Skip to content

bitfolk/find_open_resolvers

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
.gitignore
.gitignore
 
 
README.pod
README.pod
 
 
find_open_resolvers
find_open_resolvers
 
 

Repository files navigation

NAME

find_open_resolvers -- Finds open DNS resolvers inside a given IP range.

SYNOPSIS

find_open_resolvers [options] [IP range]

Options:
   --queries  simultaneous queries to perform (100)
   --retries  number of retries of DNS query (2)
   --timeout  timeout for DNS query in seconds (1)
   --fqdn     Fully Qualified Domain Name to query for (www.xyzzy.net)
   --verbose  be verbose
   --help     display brief help
   --man      display full man page

IP range      Range of IPv4 or v6 addresses

OPTIONS

IP range

Required. Range of IPv4 or IPv6 addresses to check for open resolvers. Will iterate through them one by one. Accepts:

  • A single address (192.168.0.1)

  • A CIDR range (192.68.0.0/24)

  • A range, enclosed in quotes, specifying start to finish ('192.168.0.4 - 192.168.1.2')

-q, --queries

How many simultaneous DNS queries to be working on at any one time. Defaults to 100.

-r, --retries

Number of retries to perform for each DNS query in the event of no response. Defaults to 2.

-t, --timeout

How long in seconds to wait for a response from each DNS query. Defaults to 1.

-f, --fqdn

Fully Qualified Domain Name (i.e., a host name) to query for. Should be something that no IP address is likely to be an authoritative DNS server for. Defaults to 'www.xyzzy.net'.

-v, --verbose

Operate verbosely.

-h, -?, --help

Display a brief help message.

--man

Display documentation in manual page format.

DESCRIPTION

Pings off a bunch of DNS queries against every IP address in the specified range in order to see if any of them are likely to be open DNS resolvers.

Every IP address in the range is tested in batches of (by default) 100 in a select loop. Testing large ranges may take a very long time.

By default this queries for the FQDN 'www.xyzzy.net' which is an arbitrary choice that is unlikely to be authoritatively served by any target IP. Should a target IP return actual results for this FQDN then it is likely to be an open recursive resolver. If 'www.xyzzy.net' no longer exists in the global DNS then you may wish to specify another FQDN.

Multiple ranges

This script currently only supports scanning one contiguous range of IP addresses, so if you need to feed it multiple ranges (perhaps from a file) then you'll have to work around it with scripting and accept that it will only do one range at a time in parallel.

It's not actually massively slower to split ranges up; I scan a /24 in 14 seconds or the two /25s that make it up in 7 seconds plus 9 seconds.

On the command line

Something like:

$ for range in 1.2.3.0/24 4.5.6.7-5.6.8.9;
    do ./find_open_resolvers $range;
done

From a file

$ cat ranges.txt
1.2.3.0/24
4.5.6.7-5.6.8.9
$ while read iprange;
    do ./find_open_resolvers $iprange;
done < ./ranges.txt

AUTHOR

Andy Smith <andy-git-f-o-r@bitfolk.com>

COPYRIGHT AND LICENSE

Copyright © 2012-2015 Andy Smith <andy-git-f-o-r@bitfolk.com>.

This program is free software; you can redistribute it and/or modify it under the terms of the Perl Artistic License.

About

Find open recursive nameservers

Resources

Readme
Activity
Custom properties

Stars

3 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages