DNS Open Resolvers Report

LAST UPDATED: 2022-06-27

This report identifies DNS servers that have the potential to be used in DNS amplification attacks by criminals that wish to perform denial of service attacks.

The DNS servers are checked with a command equivalent to:

dig +short @[ip] dnsscan.shadowserver.org

For more details behind the scan methodology and a daily update of global DNS scan statistics please visit our dedicated DNS scan page.

You can learn more on the report in our DNS Open Resolvers Report tutorial.

You can learn more on our reports in general in our Overview of Free Public Benefit Shadowserver Reports presentation, which also explains example Use Cases.

For more information on our scanning efforts, check out our Internet scanning summary page.

 

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • ip
    The IP address of the device in question
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • port
    Port that the DNS response came from
  • protocol
    Protocol that the DNS response came on (usually UDP)
  • hostname
    Reverse DNS name of the device in question
  • min_amplification
    The approximate minimum amount of traffic amplification that you could get by querying the DNS server for an A record — this number is obtained by dividing the size of the response by the size of the query
  • dns_version
    DNS version string that is reported back when device is probed
  • p0f_genre
    Operating System family
  • p0f_detail
    Operating System version

Sample

"timestamp","ip","asn","geo","region","city","port","protocol","hostname","min_amplification","dns_version","p0f_genre","p0f_detail"
"2013-10-10 00:05:10","208.70.149.107","36252","US","Illinois","Chicago","53","udp","107.149.70.208.static.ipv4.dnsptr.net","4.6190","PalmOS DNS v1.0",,
"2013-10-10 00:05:10","204.245.210.223","2914","US","Oregon","Warren","53","udp","","1.3810","",,
"2013-10-10 00:05:10","40.135.0.109","7029","US","Nebraska","Pawnee City","53","udp","h109.0.135.40.static.ip.windstream.net","1.3810","SERVFAIL",,
"2013-10-10 00:05:10","76.74.186.178","13768","CA","British Columbia","Richmond","53","udp","ns2.domainhostingservers.com","3.4762","9.2.4",,
"2013-10-10 00:05:10","31.42.105.195","51003","RU","-","-","53","udp","","1.3810","dnsmasq-2.63",,

Our 130 Report Types

« Back to Network Reporting