Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Recursive DNS Cache Auditing Resource - SANS Internet Storm Center SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Recursive DNS Cache Auditing Resource

For those with a need, research described in Jose Avila's Recursive DNS Cache Auditing presentation is backed by the ONZRA security research tool CacheAudit v.01, see the Research folder at ONZRA for the CacheAudit download.

"CacheAudit is an open source aplication for monitoring the cache of a Recursive DNS server. It allows providers to detect and respond quickly to Cache Poisoning events".


193 Posts
Most recursive DNS Implementations don't answer queries during dumping the cache to disk and you don't want that to happen to a heavily used caching nameserver at an ISP for it will get kicked out of the working set by the loadbalancer.
So Admins make sure you know what you're doing.

Sign Up for Free or Log In to start participating in the conversation!