dns.workshop.hsgr
-
Upload
evaggelos-balaskas -
Category
Technology
-
view
2.023 -
download
0
description
Transcript of dns.workshop.hsgr
![Page 1: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/1.jpg)
DNS WorkshopDNS Workshop
Evaggelos BalaskasSerial: 2014011901
![Page 2: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/2.jpg)
disclaimer
• This presentation is just a supported material based on a dns workshop made on http://hackerspace.gr.
• May have errors! Plz email me to correct them.
• At the time you are reading this, the examples my have different values.
• The domains used in this presentation are randomly selected.
• Be aware of the serial in the first page!
![Page 3: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/3.jpg)
Before DNS, What?
• /etc/hosts
• C:\Windows\system32\drivers\etc\hosts .
• Postel - Mockapetris
![Page 4: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/4.jpg)
• /etc/resolv.conf● Nameserver 212.205.212.205
Now, What?
![Page 5: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/5.jpg)
![Page 6: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/6.jpg)
Domain Name System
• domain: hackerspace.gr.
• root NS .• TLD gr• ITE NS hackerspace• dns1.papaki.gr @• @ 185.4.135.249
• dig +trace hackerspace.gr. (notice the dot in the end)
![Page 7: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/7.jpg)
Root ns
![Page 8: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/8.jpg)
Root ns
![Page 9: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/9.jpg)
root ns
• http://www.internic.net/domain/named.root
• > dig.exe NS . @a.root-servers.net.
![Page 10: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/10.jpg)
Top Level Domains
• http://www.iana.org/domains/root/db
• Greek TLDs
.gr country-code ICS-FORTH GR
.δοκιμή test Internet Assigned Numbers Authority
![Page 11: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/11.jpg)
Top Level Domain: gr. (ITE)
• gr. 10748 IN NS gr-br.ics.forth.gr. • gr. 10748 IN NS gr-m.ics.forth.gr. • gr. 10748 IN NS estia.ics.forth.gr. • gr. 10748 IN NS grdns.ics.forth.gr. • gr. 10748 IN NS gr-at.ics.forth.gr. • gr. 10748 IN NS gr-us.ics.forth.gr. • gr. 10748 IN NS gr-ix.ics.forth.gr. • gr. 10748 IN NS grdns-de.denic.de.
![Page 12: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/12.jpg)
Check gr domains
• http://www.gr• dig +trace NS hackerspace.gr• dig +trace NS ebalaskas.gr• dig +trace NS goethe.gr
• Check the differences !
• dig +trace www.hackerspace.gr.• dig +trace A hackerspace.gr.
![Page 13: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/13.jpg)
Check domains
• > dig A www.ert.gr +short
• > dig NS nerit.gr +short[de nada!]
ITE does not serve nerit.gr but ...(see next slide)
![Page 14: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/14.jpg)
![Page 15: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/15.jpg)
servers
• NS Vs DNS• Auth Vs Resolvers (caching/recursive)• Zone files Vs RAM (memory)
• ns1.otenet.gr (serve zone files – don’t ask ITE)• ns2.otenet.gr (serve zone files – don’t ask ITE)
• dns1.otenet.gr (ask root NS – ask ITE – ask NS)● dns2.otenet.gr (ask root NS – ask ITE – ask NS)
● All OTE customers MUST use ● 212.205.212.205 - dns1 & dns2
![Page 16: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/16.jpg)
Public DNS – caching servers• Google Public DNS (they record your dns queries)
● 8.8.8.8● 8.8.4.4
• opennicproject● 85.126.4.170 (T, AT)● 151.236.10.135 (AT)
( the above IPs are just an example, click here: http://www.opennicproject.org/ )
• opendns● 208.67.222.222 (resolver1.opendns.com)● 208.67.220.220 (resolver2.opendns.com)
![Page 17: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/17.jpg)
RR – resource records
• SOA - Start of Authority Record• NS - Name Server Record• MX - Mail Exchanger Record• A - IPv4 Address Record• CNAME - Host Alias Record• SRV - Services Record• TXT - Text Record
• PTR - Pointer Record
![Page 18: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/18.jpg)
Start Of Authority> dig soa ebalaskas.gr +shortns14.ebalaskas.gr. ebalaskas.ebalaskas.gr. 2012052408 172800 3600 1209600 86400
• domain: ebalaskas.gr• TTL: 86400• Master NS: ns14.ebalaskas.gr.• Mail: ebalaskas.ebalaskas.gr.• Serial Number: 2012052408• Refresh: 172800 (when the slave will try to refresh the zone from the master)
• Retry: 1h (if the slave fails to contact the master)• Expiry: 2w (slave remove the zone from memory)• Minumum: 24h (slave remove the zone from memory if Non eXistent DOMAIN)
![Page 19: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/19.jpg)
Serial number
• Integer number• Must always be greater than the previous value
• We change the serial on every DNS change
• Is the way to notify the slave NS that a change has occurred
• We use the reverse date format + AA of the change
• eg. 2013/06/20-01 -> 2013062001
![Page 20: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/20.jpg)
NOTIFY• Master NS sends notifies (UDP packages) to all slaves NS
(NS RR in the zone file)
• Slaves NS check their SERIAL with master’s SERIAL
• If master’s serial greater than slave’s serial then pull the zone (zone transfer)
![Page 21: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/21.jpg)
TTL Time to Live
How many seconds a DNS (caching/resolver) should: • remember a record• should ask again the master NS for something
• or keep records from a zone (if expired) in memory.
• TTL is the reason we (sometimes) need to flush!
![Page 22: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/22.jpg)
dns flushing
A simple method to remove a specific entry or an entire zone from the memory/cache of a resolver name server.
Useful when you dont want to wait till the TTL expire.
![Page 23: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/23.jpg)
ttl
> dig CNAME www.otenet.gr +nocomments +noqr +nocmd +nostats +noauthority +noadditional
www.otenet.gr. 86074 IN CNAME otenet.gr.
> dig CNAME www.otenet.gr +nocomments +noqr +nocmd +nostats +noauthority +noadditional
www.otenet.gr. 86072 IN CNAME otenet.gr.
![Page 24: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/24.jpg)
ORIGIN
• With origin we refer to the domain, or the zone file.
• @ is the representative character• Origin can ONLY be A record
eg. yellowpagesbusiness.gr@ IN A 195.170.6.20www IN CNAME xo.gr.
![Page 25: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/25.jpg)
MX
> dig MX gmail.com +short
5 gmail-smtp-in.l.google.com.10 alt1.gmail-smtp-in.l.google.com.20 alt2.gmail-smtp-in.l.google.com.30 alt3.gmail-smtp-in.l.google.com.40 alt4.gmail-smtp-in.l.google.com.
mx defines the mail servers that recieving emails for a domain/email address.
![Page 26: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/26.jpg)
A - CNAME
• hostname IN A 1.2.3.4eg.
• ebalaskas.gr IN A 158.255.214.14
• hostname IN CNAME fqdneg.
• www IN CNAME ebalaskas.gr.
• A fqdn must always finish with a dot (.) or else is a reference to another record inside the dns zone
![Page 27: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/27.jpg)
Round-robin DNS
An example of DNS round robin (a poor man’s balancing mechanism):
eg. example.comwww IN A 1.2.3.4 (sometimes here!)www IN A 2.3.4.5 (sometimes there!)
![Page 28: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/28.jpg)
CDN: Web hosting
• eg. webhosting on akamai or cloudflare• They serve a different www (IP) according to the most network route wise (cost efficient) – looks like geolocation!!!
• They don’t serve A records! only CNAMEs to www
• CDN stands for content delivery network
![Page 29: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/29.jpg)
Check a domaineg cdn webhosting: www.plaisio.gr
• GREECE> dig www.plaisio.gr +shortplaisio.gr.edgesuite.net.a944.g.akamai.net.212.205.126.41212.205.126.34
• GERMANY>dig www.plaisio.gr +shortplaisio.gr.edgesuite.net.a944.g.akamai.net.87.245.215.7387.245.215.23
![Page 30: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/30.jpg)
TXT
• txt RR are simply TEXT fields.• max length: 4000characters
Syntax:hostname TTL IN TXT “TEXT TEXT TEXT”
So the customers must send us the text inside double quotes (plz don’t fax)
![Page 31: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/31.jpg)
TXT
• is the only resource record that can expand to more than one line
syntax:joe IN TXT ("Located in a black hole" " somewhere over the rainbow")
Be carefuly when using custom parsers
![Page 32: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/32.jpg)
Some examples:
• DZC IN TXT "eoMi3Yk“
• @ 3600 IN TXT "MS=ms70870252"
• @ IN TXT "v=spf1 a mx ip4:195.170.6.0/24 -all"
• turbo-smtp._domainkey IN TXT "k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDT3MWLni6so1q9eQggRYBCLHFjohZkCnYHH8gZNDBm6zRrodRVpWpJQW7x3cWWiuBhS1X0IfBB80l5tqFa+yc+mVgnk8tkUzOHFbPQPp4fi7egTpMtsQW/ZMrxw73SItNvPr72qvJTYZNPxarMx+ULjEWybcfEdXHPY8jslGcpCwIDAQAB"
![Page 33: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/33.jpg)
SPF• Sender Policy Framework• Mostly Microsoft
• define the mail servers that can send an email for the domain they serve
• The DNS check comes from the receiver mail server
(see last page for reference)
![Page 34: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/34.jpg)
DKIM• In the TXT RR is the public key of the receiver mail server.
• If defined, the sender mail server can encrypt the communication between the two mail servers.
• We cant convert a customer request from FAX. Plz ask text file from the customer. Pretty PLZ!
![Page 35: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/35.jpg)
SRV
• Service Resource Record• Define a service for a domain and the server that serve this
service
• Syntax:• _service._protocol IN SRV PRI WEIGHT PORT record
• Mostly for xmpp communications,• SIP (voip communications)• web service• mail service• ntp service• etc
(see last page for reference)
![Page 36: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/36.jpg)
some examples:
• _http._tcp IN SRV 10 5 80 www.tickethour.gr.
• _autodiscover._tcp IN SRV 10 0 443 mail.yellowpages.gr.
• _ntp._udp IN SRV 10 0 123 creta.logifer.gr.
• _xmpp-server._tcp IN SRV 5 0 5269 xmpp-server.l.google.com.
• _sip._tcp IN SRV 10 0 5061 sip.logifer.gr.
![Page 37: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/37.jpg)
PTR
• dig +trace -x 185.4.135.249
• A.IN-ADDR-SERVERS.ARPA (operated by ARIN)• B.IN-ADDR-SERVERS.ARPA (operated by ICANN)• C.IN-ADDR-SERVERS.ARPA (operated by AfriNIC)• D.IN-ADDR-SERVERS.ARPA (operated by LACNIC)• E.IN-ADDR-SERVERS.ARPA (operated by APNIC)• F.IN-ADDR-SERVERS.ARPA (operated by RIPE NCC)
![Page 38: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/38.jpg)
reverse zone
> dig 135.4.185.in-addr.arpa. +trace
135.4.185.in-addr.arpa.172800 IN NSdns2.papaki.gr.135.4.185.in-addr.arpa.172800 IN NSdns1.papaki.gr.
https://apps.db.ripe.net/search/query.html?searchtext=135.4.185.in-addr.arpa
![Page 39: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/39.jpg)
subdomains• www.cs.teiath.gr.
• HOST DOMAIN• www.cs teiath.gr (not subdomain)• www cs.teiath.gr (subdomain, lets check it)
• > dig A www.cs.teiath.gr +short• 195.130.109.88
• > dig NS cs.teiath.gr +short• athena.teiath.gr.• hermes.teiath.gr.
![Page 40: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/40.jpg)
DNS Ports
UDP port 53 (stateless)TCP port 53 (statefull)
default udp, transform to tcp when >512bytes
![Page 41: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/41.jpg)
Zone transfer
• Transfer zone from authoritave name server to slave name servers.
• That makes dns a distribute service
• Authoritave name servers MUST open their firewall for UDP and TCP protocols on UDP/TCP port 53
![Page 42: dns.workshop.hsgr](https://reader036.fdocuments.in/reader036/viewer/2022081403/554d6058b4c90578428b4c9a/html5/thumbnails/42.jpg)
Useful links• http://www.zytrax.com/books/dns/• http://www.internic.net/domain/named.root• http://www.iana.org/domains/root/db• http://www.kloth.net/services/dig.php• http://www.iana.org/• http://www.ripe.net/• http://www.openspf.org/● http://www.gr-ix.gr/services/statistics/