Check DNS server for security against amplification attacks

Article translated by machine

This text is a machine translation. A revised version is planned.

For Server-products with administration rights

This is how you find out whether third parties could use or misuse your server for a DNS amplification attack.

You can find out whether the current setting is incorrect by having your server resolve a host name. If the resolution succeeds, you should adjust your server configuration. If the name resolution fails, you do not have to do anything else.

Please note: For the test to be meaningful, it must not take place on the server itself. Instead, use a computer with a regular Internet connection (DSL, cable, etc.) - for example your home PC.

Checking under Windows

On Windows operating systems, please proceed as follows:

Step 1

Press the Windows key + R.

Step 2

Type cmd and press Enter.

Step 3

Enter the command nslookup www.ionos.co.uk [IP address of your root server] and confirm your entry with Enter.

An example:

nslookup www.ionos.co.uk 123.123.12.123 
Step 4

Now get an output similar to

NoNon-authoritative answer:
Name: www.ionos.co.uk
Address: 212.227.17.105

this means that your server responds to the request and is vulnerable to amplification attacks. In such a case you should adjust your DNS configuration as described under this link.

Step 5

If the output is similar to

*** Unknown can't find www.ionos.co.uk: Query refused

or only one (or more) timeout(s) are reported to you, you do not have to do anything else.

Testing under Linux or Mac OS

Step 1

Open a terminal (console).

Step 2

Enter the command host www.ionos.co.uk [IP address of your root server], for example

host www.ionos.co.uk 123.123.12.123 
Step 3

Get an output similar to

>www.ionos.co.uk has address 212.227.17.105

this means that your server responds to the request and is vulnerable to amplification attacks. In such a case you should adjust your DNS configuration as described under this link.

Step 4

However, get an output similar to

Host www.ionos.co.uk not found: 5(REFUSED) 

you don't have to do anything else, because your DNS refuses to answer the request.