Bugtraq mailing list archives
DNS PTR surveying
From: "D. J. Bernstein" <djb () CR YP TO>
Date: Sun, 1 Oct 2000 08:28:33 -0000
This is a brief note on some DNS surveying tools. You can use them to rapidly measure the size of the Internet, to support higher-level surveys of various daemons, or to kill typical DNS caches. The tools are random-ip, which prints a random set of IP addresses, and dnsfilter, which does PTR lookups in parallel. They're part of the djbdns package, available from http://cr.yp.to/djbdns.html. Typical use: random-ip 10000 | dnsfilter > RESULTS dnsfilter does 10 PTR lookups in parallel. Use dnsfilter -c 100 to do 100 PTR lookups in parallel for higher speed; make sure that you don't have a small fd resource limit. You can also speed things up by removing the (misconfigured) 6.*, 8.*, 34.*, and 55.* networks from the list. I tried 10000 addresses a few minutes ago. The output included 282 addresses with PTR records such as 172.165.0.88=aca50058.ipt.aol.com, 8983 addresses without PTR records, and 735 temporary failures such as 8.138.51.161:timed-out. A subsequent double-check of the temporary failures found no new PTR records. Evidently the Internet has roughly 120 million IP addresses with PTR records. It's not difficult to build a complete list, like the $2500.00 CD that ISC sells to spammers, but a small random sample is enough for legitimate surveys. dnsfilter uses the DNS cache listed in /etc/resolv.conf. You can set the $DNSCACHEIP environment variable to tell it to use another DNS cache. There are a huge number of DNS caches on the Internet that you can use, because ISC ships BIND with promiscuous defaults. A big, fast survey will kill a BIND cache, because BIND dies when it runs out of memory. BIND 9 won't die, but it will stop caching new data, so performance goes down the toilet. Unless you're trying to take down somebody's DNS service, you should use the dnscache program included in the djbdns package; dnscache smoothly discards old data. ---Dan
Current thread:
- DNS PTR surveying D. J. Bernstein (Oct 01)
- Re: DNS PTR surveying antirez (Oct 03)
- Re: DNS PTR surveying a007 (Oct 08)
- Re: DNS PTR surveying antirez (Oct 03)