PorkBind v1.2 : 13 DNS security flaws scanner (including DNS Poisoning)
PorkBind is a multi-threaded nameserver scanner that can recursively query nameservers of subdomains for version strings. (i.e. sub.host.dom’s nameservers then host.dom’s nameservers) After acquiring the version strings it tests them against version numbers from CERT advisories and reports back to the user. Zone transfer capability is also tested for
This little test software checks for vulnerabilities defined into the default porkbind.conf. As well as Cache poisoning, NXT bug, Malformed SIG overflow, Crypto weaks and many others.
The vulnerabilities detected are described into advisories repository. The newest covered Cache poisoning is the alert TA08-190B (otherwise the famous CVE-2008-1447)
We recommand this utility because it checks for 13 critical DNS flaws.
Here is the internal links to vulnerabilities along with their CVSS v2.0 scores and OVAL checks (when available).