Open DNS Resolver Check SiteReturn to TOC presented at FIRST 2014

by Takayuki Uchiyama, Hiroshi Kobayashi,

Summary : JPCERT/CC released the “Open DNS Resolver Check Site” on 31st of October, 2013. This web-based tool allows visitors to check if the DNS server configured on their PC and/or network device connecting to the site is running as an open DNS resolver or not.
The trigger that contributed to the release of this site was a presentation delivered during APRICOT 2013 in March. During this presentation, it was reported that the number of open DNS resolvers deployed in Japan was the largest in Asia Pacific region. These DNS open resolvers could possibly be exploited to conduct significant DDoS attacks. After conducting an investigation, it was discovered that most of the open DNS resolvers in Japan either had dynamic IP addresses provided by an ISP (e.g. home networking device, such as a router) or were hosting servers such as VPS (Virtual Private Server). We then developed the check site and also started our coordination with any relevant parties in order to eliminate these non-secure resolvers.
My presentation will share our experiences with this project, which include the mechanism of the check site, and the various findings that have been obtained since its release and our extensive global collaboration to tackle the issue.