NAT'd) IP > addr that the target site sees mentioned in the inbound packets; > I have no idea about the rest of it... It looks like a responding DNS server to me... whether the authoritative or (more likely) a cached one. [EMAIL PROTECTED] wrote: > Here are my results: > z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net. > "209.244.7.43 is POOR: 38 queries in 1.9 seconds from 2 ports with std dev > 0.94" $ host 209.244.7.43 43.7.244.209.in-addr.arpa domain name pointer keynote2.Phoenix1.Level3.net. $ My results: $ dig +short porttest.dns-oarc.net TXT z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net. "216.231.41.2 is GOOD: 26 queries in 0.6 seconds from 26 ports with std dev 18409.11" $ host 216.231.41.2 2.41.231.216.in-addr.arpa domain name pointer ns-legacy.speakeasy.net. $ cat /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 216.254.95.2 nameserver 216.231.41.2 search datasquire.net $ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Quick DNS perfromance measurement trick
I tried the specified command from three different sites and they all gave essentially identical responses: "aaa.bbb.ccc.ddd is POOR: 26 queries in 3.1 seconds from 1 ports with std dev 0.00" That aaa.bbb.ccc.ddd address seems to be the (possibly NAT'd) IP addr that the target site sees mentioned in the inbound packets; I have no idea about the rest of it... ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
