Skip to content

Niels Provos ::

For secure name resolution, it is important that your DNS resolver uses random source ports. The box below will tell you if there is something you need to worry about.

If the box says that you are using random ports, there is nothing to worry about. If it shows a red border, your resolver does not use completely random source ports. This could imply a security problem; see the following CERT advisory. However, some resolvers have implemented countermeasures that do not solely rely on random source sources.

There is a little bit more information about this security problem on Dan Kaminsky's blog.

The test requires Javascript.
You can add this test to your own page:
<script src="https://www.provos.org/dns_test.js?site=yoursite"></script>

Posted by Niels Provos | on