Open-source tool checks if your DNS setup is a single point of failure
A developer at BlackNeuron has released dns-resilience-check, a free, open-source Rust tool that audits whether a domain's authoritative DNS relies on a single provider. The tool addresses a widely overlooked vulnerability: if all nameservers sit with one DNS host, a DDoS attack or provider outage can take the entire domain offline regardless of other security measures. It analyzes public DNS data via DNS-over-HTTPS, checking nameserver count, DNSSEC status, NS TTLs, and crucially whether nameservers are on distinct networks by mapping each IP to its autonomous system number (ASN) using Team Cymru's public zone. A domain passes only if its nameservers span multiple ASNs, since multiple NS records pointing to the same provider offer no real redundancy. The tool is available on GitHub under the MIT license and requires no installation beyond Rust.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in