RECENT POSTS
- Introduction to FreeBSD Security Best Practices
- Working with Package Management in FreeBSD
- Understanding FreeBSD Security Advisories and Updates
- Troubleshooting Common System Administration Issues in FreeBSD
- Tips for Hardening FreeBSD to achieve System Protection
- Setting Up DHCP Server in FreeBSD
- Secure User and Group Management in FreeBSD Systems
- Secure Remote Access with SSH in FreeBSD
- Optimizing System Performance in FreeBSD
- Network Packet Capture with tcpdump in FreeBSD
- All posts ...
Do you have GDPR compliance issues ?
Check out Legiscope a GDPR compliance software, that will save you weeks of work, automating your documentation, the training of your teams and all processes you need to keep your organisation compliant with privacy regulations
Fpdns
Jul 20, 2023
Fingerprinting DNS servers
fpdns - Fingerprinting DNS servers
A nameserver basically responds to a query. Interoperability is an obvious requirement here. The standard protocol behaviour of different DNS implementations is expected to be the same.
Requirements for protocol behaviour of DNS implementations is widely documented in the case of ‘common’ dns messages. The DNS protocol is over 20 years old and since its inception, there have been over 40 independent DNS implementations, while some implementations have over 20 versions.
The methodology used to identify individual nameserver implementations is based on “borderline” protocol behaviour. The DNS protocol offers a multitude of message bits, response types, opcodes, classes, query types and label types in a fashion that makes some mutually exclusive while some are not used in a query messages at all. Not every implementation offers the full set of features the DNS protocol set currently has. Some implementations offer features outside the protocol set, and there are implementations that do not conform to standards.
Checkout these related ports:
- Zonenotify - DNS notify sender written in C
- Zonecheck - Perform consistency checks on DNS zones
- Zkt -
- Yandex-ddns - Use Yandex DNS as a dynamic DNS provider
- Yadifa - Authoritative nameserver with DNSSEC capabilities
- Wrapsrv - DNS SRV record command line wrapper
- Whoseip - Get information about IP addresses country code and network
- Wdns - Low-level DNS library
- Walker - Recover zone file information from servers that use DNSSEC
- Void-zones-tools - Prepare a list of void zones that can be readily fed into Unbound
- Vizone - Updates the serial number in one or more zonefiles
- Vhostcname - Synchronize DNS with server names and aliases from Apache vhost
- Utdns - Proxy UDP/DNS to TCP/DNS
- Updatedd - Dynamic DNS Update Client supporting multiple services
- Unbound - Validating, recursive, and caching DNS resolver