CHECKING FOR DNS CACHE POISONING VULNERABILITY
(Document for Network Administrators)
To check if your DNS servers are affected by DNS Caching Poisoning Vulnerability or not, follow the following three steps:
- Configure the DNS server which being checked (Important).
- Use BkavDNSCheck.exe to check.
- Apply patch if affected.
1. Configure the DNS server which being checked (Important).
You need configure the DNS Server Forwarders function on the DNS server which being checked, pointing the domain name BkavDNSCheck.vn to IP Address 203.162.1.239 (The server contains checking software).
This section helps you to configure on 2 popular DNS servers:
- Microsoft DNS Server
- BIND
1.1. Configure the server using Microsoft DNS Server
- Logon to DNS Server Administration Interface
- Right click on DNS Server, then select Properties


- Press New, type BkavDnsCheck.vn into DNS domain box and press OK

- Type 203.162.1.239 into Selected domain’s forwarder IP address list

1.2. Configure the DNS Server using Bind
- Note: only apply this step if you used Bind software
- Add this configuration into file /var/named
zone "bkavdnscheck.vn" IN { type forward; forwarders {203.162.1.239;};}; |
2. Use BkavDNSCheck.exe to check

Subdomain Exploit DNS Cache Poisoning checked scheme
2.1. Download the BkavDNSCheck.exe software
2.2. Setup DNS server information on the machine running BkavDNSCheck.exe
- On the client running BkavDNSCheck.exe, open the Internet Protocol (TCP/IP) Properties windows.
- Important: Change the IP address of Preferred DNS Server field to IP private address of the DNS server which being checked (see the image)

2.3. Running check
- Press Scan and wait (about 60 seconds)
- See the result in 3 cases:
Case #1: DNS Server is not affected by the DNS Cache Poisoning vulnerability. You do not have to do anything; your DNS server is safe.

Case #2: Your DNS Server is affected by the DNS Cache Poisoning vulnerability. You need apply patch following the 3rd section.

3. Apply patch
After scanning by BkavDNSCheck tool, if your DNS server is vulnerable to cache poisoning, you need to update the patches, in order to prevent from DNS cache poisoning attacks
Following these steps:
3.1. Specify the software:
- Specify the vender of the DNS server software used to resolve the address (Microsoft, Red Hat, …)
3.2. Apply patch matched your system
| Vender | Patch |
1 | Microsoft Corporation | Click here |
2 | Red hat, Inc. | Click here |
3 | Sun Microsystems, Inc. | Sun Solaris 8 (SPARC) – Applied patch 109326-20 or newer Click here Sun Solaris 9 (SPARC) - Applied patch 112837-14 or newer Click here Sun Solaris 8 (x86) - Applied patch 109327-20 or newer Click here Sun Solaris 9 (x86) - Applied patch 114265-13 or newer Click here |
4 | FreeBSD | Click here |
5 | Cisco Systems, Inc. | Click here |