[LINK] Does your ISP randomize the DNS source port?

Scott Howard scott at doc.net.au
Tue Jul 29 17:22:46 AEST 2008


On Tue, Jul 29, 2008 at 12:06 AM, Rick Welykochy <rick at praxis.com.au> wrote:

> The page at http://www.doxpara.com/ reports that my DNS ports
> are being randomised, using DNS server 220.233.0.34
>
> I am behind NAT. Could you check this?
> Or, if I am logged into a machine on the open Internet in a
> bash shell, how can I check this myself?


The easiest way is to use Duane Wessels test site at porttest.dns-oarc.net.

To test your current DNS servers use :
dig +short porttest.dns-oarc.net TXT

to test another DNS server, use :
dig +short porttest.dns-oarc.net TXT @220.233.0.34

The output will be something like :
$ dig +short porttest.dns-oarc.net TXT
porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"69.36.224.149 is GREAT: 26 queries in 0.1 seconds from 26 ports with std
dev 15990"

Which is fairly self-explanatory - all you're really interested in is the
GREAT (or GOOD, FAIR, POOR, ...)

If you don't have dig, the nslookup equivalents are :
nslookup -q=txt porttest.dns-oarc.net          and
nslookup -q=txt porttest.dns-oarc.net 203.233.0.34

There's also a great web-based version at http://entropy.dns-oarc.net/test/

I can't test your DNS servers, which probably means that your ISP is
limiting requests to that IP (not uncommon - they don't want the whole world
using their servers).

But I am a bit puzzled by the fact that doxpara reports that
> my DNS server is 220.233.0.34
>
> Here is my resolv.conf on Mac OS X:
>
> nameserver 220.233.0.4


That just means that either the DNS server has multiple IP addresses
(receiving the request on one, and sending it out the other), or possibly
that the DNS server you're accessing is forwarding it onto another DNS
server to do the actual lookup.

  Scott.



More information about the Link mailing list