Dns easy

DNS

Study Area 2010

12/11()

CYJ

Before start

?

What is DNS

DNSDomain Name System

/

Domain name

IP

Domain name

FQDN www.study-area.org.

"."

.(root)orgstudy-areawwwcomtwnicwwwtwtwnicwwwjpadobemailwww

arpa

FQDN

127 www.study-area.org.

63

255

.

www.study-area.org.study-area.orgwww

mail.study-area.org.study-area.orgmail

study-area.org.orgstudy-area

org..(root)org

www.study-area.org.

?NS (Name server)

.(root)orgstudy-area

ns1.study-arae.org.ns2.study-area.org.ns2.study-area.org.

ns1.study-area.org.ns2.study-area.org.

www,study-area.org. => 163.16.211.23

d.root-servers.net.

/

www.study-area.org. => 163.16.211.23

163.16.211.23 => www.study-area.org.

163.16.211.23 ? 23 => 211 => 16 => 163 ???

()23.211.16.163.in-addr.arpa.

.(root)arpain-addr16316211

ns.ks.edu.tw.dwb.ks.edu.tw.

23.211.16.163 PTR www.study-area.org.

Resolver()

/

ResolverAPI, function, system call, Application....

internetResolverfirefoxmailkernel

www.study-area.org. 163.16.211.23

DNS

Resolver ?

.(root)orgstudy-areaclientResolverDNS Server(cache server)ex: 168.95.1.1

www.study-area.org

Resolver DNS Server

/etc/hostsDNS

/etc/resolv.confUnix like

Windows DNS

Resolver Loop ?

Resolver/etc/hosts => /etc/resolver

DNS server .(root)()

DNS server.(root) ?

192.168.1.99A host/etc/resolv.conf:192.168.1.1192.168.1.1A host/etc/resolv.conf:192.168.1.99

internet.(root)

DNS


www.study-area.org

DNS

DNS

25

?25

DNS

org.querystudy-area.orgwww.study-area.orgns1.study-area.org

querywww.study-area.org ?tw.: study-area.org NS ns1.study-arae.org

DNS

25

?25 or 2626

DNS

org.querystudy-area.org.www.study-area.org.ns1.study-arae.org

query: www.study-area.org ?tw.: study-area.org NS ns1.study-area.org.study-area.org NS ns2.study-area.org.study-area.org.www.study-area.org.ns2.study-arae.org

?1DNS

25

261

x

1

query:www.study-area.orgstudy-area.org NS ns1.study-area.orgDNS

org.querystudy-area.org.www.study-area.org.ns1.study-area.org.

study-area.orgwww......twnic.net.twdns.twnic.net.tw

x

DNS

25

?2525

DNS

MX

org.queryns1.study-area.orgstudy-area.org MX 10 ns1.study-area.org.study-area.org MX 20 ns1.sayya.org.

querymail.study-area.org.tw. : study-area.org. NS ns1.study-area.org.ns1.sayya.org.

DNS

25

?25

DNS

CNAME

org.querystudy-area.org.ftp.study-area.org CNAME wwwns1.study-area.org.

query: ftp.study-area.org. ?tw. : study-area.org NS ns1.study-area.org.

DNS

25 :xxx :xxx :xxx :xxx......

DNS

Zone file

org.study-area.org.ns1.study-area.org.study-area.org NS ns1

www.study-area.org.mail.study-area.org.ftp.study-area.org.ns1.study-area.org.xxxx

DNS

: 86400 25

?25, 26

DNS

DNSNS

DNS


query: www.study-area.org?query: org. ?org. IN NS c0.org.afilias-nst.info.query: study-area.org. ?study-area.org IN NS ns2.study-area.org.query: www.study-area.org.163.16.211.23

Domain Name

Domain Name

DNS

Name Server(NS)

DNS

Install BIND9

Unix like / BIND9yum install bind

./configure --prefix=/usr --sysconfdir=/etc/bind --localstatedir=/var --enable-threads --enable-ipv6

make

make install

Windows / DNS

UDP / port 53iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT

BIND

/etc/named.conf/var/named/chroot/etc/named.conf

named

root server

Zonezone file

Zone file /var/named/xxxxx.db/var/named/chroot/var/named/xxxxx.db

SOA & Resource Record(RR)

/etc/init.d/named [start/stop/restart]

/usr/sbin/named -c /etc/named.conf -u named -t /var/named/chroot

killall named

SOA(Start Of Authority)

study-area.org. IN SOA ns1 haway ( 42 ; serial (d. adams) 1H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum

Zone file , FQDN

ns1 = ns1.study-area.org.

haway = haway.study-area.org.

Resource Record(RR)

FQDN

TTL

Class

Type:A / NS / MX / CNAME

rdata

www.study-area.org.3600INA163.16.211.23

study-area.org.3600INNSns1.study.area.org.

named

example.tw zone file

Master / slave DNS

Master DNS named.confallow-transfer{ slave ip; };

slave DNSnamed.confzone "example.tw"{type slave;masters{ master ip; };file "xxx.db.slave";allow-transfer{ nono; };

};

,master/slave

tw.ns1.rsync.tw.ns2.rsync.tw.rsync.tw. IN NS ns1.rsync.tw.rsync.tw. IN NS ns2.rsync.tw.ns1.rsync.tw. IN A 202.153.191.99ns2.rsync.tw. IN A 210.17.9.203

NS

NSDNS,

Ns

NS- 1

NSstudy-area.org. IN NS ns1.study-area.org.

study-area.org. IN NS ns2.study-area.org.

ns1.study-area.org IN A 163.16.211.23

ns2.study-area.org. IN A 203.68.102.192

NS - 2

NSstudy-area.org. IN NS ns1.study-area.org.

study-area.org. IN NS ns2.study-area.org.

study-area.org. IN NS dns.hinet.net.

NS- 3

NS study-area.org. IN NS ns1.study-area.org.

ns1.study-arae.org. IN A 192.168.1.1

ns1.study-area.org. IN A 163.16.211.23

DNS Client Tools

nslookupnslookup www.study.area

nslookup (enter)

digdig domain typereslover

dig @serverip domain typedns server

dig +tcp +dnssec +trace @....dns server

DNS/?

dig org. ns ( org. : com.tw org.tw )

NSdig @b0.org.afilias-nst.org. study-area.org ns

NS,dig @ns1.study-area.org. study-area.org ns

flagsaa

dig @ns1.study-area.org www.study-area.org a

cache serverdig www.study-area.org a

DNS

DNS

DNS

DNSFirewall

recursive

default any

root

chroot/selinux

DNS- DNS spoof

Dns cache poisoninghttp://www.youtube.com/watch?v=1d1tUefYn4U

Metasploit

DNS - DNS spoof

Man in the middle

ettercap

userhackerDNS Server

www.study-arae.org

. PunyCode

. => xn--qvrq56g.xn--kpry57d.

.tw => xn--qvrq56g.tw

www..tw => www.xn--qvrq56g.tw

email

xn--qvrq56g.xn--kpry57d

firefoxfilezilla...DNSzone filemailserverunix/linuxftp

.

DNAME

.tw . . ?DNS?

DNAME..

(CNAME)

Q & A

[email protected]

Dns easy

Documents

Transcript of Dns easy