Industry-Leading DNS Auditing
The DNS Institute enables domain owners and DNS professionals to monitor and check
conformance and vulnerabilities of their DNS infrastructure, through scheduled
vulnerability tests, alerts, news, and statistics with complete reporting.
auditing solutions enable organizations
to proactively identify and remediate DNS misconfigurations
and vulnerabilities, measure and manage risk,
and ensure accuracy and compliance with no to little additional
software or infrastructure costs.
The DNS Institute is a consulting and documentation service
covering the Domain Name System and its security.
Our offerings include: automated DNS monitoring, DNS server and
client configuration reviews, custom DNS development, DNS server
installations, DNS server conformance and regression testing, DNS
zone data auditing, DNS vulnerability testing, server penetration
testing, DNSSEC deployments, DNS performance evaluations,
DNS installation and management instruction, DNS documentation,
Contact us for a demo or free evaluation.
Analyzing OpenNIC (2022-01)
Quick audit of over a thousand delegated domain names found under
the alternative DNS root OpenNIC identified tens of thousands of
issues (58 unique) including two expired TLDs. Interestingly, we
learned that many of the domains also used delegations under standard
Summary of Audit of Top Ten Domains for Top TLDs (2021-10)
Highlights of the interesting problems from analyzing
the top domains for 62 most popular TLDs.
ASN and Network Prefixes for TLD Nameservers (2021-10)
Counts of different ASNs and network prefixes for each IPv4 nameserver
(from root server delegations) for all TLDs.
Running ancient 1990 BIND 4 on modern Internet
DNS standards still mostly working after 30 years.
This week-long study used a 386BSD port of 1990
4.3BSD-Reno's BIND named 4.8.3 with modern DNS
for recursive and authoritative services.
Russia Government Domains Analysis (2021-07)
Identified over 20,000 DNS anomalies from research of 500 Russian
Federation domains including very poor IPv6 and DNSSEC support,
many nameservers without EDNS support,
and several open resolvers.
Summary of Analysis for Single Top Ranked Domain for Each TLD
The most popular domain for many TLDs had interesting DNS problems.
Popularity Rankings for TLDs
Popularity Rankings table for 1200+ TLDs. The 10 most popular TLDs
from the Tranco top sites list are com, net, ru, org, info, in,
ir, uk, au, and de.
DNS over IPv6 Research 2020-11 for Fortune 500 Companies
129 Fortune 500 companies didn't have working DNS over IPv6.
DNSSEC Report 2020-10 for Top 100 Banking Institutions
Only 4.7% of the domains owned by the largest banks were DNSSEC signed.
TLD Delegation and Nameserver Failures (2020-09)
An analysis of 1508 top-level domain names found many interesting
and even critical problems in at least 20 TLDs, including DNSSEC
DNS Nameserver Counts for Top Million Websites (2020-08)
The most popular NS nameserver domain name was
DNS Mistakes (Part 2): Lots of Typos
More mistakes often caused by typos, copy-and-paste issues, or
misunderstandings for what is allowed in DNS.
- Potential Email Compromise via Dangling DNS MX
While the Dangling MX concept is already known,
our paper also describes a novel vulnerability
and research approach
where the Dangling MX or other DNS target is an existing
registered domain, but available for purchase or unknown third-party use.
Random Recent DNS Checks