Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Recursive DNS Cache Auditing Resource SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Recursive DNS Cache Auditing Resource

For those with a need, research described in Jose Avila's Recursive DNS Cache Auditing presentation is backed by the ONZRA security research tool CacheAudit v.01, see the Research folder at ONZRA for the CacheAudit download.

"CacheAudit is an open source aplication for monitoring the cache of a Recursive DNS server. It allows providers to detect and respond quickly to Cache Poisoning events".

Patrick

193 Posts
Jul 25th 2008
Most recursive DNS Implementations don't answer queries during dumping the cache to disk and you don't want that to happen to a heavily used caching nameserver at an ISP for it will get kicked out of the working set by the loadbalancer.
So Admins make sure you know what you're doing.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!