DNS Open Resolvers Report

This report identifies DNS servers that have the potential to be used in DNS amplification attacks by criminals that wish to perform denial of service attacks.

The DNS servers are checked with a command equivalent to:

dig +short @[ip] dnsscan.shadowserver.org

Statistics for these servers can be found here.

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • ip
    The IP address of the device in question
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • port
    Port that the DNS response came from
  • protocol
    Protocol that the DNS response came on (usually UDP)
  • hostname
    Reverse DNS name of the device in question
  • min_amplification
    The approximate minimum amount of traffic amplification that you could get by querying the DNS server for an A record — this number is obtained by dividing the size of the response by the size of the query
  • dns_version
    DNS version string that is reported back when device is probed
  • p0f_genre
    Operating System family
  • p0f_detail
    Operating System version

Sample

"timestamp","ip","asn","geo","region","city","port","protocol","hostname","min_amplification","dns_version","p0f_genre","p0f_detail"
"2013-10-10 00:05:10","208.70.149.107","36252","US","Illinois","Chicago","53","udp","107.149.70.208.static.ipv4.dnsptr.net","4.6190","PalmOS DNS v1.0",,
"2013-10-10 00:05:10","204.245.210.223","2914","US","Oregon","Warren","53","udp","","1.3810","",,
"2013-10-10 00:05:10","40.135.0.109","7029","US","Nebraska","Pawnee City","53","udp","h109.0.135.40.static.ip.windstream.net","1.3810","SERVFAIL",,
"2013-10-10 00:05:10","76.74.186.178","13768","CA","British Columbia","Richmond","53","udp","ns2.domainhostingservers.com","3.4762","9.2.4",,
"2013-10-10 00:05:10","31.42.105.195","51003","RU","-","-","53","udp","","1.3810","dnsmasq-2.63",,

Our 73 Report Types