https

Custom DNS Nameserver Spoofability Test
Can you trust your Domain Name Servers?

Why a Customizable DNS Spoofability Test?

The development of our final DNS Spoofability system required a significant amount of testing, experimentation, and tweaking by GRC and the terrific group of volunteers who inhabit the GRC newsgroups. To facilitate experiments with the many possible variations in the design of the test, this fully parameterized version was made publicly available (though not publicly linked-to until now).

When we discovered that some routers were crashing, this parameterized testing allowed each router's owner to experimentally determine exactly what aspect of the test was upsetting their individual router. All of this was finally reduced to just two basic tests, the “standard test” that works hard not to crash anyone's router, and the “router crash test” that was deliberately designed to quickly crash any router that could be crashed.

We expect that very few, if any, users will have any need or use for this customizable version of our test. So please don't worry if you're wondering whether you're missing something by wondering whether or why you need this. You don't. But since so many of out testers' routers were easily crashed during the development of our standard test, we have probably not seen the last crashable router. And since custom use of our test might be of interest to anyone wishing to perform further research into DNS spoofability, or to more thoroughly understand how this testing system works, we decided to leave the customizable test publicly available.

Finally, for anyone who is curious about how this DNS spoofability testing system operates, the documentation to support this customizable test provides a thorough explanation of the entire DNS testing system.

Please see our extensive How This Works page for
an explanation of each of the following parameters:
Customizable DNS Spoofability Test
To alter the test from its default configuration, change any of the five settings below, keeping them within the indicated range, then press the button below:
Number of Sub-domains — range: 1-111, default: 47
Specifies the length of the “a.” sub-domain chain that will be carried by our queries. Anecdotal evidence suggests that some routers may be adversely affected by longer queries.
Name Resolution Point — range: 0-112, default: 48
Specifies the point during successive sub-domain resolutions where GRC's pseudo nameserver will finally return an IP resolution rather than further “teasing” the querying resolver. If this point lies past the number of sub-domains specified above, that point will never be reached and the extended resolution will fail instead of succeeding. (Failing the final resolution has prevented some routers from crashing, whereas succeeding the resolution has crashed routers.) If this parameter is zero (0) the resolution of the expanded domain will succeed immediately.
Simultaneous Query Chains — range: 1-10, default: 4
Specifies the number of domain names being resolved at once.
Minimum Query Chain Duration — range: 0-255, default: 5 sec.
Specifies the minimum length of time required to traverse the length of the query chain. This works by deliberately throttling and scheduling our replies. The effect is that the client becomes increasingly impatient for an answer and begins redundant queries to additional nameservers. Thus, this is useful for uncovering more nameservers. A value of '0' yields no packet scheduling and no delay in replying.
Search Patience — range: 0-20, default: 4
Specifies the number of additional test iterations to wait while hoping to uncover additional nameservers. Being insufficiently patient may cause a nameserver to be undetected, while being too patient wastes time but does collect additional statistics.


GRC's DNS Nameserver Spoofability Testing Pages:
DNS Tests Usage Statistics:
 Standard   CustomCrashTest
Daily Usage:277224
Total Usage:91,3437429,554

Jump to top of page
Gibson Research Corporation is owned and operated by Steve Gibson.  The contents
of this page are Copyright (c) 2014 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.
Jump to top of page

Last Edit: Dec 21, 2008 at 13:34 (1,944.02 days ago)Viewed 14 times per day