A bit too much DNS Data in Open Resolver Report from 2014-05-22

May 23, 2014

While this has been communicated via e-mail to most of our report recipients, we wanted to make a quick note on our blog regarding the Open Resolver report that recently went out dated 2014-05-22. Please disregard the DNS openresolver data from this data. It lists all DNS servers, not only the ones that are open resolvers.

The scan data itself is fine, but due to a mixup, it included all the DNS servers that we found on 2014-05-22 and not just the open resolvers.

If you were the lucky recipient of one of these reports, it contains every DNS server from the ranges that you receive reports on that responded to our scan in any way.

In addition to the “normal” data that we report out every day, it also contains the following:

  • Non-recursive DNS servers (look for “min_amplification” to be 1 or less)
  • Recursive DNS server on ports other than 53 (look for the “port” to be something other than 53 and the “min_amplification” to be something greater than 1). We are not sure what these devices are, which is why we do not include them in our reports.

We will hold back the reports for tomorrow since that data is also polluted, but you should receive reports on the 2014-05-24 scan data.

Apologies for the confusion and thanks for your patience.

The Shadowserver Foundation

Recent Articles