Testing your DNS servers for CERT VU#800113 (or Dan Kaminskys bug)

Here are 2 pointers to diagnostic tools for testing your DNS server against Dan Kaminsky's vulnerability (or CERT VU#800113). Please note that these tools use a very simple test and may not be enough to provide a foolproof assessment of the strength of your DNS server.

• DNS-AORC htps://www.dns-oarc.net/oarc/services/dnsentropy
• Dan Kaminskys Page - http://www.doxpara.com
  

[Update] There is also a simple command-line from the same folks at DNS-OARC. Just fire the following command from a command line (ofcourse you need to have dig installed).

dig +short porttest.dns-oarc.net TXT

The first gives out a real cool output. Sample shown below. If you see GREAT as the output it means you are ok against the bug (as far as the tool is concerned).