Question 1

How to avoid state clashes when using the public Whonow server?

Accepted Answer

Always include a unique UUID or random string in the domain name after your rules, as recommended in the README. This ensures each user's DNS program state is isolated and not interfered with by others.

Question 2

Whonow vs setting up a custom DNS server: which is better for security testing?

Accepted Answer

Whonow is faster for quick demonstrations due to its public instance and simple syntax, but a custom DNS server offers more control and flexibility for complex, long-term testing scenarios.

Question 3

Can Whonow be used for IPv6 DNS rebinding attacks?

Accepted Answer

Not currently; the README states only A records for IPv4 are supported, with AAAA records for IPv6 'coming soon.' For now, it's limited to IPv4 addresses.

Question 4

Is Whonow detectable by security tools or firewalls?

Accepted Answer

Likely yes, as it involves unusual DNS patterns and malicious intent. Tools monitoring for DNS rebinding or anomalous queries might flag activity from Whonow servers, especially in secured networks.

Question 5

How to log and analyze DNS queries with Whonow?

Accepted Answer

Use the --logfile flag to save DNS activity to a CSV file and --verbose for real-time output. This helps track request timestamps and sender IPs for post-test analysis.

Question 6

What happens if Whonow runs out of RAM for domain states?

Accepted Answer

The server uses a FIFO eviction policy when the --max-ram-domains limit is reached; older domain states are removed and reset upon next query, which could disrupt ongoing attack simulations.

Whonow DNS Server

What is Whonow DNS Server?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions