DNS for fun and profitHemant Soni

Pradeep Aradhya

The Remote Lab's story

Connect with DevOps gurus

Blog (http://theremotelab.io/blog)

Twitter (https://twitter.com/TheRemoteLab)

Github (https://github.com/TheRemoteLab)

LinkedIn (https://www.linkedin.com/company/the-remote-lab)

Facebook (https://www.facebook.com/TheRemoteLab)

#100Days100DevOpsTools Campaign (https://twitter.com/hashtag/100Days100DevOpsTools?src=hash)

letsdevops.slack.com (https://letsdevops.slack.com)

Connect with us on Slack. Drop an email to hello@theremotelab.com to get the invitation.

Agenda:

Name resolution on Linux systems

DNS server internals

Zonefiles, frequently used DNS records, TTL and DNS caches

DNS and email systems

Size and perfomance: MTU and IP fragmentation

TXT record for custom applications

Name resolution on Linux systems

What happens when...

Zoom into name resolution

/etc/nsswitch.conf

ltrace -n3 -S ping -c 1 theremotelab.co.uk 2>&1 |less

DNS server internals

Who did we talk to

How did we talk

+trace

dig +trace mail.google.com

Common DNS configurations (https://help.ubuntu.com/lts/serverguide/dns-configuration.html)

Zonefiles, DNS records, TTL

A

PTR

CNAME

MX

TXT - the simplest and the most powerful

And many more..

Forward and reverse DNS lookup records

Reverse DNS usually managed by ISP

DNS and email systems

Let the games begin!!

MX records and priorities:

Why spammers use lower priorities?

Good MX records will have both forward and reverse entries

DKIM

How do I ensure the validity of email sender?

How do I ensure that my mail is not tampered in transit?

s . _domainkey . d

dig txt 20120113._domainkey.gmail.com

SPF records

Am I allowed to send mail from this IP for this domain?

dig txt gmail.com dig txt _spf.google.com dig txt _netblocks.google.com

DNSBL

Reverse the IP and concatenate with the WL/BL list supporting domain

Results are hints in the context of list

We can also use this mechanism for our own custom actions

Size and perfomance

MTU

IP fragmentation

TCP usages

TXT record for custom applications

dig txt profile.theremotelab.co.uk

References

DKIM (http://dkim.org/specs/rfc4871-dkimbase.html)

SPF (http://www.openspf.org/SPF_Record_Syntax)

DNSBL (https://www.spamhaus.org/faq/section/DNSBL%20Usage)

Questions

Thank you

Hemant Sonihemant.soni@theremotelab.com (mailto:hemant.soni@theremotelab.com)

@hemant_soni_ (http://twitter.com/hemant_soni_)

Pradeep Aradhyapradeep.aradhya@theremotelab.com (mailto:pradeep.aradhya@theremotelab.com)

@aradhyapradeep (http://twitter.com/aradhyapradeep)

http://theremotelab.com (http://theremotelab.com)