Check Dns Server for Security against Amplification Attacks

For server products with administration rights

This is how you can find out if third parties could use or misuse your server  for a DNS amplification attack.

You can find out whether the current setting is incorrect by resolving a host name from your server. If the resolution succeeds, you should adjust your server configuration. If the name resolution fails, you do not need to do anything else.

Testing (Windows)

On Windows operating systems please proceed as follows:

• Press the Windows key + R key combination.

• Type cmd and press Enter.

• Enter www.1und1.de [IP address of your root server] as the command nslookup and Enter to confirm.
  
  Example:

  nslookup www.1und1.de 123.123.12.123

• If you receive an output similar to

  Non-authoritative answer:
  Name: www.1und1.de
  Address: 212.227.17.105

  this means that your server is answering the request and is therefore vulnerable to amplification attacks. In such a case, you should adjust your DNS configuration as described in this link.

• If the output is similar to

  *** Unknown can't find www.1und1.de: Query refused

  or if you are simply told one (or more) timeout(s), you don't need to do anything else.

Testing (Linux or Mac OS)

• Open a terminal (console).

• Enter www.1und1.de [IP address of your root server] as the command host, for example:

  host www.1und1.de 123.123.12.123

• If you receive an output similar to

  >www.1und1.de has address 212.227.17.105

  this means that your server is responding to the request and is therefore vulnerable to amplification attacks. In this case, you should adjust your DNS configuration as described at this link.

• If you receive an output similar to

  Host www.1und1.de not found: 5(REFUSED)

  you do not need to do anything else because your DNS refuses to answer the query.