To Answer A Couple Of Questions
Some people would like to have the IP address of www.doxpara.com, so that if their DNS server is compromised, they can still find out if it’s vulnerable (the theory being, if it’s compromised, it won’t actually go to Doxpara).
Here’s the problem: I’m watching you look up Doxpara’s names. That’s how I can see what ports you’re using! If you don’t use DNS to find Doxpara, I can’t watch you finding Doxpara, and thus I can’t tell you if you’re always using the same ports.
Also, people want to have the ability to ask for a particular name server to be tested. My problem here is that I probably don’t have access to your name server, except through you — so I need your web browser to poke your name server to look up a name from me. Then, and only then, can I tell you if there’s a problem.
Finally. some people think that if their name server only accepts requests from Internet IP’s, it’s safe. No. As alluded to in the last paragraph, I may not have access to your nameserver, but your browser does, and I do have access to your browser.
So, in conclusion: Patch, and verify the patch is working (NATs continue to be a headache). If it’s not working, forward to something that is. OpenDNS has capacity to spare.