Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Looking for List of secure DNS servers

  • 25-05-2017 12:46pm
    #1
    Joe Exotic
    Registered Users, Registered Users 2 Posts: 568 ✭✭✭


    Hi all,

    Does anyone have a link to a list of "Secure" "trusted" or "validated" DNS servers (global, or even European).

    Basically I'm trying to analyse DNS traffic and would like to get a hold of a limited list of "known good " DNS - if possible

    i can get a list of DNS servers here but the problem is you cant be sure that they haven't been compromised.
    as many botnets talk over DNS you could be seeing traffic over port 53 to an actual DNS server but that server might be compromised and also acting as a C&C server.

    I haven't found any list as of yet and my current thought is to compile a list of the root name servers plus the major telecom name servers. a bit of work but once together it shouldn't be too hard to keep up to date.

    Any suggestions welcome :)


    P.S. if requested ill share any list i come up with


Comments

  • #2
    Manach
    Moderators, Society & Culture Moderators Posts: 9,731 Mod ✭✭✭✭Manach


    Not sure if of use to OP, but whenever a DNS outage at work the Google 8.8.8.8 is checked. I'd be unsure how secure it is.


  • #3
    Joe Exotic
    Registered Users, Registered Users 2 Posts: 568 ✭✭✭Joe Exotic


    Manach wrote: »
    Not sure if of use to OP, but whenever a DNS outage at work the Google 8.8.8.8 is checked. I'd be unsure how secure it is.

    Id consider it secure from a practical point of view (in the sense that very few things are totally secure) and so it would be part of the list.

    Maybe if i explain more clearly what i'm doing.
    i'm trying to analyse network traffic and as part of that analysis there will be DNS traffic. now most if not all of this traffic is legitimate but the only real way to know is to analyse the packets.

    If we can identify "trusted" DNS servers (Instead of using the term secure) which we can be fairly confident are not compromised then we can filter this out leaving only the "untrusted" traffic.

    This will still leave an amount of DNS servers (42,262 from 220 countries on the list i linked in OP) and thus a large amount of DNS traffic which is untrusted to be analysed but its better than nothing


    Perhaps this isn't a worthwhile task and maybe including the full list od DNS servers and bring in a threat intelligence feed Which would add "known bad" IP addresses is a better way. but i'm not convinced of this.

    If anyone has an opinion id be happy to hear it


Advertisement