SlideShare a Scribd company logo

Introduction to DNS

Download as PPTX, PDF
M
MifrazMurthaja

A brief introduction to DNS

Software
1 of 39
DNS DOMAIN NAME SYSTEM
Content Layout • Registration Records • Introduction to DNS • DNS RecordTypes
Content Layout • WHOIS Info Registration Records • DNS queries and responses • DNS zone transfers • Structure, Interpretation and analysis of DNS records Introduction to DNS • SOA MX TXT • A NS PTR • HINFO CNAME DNS Record Types
Registration Records WHOIS INFO
 WHOIS Sites • https://www.whois.com • https://whois.arin.net • https://www.ultratools.com/tools/ipWhoisLookupResult • https://dig.whois.com.au • https://www.whatismyip.com/ip-whois-lookup/
Sample Output
 Domain Details • Registrant Person or organization who owns the domain • Registrar The company that keeps the domain registration or record • Domain/ Name Servers Servers which maintains a directory of domain names and their matching IP addresses.
 Network Details • NetRange/ IP Network Block IP range that belongs/ allocated to OrgName • CIDR/ IP Network Classless Inter-Domain Routing (Sub netting) - Another way to express NetRange • NetName The registered network name for the IP addresses • NetHandle/ Handle A unique name that identify the network • Parent Net Handle of the parent network A parent is an organization that has been allocated address space from RIR or another ISP, with the intention of sub-delegating that space.
 Network Details • NetType Type of IP Addresses assignment. It can be, Direct Assignment - IP addresses are registered to an organization for use within the Internet infrastructure it operates, not for sub-delegation of those addresses. Reallocated - Allocated to an organization for use in their internal networks or for further sub-delegation. Reassigned - Assigned to an organization from a parent organization for use in their internal networks. • Class-Name The type of information to which the record belongs. (ex: network) • Auth-Area The name of the authority area to which the network belongs • ID The identifier of the network. It consists of Net Handle and Authority-Area name.
Introduction to DNS Domain Name System DNS Server Facebook Server (IP:31.13.78.35) User with Web Browser
 Domain Name • Types ofTLDs • gTLD – GenericTLD (.biz, .com) • ccTLD – Country CodeTLD (.lk, .uk)
 URL – Uniform Resource Locator
 FQDN – Fully Qualified Domain Name • Complete domain name for a specific computer or host on the Internet • FQDN = Host Name + Domain Name • Examples • FQDN for a Mail Server : mymail.somecollege.edu • Hostname : mymail • Domain : somecollege.edu • FQDN on theWeb : www.google.com • Hostname : www • Domain : google.com
 DNS – Queries and Responses Query Response DNS Server Client
 DNS Queries Queries Forward Lookups Iterative Query Recursive Query Reverse Lookups Reverse/ Inverse Query
1. Iterative Query • DNS server returns the best answer which it can to the client • The response can be • The requested resolved name • A referral to a different DNS server that could provide the information which the client requested
2. Recursive Query • The response can be • The IP address of the host name that was requested • An error message -The host name or domain does not exist 6 5 4 3 7
3. Inverse Query • The DNS resolver sends a request to a DNS server to resolve the host name associated with a known IP address • Only a thorough search of all domains would provide the correct answer
 DNS Responses Responses Positive answer Authoritative answer Non Authoritative answer Referral answer Negative answer NXDOMAIN NODATA
1. Positive Answer 1. Authoritative answer Reply was received from a DNS server that has direct authority for the name queried in the message (One of the name servers in the list for the domain you did a lookup on) 2. Non Authoritative answer Reply was received from a DNS server that is not directly authoritative for the name queried in the message (A name server not in the list for the domain you did a lookup on) 3. Referral answer A referral response is returned if the DNS server does not support recursion. A referral contains additional resource records for resolving the request.
2. Negative Answer 1. NXDOMAIN – Non-Existent Domain There are no records, of any DNS type, for the requested domain name. 2. NODATA There are records for the requested domain name, but none of them match the record type in your request
DNS Response Codes • NOERROR no error • FORMERR format error • SERVFAIL server failure • NXDOMAIN name error • YXDOMAIN domain name should not exist • YXRRSET resource record set should not exist • NOTAUTH not authoritative for zone • BADVERS bad extension mechanism for version • REFUSED connection refused • NOTIMPL not implemented • NXRRSET rrset does not exist • NOTZONE name not in zone • BADSIG bad signature • BADKEY bad key • BADTIME bad timestamp
dig DNS Response - Header • OPCODE • 0 – Query • 1 – IQUERY (Inverse Query) • 2 – STATUS • RCODE – Response Code (Status) • Flags • qr – Query (0) or Response (1) • aa – authoritative answer (Valid in response) • tc – truncated • rd – recursion desired (set in query - copied to response) • ra – recursion available (set in response)
dig DNS Response – Answer Section 1. NAME Domain Name 2. TTL TimeTo Live in Seconds (Record only lasts for 59 seconds) Set by domain administrator – Hence some resolvers do not respect theTTL 3. CLASS DNS Record Class (IN – Internet, CH – Chaosnet, HS – Hesoid, etc) 4. TYPE DNS RecordType (Discussed Later) 5. RDATA Response Data – IPV4 address for A type record Ref:http://www.ietf.org/rfc/rfc1035.txt NAME TTL TYPE CLASS RDATA
 DNS – Zone Transfers • DNS Zone transfer - DNS server passes a copy of part of it's database (which is called a "zone") to another DNS server • More than one DNS server able to answer queries about a particular zone • There is a Master DNS server, and one or more Slave DNS servers, and the slaves ask the master for a copy of the records for that zone • A basic DNS ZoneTransfer Attack: you just pretend you are a slave and ask the master for a copy of the zone records. And it sends you them Prevent: Tell the master what the IP addresses of the slaves are and not to transfer to anyone else Sign the transfers (TSIG – Extension to the DNS protocol where a cryptographic signature is added to DNS packets)
 DNS – Zone Transfers Cont.. • The zone serial number increments when the zone receives an update • Zone transfers are automatically triggered when the zone serial number increments • AXFR – Entire zone file is copied • IXFR – Only the records that were changed are sent ZoneTransfers FullTransfer AXFR Incremental Transfer IXFR
 Structure, interpretation and analysis of DNS records • DNS – Bind Server Implementation
DNS Records Types
1. A Record • A Record – Address Record • Basic type of DNS record • Maps a FQDN to an IPv4 address • Value: IP v4 address • It is possible to add more than one record to any sub-domain Hostname IP address test.example.com 127.0.0.1 test.example.com 127.0.0.2 name ttl class type value(ipv4) abc.com. 1 IN A 192.168.1.21
2. AAAA Record • Maps a FQDN to an IPv6 address • Value: IP v6 address name ttl class type value(ipv6) abc.com. IN AAAA 2600:1800:5::10
3. CNAME Record • CNAME – Canonical Name • Maps a FQDN to another FQDN • Value: FQDN/ Unqualified Name • CNAME is not a redirect. It will point the CNAME record to the IP listed at the original record • A CNAME must always be a sub-domain record name ttl class type value(fqdn/host) joe.example.com. IN A 192.168.10.5 mail.abc.com. IN CNAME joe.example.com. $ORIGIN example.com. joe IN A 192.168.10.5 mail IN CNAME joe.example.com.
4. SAO Record • SOA – Start ofAuthority • SOA records are part of the DNS infrastructure.They are generated automatically and are not editable. • SOA record is the Information stored in a DNS zone about that zone • A DNS zone is the part of a domain for which an individual DNS server is responsible • Each zone contains a single SOA record. • SOA Records stores the following information about a zone • Administrator of the zone • Current version of the data file • Default number of seconds for theTime to Live (TTL) file on resource records example.com. IN SOA ns.example.com. admin.example.com. ( 2003080800 ; sn = serial number 172800 ; ref = refresh = 2d 900 ; ret = update retry = 15m 1209600 ; ex = expiry = 2w 3600 ; nx = nxdomain ttl = 1h )
5. MX Record • MX – Mail Exchange • Maps an email domain to a FQDN of a mail server • Value: FQDN/ Unqualified Name • For email (SMTP) traffic • An MX record cannot map to a FQDN that is mapped to another FQDN using a CNAME record name ttl class type pref value(fqdn/ host) example.com. 3w IN MX 10 mail.example.com. mail.example.com. IN A 192.168.1.25
6. TXT Record • Used often with other protocols or systems Ex: • Sender Policy Framework (SPF), Domain Keys (DK) • Holds free form text of any type Ex: • To validate the owner of a domain, they ask the owner to create aTXT record with some information in it. It is then checked, and if the correct record is found, the domain owner can be verified. name ttl class type value(text) egs IN TXT “Cyber Security"
7. NS Record • NS – Name Server • Maps a subdomain to a FQDN of a name server • Value: FQDN/ Host name ttl class type value(fqdn/ host) IN NS ns1.example.com. ns1.example.com. IN A 192.168.100.20
8. PTR Record • PTR – Pointer • Map a network interface (IP) to a host name • Value: FQDN • These are primarily used for reverse DNS • An A record should exist for every PTR record • The PTR records are must have for outgoing mail servers Most of the mail providers reject or mark as spam messages received by mail servers without valid reverse DNS configuration (missing PTR or mismatch A record for the hostname) name ttl class type value(fqdn) 15 IN PTR mail.example.com.
8. PTR Record Cont.. • Ex 1: 192.168.100.0/24 Block • Mail Server : 192.168.100.30 • Zone : 100.168.192.in-addr.arpa • Entry : 30.100.168.192.in-addr.arpa • Ex 2: 10.128.0.0/16 Block • Mail Server : 10.128.0.15 • Zone : 128.10.in-addr.arpa • Entry : 15.0.128.10.in-addr.arpa name ttl class type value(fqdn) 30 IN PTR mail.example.com. name ttl class type value(fqdn) 15.0 IN PTR mail.example.com.
9. HINFO Record • HINFO – Host Information • Allows definition of the Hardware type and Operating System in use at a host • For security reasons these records are rarely used on public servers name ttl class rr Hardware OS IN HINFO PC-Intel-700mhz "Redhat Linux 7.1"
THE END ThankYou!

Recommended

Dns
DnsDns
Dnsjulien pauli
 
Build Dynamic DNS server from scratch in C (Part1)
Build Dynamic DNS server from scratch in C (Part1)Build Dynamic DNS server from scratch in C (Part1)
Build Dynamic DNS server from scratch in C (Part1)Yen-Kuan Wu
 
Domain Name System (DNS) - Domain Registration and Website Hosting Basics
Domain Name System (DNS) - Domain Registration and Website Hosting BasicsDomain Name System (DNS) - Domain Registration and Website Hosting Basics
Domain Name System (DNS) - Domain Registration and Website Hosting BasicsAsif Shahzad
 
The History of DNS
The History of DNSThe History of DNS
The History of DNSMichael McLean
 
Dns
DnsDns
Dnsdeshvikas
 
Dns
DnsDns
DnsPatruni Chidananda Sastry
 
Introduction to DNS
Introduction to DNSIntroduction to DNS
Introduction to DNSJonathan Oxer
 
Dns
DnsDns
DnsSanoj Kumar
 

Recommended

Dns
DnsDns
Dnsjulien pauli
 
Build Dynamic DNS server from scratch in C (Part1)
Build Dynamic DNS server from scratch in C (Part1)Build Dynamic DNS server from scratch in C (Part1)
Build Dynamic DNS server from scratch in C (Part1)Yen-Kuan Wu
 
Domain Name System (DNS) - Domain Registration and Website Hosting Basics
Domain Name System (DNS) - Domain Registration and Website Hosting BasicsDomain Name System (DNS) - Domain Registration and Website Hosting Basics
Domain Name System (DNS) - Domain Registration and Website Hosting BasicsAsif Shahzad
 
The History of DNS
The History of DNSThe History of DNS
The History of DNSMichael McLean
 
Dns
DnsDns
Dnsdeshvikas
 
Dns
DnsDns
DnsPatruni Chidananda Sastry
 
Introduction to DNS
Introduction to DNSIntroduction to DNS
Introduction to DNSJonathan Oxer
 
Dns
DnsDns
DnsSanoj Kumar
 
Domain name system
Domain name systemDomain name system
Domain name systemVivek Gautam
 
Lets talk dns
Lets talk dnsLets talk dns
Lets talk dnsAbhinav Mehta
 
main
mainmain
mainOmar Faruk Sazib
 
Dns ppt
Dns pptDns ppt
Dns pptBizuworkk Jemaneh
 
1 technical-dns-workshop-day1
1 technical-dns-workshop-day11 technical-dns-workshop-day1
1 technical-dns-workshop-day1DNS Entrepreneurship Center
 
DNS Attacks
DNS AttacksDNS Attacks
DNS AttacksHimanshu Prabhakar
 
Domain Name System (DNS)
Domain Name System (DNS)Domain Name System (DNS)
Domain Name System (DNS)Venkatesh Jambulingam
 
Dns protocol design attacks and security
Dns protocol design attacks and securityDns protocol design attacks and security
Dns protocol design attacks and securityMichael Earls
 
CNIT 40: 2: DNS Protocol and Architecture
CNIT 40: 2: DNS Protocol and ArchitectureCNIT 40: 2: DNS Protocol and Architecture
CNIT 40: 2: DNS Protocol and ArchitectureSam Bowne
 
8 technical-dns-workshop-day4
8 technical-dns-workshop-day48 technical-dns-workshop-day4
8 technical-dns-workshop-day4DNS Entrepreneurship Center
 
7 technical-dns-workshop-day3
7 technical-dns-workshop-day37 technical-dns-workshop-day3
7 technical-dns-workshop-day3DNS Entrepreneurship Center
 
Domain Name System Explained
Domain Name System Explained Domain Name System Explained
Domain Name System Explained HTS Hosting
 
Domain name system
Domain name systemDomain name system
Domain name systemRahul Baghla
 
CNIT 40: 4: Monitoring and detecting security breaches
CNIT 40: 4: Monitoring and detecting security breachesCNIT 40: 4: Monitoring and detecting security breaches
CNIT 40: 4: Monitoring and detecting security breachesSam Bowne
 
domain network services (dns)
domain network services (dns) domain network services (dns)
domain network services (dns)Vikas Jagtap
 
Domain name service
Domain name serviceDomain name service
Domain name serviceishapadhy
 
2 technical-dns-workshop-day1
2 technical-dns-workshop-day12 technical-dns-workshop-day1
2 technical-dns-workshop-day1DNS Entrepreneurship Center
 
4 technical-dns-workshop-day2
4 technical-dns-workshop-day24 technical-dns-workshop-day2
4 technical-dns-workshop-day2DNS Entrepreneurship Center
 
Domain Name Server
Domain Name ServerDomain Name Server
Domain Name Servervipulvaid
 
Dns
DnsDns
Dnshoangdinhhanh88
 
Presentation on Domain Name System
Presentation on Domain Name SystemPresentation on Domain Name System
Presentation on Domain Name SystemChinmay Joshi
 
Computer Networks Module 1 - part 2.pdf
Computer Networks Module 1 - part 2.pdfComputer Networks Module 1 - part 2.pdf
Computer Networks Module 1 - part 2.pdfShanthalaKV
 

More Related Content

What's hot

Domain name system
Domain name systemDomain name system
Domain name systemVivek Gautam
 
Dns protocol design attacks and security
Dns protocol design attacks and securityDns protocol design attacks and security
Dns protocol design attacks and securityMichael Earls
 
CNIT 40: 2: DNS Protocol and Architecture
CNIT 40: 2: DNS Protocol and ArchitectureCNIT 40: 2: DNS Protocol and Architecture
CNIT 40: 2: DNS Protocol and ArchitectureSam Bowne
 
Domain Name System Explained
Domain Name System Explained Domain Name System Explained
Domain Name System Explained HTS Hosting
 
Domain name system
Domain name systemDomain name system
Domain name systemRahul Baghla
 
CNIT 40: 4: Monitoring and detecting security breaches
CNIT 40: 4: Monitoring and detecting security breachesCNIT 40: 4: Monitoring and detecting security breaches
CNIT 40: 4: Monitoring and detecting security breachesSam Bowne
 
domain network services (dns)
domain network services (dns) domain network services (dns)
domain network services (dns)Vikas Jagtap
 
Domain name service
Domain name serviceDomain name service
Domain name serviceishapadhy
 
Domain Name Server
Domain Name ServerDomain Name Server
Domain Name Servervipulvaid
 

What's hot (20)

Domain name system
Domain name systemDomain name system
Domain name system
 
Lets talk dns
Lets talk dnsLets talk dns
Lets talk dns
 
main
mainmain
main
 
Dns ppt
Dns pptDns ppt
Dns ppt
 
1 technical-dns-workshop-day1
1 technical-dns-workshop-day11 technical-dns-workshop-day1
1 technical-dns-workshop-day1
 
DNS Attacks
DNS AttacksDNS Attacks
DNS Attacks
 
Domain Name System (DNS)
Domain Name System (DNS)Domain Name System (DNS)
Domain Name System (DNS)
 
Dns protocol design attacks and security
Dns protocol design attacks and securityDns protocol design attacks and security
Dns protocol design attacks and security
 
CNIT 40: 2: DNS Protocol and Architecture
CNIT 40: 2: DNS Protocol and ArchitectureCNIT 40: 2: DNS Protocol and Architecture
CNIT 40: 2: DNS Protocol and Architecture
 
8 technical-dns-workshop-day4
8 technical-dns-workshop-day48 technical-dns-workshop-day4
8 technical-dns-workshop-day4
 
7 technical-dns-workshop-day3
7 technical-dns-workshop-day37 technical-dns-workshop-day3
7 technical-dns-workshop-day3
 
Domain Name System Explained
Domain Name System Explained Domain Name System Explained
Domain Name System Explained
 
Domain name system
Domain name systemDomain name system
Domain name system
 
CNIT 40: 4: Monitoring and detecting security breaches
CNIT 40: 4: Monitoring and detecting security breachesCNIT 40: 4: Monitoring and detecting security breaches
CNIT 40: 4: Monitoring and detecting security breaches
 
domain network services (dns)
domain network services (dns) domain network services (dns)
domain network services (dns)
 
Domain name service
Domain name serviceDomain name service
Domain name service
 
2 technical-dns-workshop-day1
2 technical-dns-workshop-day12 technical-dns-workshop-day1
2 technical-dns-workshop-day1
 
4 technical-dns-workshop-day2
4 technical-dns-workshop-day24 technical-dns-workshop-day2
4 technical-dns-workshop-day2
 
Domain Name Server
Domain Name ServerDomain Name Server
Domain Name Server
 
Dns
DnsDns
Dns
 

Similar to Introduction to DNS

Presentation on Domain Name System
Presentation on Domain Name SystemPresentation on Domain Name System
Presentation on Domain Name SystemChinmay Joshi
 
Computer Networks Module 1 - part 2.pdf
Computer Networks Module 1 - part 2.pdfComputer Networks Module 1 - part 2.pdf
Computer Networks Module 1 - part 2.pdfShanthalaKV
 
DNS Security
DNS SecurityDNS Security
DNS Securityinbroker
 
Domain name system advanced power point presentation
Domain name system advanced power point presentationDomain name system advanced power point presentation
Domain name system advanced power point presentationrituchouhan1508
 
DNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul IslamDNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul IslamMyNOG
 
Domain Name System (DNS) Fundamentals
Domain Name System (DNS) FundamentalsDomain Name System (DNS) Fundamentals
Domain Name System (DNS) FundamentalsWebSniffer
 
DNS - Domain Name System
DNS - Domain Name SystemDNS - Domain Name System
DNS - Domain Name SystemPeter R. Egli
 
Chapter4 configuringandmanagingthednsserverrole-140520003253-phpapp01
Chapter4 configuringandmanagingthednsserverrole-140520003253-phpapp01Chapter4 configuringandmanagingthednsserverrole-140520003253-phpapp01
Chapter4 configuringandmanagingthednsserverrole-140520003253-phpapp01velimamedov
 
CNIT 40: 4: Monitoring and detecting security breaches
CNIT 40: 4: Monitoring and detecting security breachesCNIT 40: 4: Monitoring and detecting security breaches
CNIT 40: 4: Monitoring and detecting security breachesSam Bowne
 
DNSandDNSSecurity (1).pptx
DNSandDNSSecurity (1).pptxDNSandDNSSecurity (1).pptx
DNSandDNSSecurity (1).pptxAisha Siddiqui
 

Similar to Introduction to DNS (20)

Presentation on Domain Name System
Presentation on Domain Name SystemPresentation on Domain Name System
Presentation on Domain Name System
 
Computer Networks Module 1 - part 2.pdf
Computer Networks Module 1 - part 2.pdfComputer Networks Module 1 - part 2.pdf
Computer Networks Module 1 - part 2.pdf
 
Dn sonly
Dn sonlyDn sonly
Dn sonly
 
DNS Security
DNS SecurityDNS Security
DNS Security
 
Domain name system advanced power point presentation
Domain name system advanced power point presentationDomain name system advanced power point presentation
Domain name system advanced power point presentation
 
ppt.pptx
ppt.pptxppt.pptx
ppt.pptx
 
DNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul IslamDNS/DNSSEC by Nurul Islam
DNS/DNSSEC by Nurul Islam
 
Domain Name System (DNS) Fundamentals
Domain Name System (DNS) FundamentalsDomain Name System (DNS) Fundamentals
Domain Name System (DNS) Fundamentals
 
DNS - Domain Name System
DNS - Domain Name SystemDNS - Domain Name System
DNS - Domain Name System
 
Intro to DNS
Intro to DNSIntro to DNS
Intro to DNS
 
DNS Presentation
DNS PresentationDNS Presentation
DNS Presentation
 
DNS Record
DNS RecordDNS Record
DNS Record
 
08Mapping.ppt
08Mapping.ppt08Mapping.ppt
08Mapping.ppt
 
Chapter4 configuringandmanagingthednsserverrole-140520003253-phpapp01
Chapter4 configuringandmanagingthednsserverrole-140520003253-phpapp01Chapter4 configuringandmanagingthednsserverrole-140520003253-phpapp01
Chapter4 configuringandmanagingthednsserverrole-140520003253-phpapp01
 
DNS_Presentation.pptx
DNS_Presentation.pptxDNS_Presentation.pptx
DNS_Presentation.pptx
 
2_Chapter 2_DNS.pptx
2_Chapter 2_DNS.pptx2_Chapter 2_DNS.pptx
2_Chapter 2_DNS.pptx
 
CNIT 40: 4: Monitoring and detecting security breaches
CNIT 40: 4: Monitoring and detecting security breachesCNIT 40: 4: Monitoring and detecting security breaches
CNIT 40: 4: Monitoring and detecting security breaches
 
Dns
DnsDns
Dns
 
DNSandDNSSecurity (1).pptx
DNSandDNSSecurity (1).pptxDNSandDNSSecurity (1).pptx
DNSandDNSSecurity (1).pptx
 
Understanding DNS Security
Understanding DNS SecurityUnderstanding DNS Security
Understanding DNS Security
 

Recently uploaded

Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfPower Karaoke
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 

Recently uploaded (20)

Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdf
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 

Introduction to DNS

  • 2. Content Layout • Registration Records • Introduction to DNS • DNS RecordTypes
  • 3. Content Layout • WHOIS Info Registration Records • DNS queries and responses • DNS zone transfers • Structure, Interpretation and analysis of DNS records Introduction to DNS • SOA MX TXT • A NS PTR • HINFO CNAME DNS Record Types
  • 5.  WHOIS Sites • https://www.whois.com • https://whois.arin.net • https://www.ultratools.com/tools/ipWhoisLookupResult • https://dig.whois.com.au • https://www.whatismyip.com/ip-whois-lookup/
  • 7.  Domain Details • Registrant Person or organization who owns the domain • Registrar The company that keeps the domain registration or record • Domain/ Name Servers Servers which maintains a directory of domain names and their matching IP addresses.
  • 8.  Network Details • NetRange/ IP Network Block IP range that belongs/ allocated to OrgName • CIDR/ IP Network Classless Inter-Domain Routing (Sub netting) - Another way to express NetRange • NetName The registered network name for the IP addresses • NetHandle/ Handle A unique name that identify the network • Parent Net Handle of the parent network A parent is an organization that has been allocated address space from RIR or another ISP, with the intention of sub-delegating that space.
  • 9.  Network Details • NetType Type of IP Addresses assignment. It can be, Direct Assignment - IP addresses are registered to an organization for use within the Internet infrastructure it operates, not for sub-delegation of those addresses. Reallocated - Allocated to an organization for use in their internal networks or for further sub-delegation. Reassigned - Assigned to an organization from a parent organization for use in their internal networks. • Class-Name The type of information to which the record belongs. (ex: network) • Auth-Area The name of the authority area to which the network belongs • ID The identifier of the network. It consists of Net Handle and Authority-Area name.
  • 10. Introduction to DNS Domain Name System DNS Server Facebook Server (IP:31.13.78.35) User with Web Browser
  • 11.  Domain Name • Types ofTLDs • gTLD – GenericTLD (.biz, .com) • ccTLD – Country CodeTLD (.lk, .uk)
  • 12.  URL – Uniform Resource Locator
  • 13.  FQDN – Fully Qualified Domain Name • Complete domain name for a specific computer or host on the Internet • FQDN = Host Name + Domain Name • Examples • FQDN for a Mail Server : mymail.somecollege.edu • Hostname : mymail • Domain : somecollege.edu • FQDN on theWeb : www.google.com • Hostname : www • Domain : google.com
  • 14.  DNS – Queries and Responses Query Response DNS Server Client
  • 16. 1. Iterative Query • DNS server returns the best answer which it can to the client • The response can be • The requested resolved name • A referral to a different DNS server that could provide the information which the client requested
  • 17. 2. Recursive Query • The response can be • The IP address of the host name that was requested • An error message -The host name or domain does not exist 6 5 4 3 7
  • 18. 3. Inverse Query • The DNS resolver sends a request to a DNS server to resolve the host name associated with a known IP address • Only a thorough search of all domains would provide the correct answer
  • 20. 1. Positive Answer 1. Authoritative answer Reply was received from a DNS server that has direct authority for the name queried in the message (One of the name servers in the list for the domain you did a lookup on) 2. Non Authoritative answer Reply was received from a DNS server that is not directly authoritative for the name queried in the message (A name server not in the list for the domain you did a lookup on) 3. Referral answer A referral response is returned if the DNS server does not support recursion. A referral contains additional resource records for resolving the request.
  • 21. 2. Negative Answer 1. NXDOMAIN – Non-Existent Domain There are no records, of any DNS type, for the requested domain name. 2. NODATA There are records for the requested domain name, but none of them match the record type in your request
  • 22. DNS Response Codes • NOERROR no error • FORMERR format error • SERVFAIL server failure • NXDOMAIN name error • YXDOMAIN domain name should not exist • YXRRSET resource record set should not exist • NOTAUTH not authoritative for zone • BADVERS bad extension mechanism for version • REFUSED connection refused • NOTIMPL not implemented • NXRRSET rrset does not exist • NOTZONE name not in zone • BADSIG bad signature • BADKEY bad key • BADTIME bad timestamp
  • 23. dig DNS Response - Header • OPCODE • 0 – Query • 1 – IQUERY (Inverse Query) • 2 – STATUS • RCODE – Response Code (Status) • Flags • qr – Query (0) or Response (1) • aa – authoritative answer (Valid in response) • tc – truncated • rd – recursion desired (set in query - copied to response) • ra – recursion available (set in response)
  • 24. dig DNS Response – Answer Section 1. NAME Domain Name 2. TTL TimeTo Live in Seconds (Record only lasts for 59 seconds) Set by domain administrator – Hence some resolvers do not respect theTTL 3. CLASS DNS Record Class (IN – Internet, CH – Chaosnet, HS – Hesoid, etc) 4. TYPE DNS RecordType (Discussed Later) 5. RDATA Response Data – IPV4 address for A type record Ref:http://www.ietf.org/rfc/rfc1035.txt NAME TTL TYPE CLASS RDATA
  • 25.  DNS – Zone Transfers • DNS Zone transfer - DNS server passes a copy of part of it's database (which is called a "zone") to another DNS server • More than one DNS server able to answer queries about a particular zone • There is a Master DNS server, and one or more Slave DNS servers, and the slaves ask the master for a copy of the records for that zone • A basic DNS ZoneTransfer Attack: you just pretend you are a slave and ask the master for a copy of the zone records. And it sends you them Prevent: Tell the master what the IP addresses of the slaves are and not to transfer to anyone else Sign the transfers (TSIG – Extension to the DNS protocol where a cryptographic signature is added to DNS packets)
  • 26.  DNS – Zone Transfers Cont.. • The zone serial number increments when the zone receives an update • Zone transfers are automatically triggered when the zone serial number increments • AXFR – Entire zone file is copied • IXFR – Only the records that were changed are sent ZoneTransfers FullTransfer AXFR Incremental Transfer IXFR
  • 27.  Structure, interpretation and analysis of DNS records • DNS – Bind Server Implementation
  • 29. 1. A Record • A Record – Address Record • Basic type of DNS record • Maps a FQDN to an IPv4 address • Value: IP v4 address • It is possible to add more than one record to any sub-domain Hostname IP address test.example.com 127.0.0.1 test.example.com 127.0.0.2 name ttl class type value(ipv4) abc.com. 1 IN A 192.168.1.21
  • 30. 2. AAAA Record • Maps a FQDN to an IPv6 address • Value: IP v6 address name ttl class type value(ipv6) abc.com. IN AAAA 2600:1800:5::10
  • 31. 3. CNAME Record • CNAME – Canonical Name • Maps a FQDN to another FQDN • Value: FQDN/ Unqualified Name • CNAME is not a redirect. It will point the CNAME record to the IP listed at the original record • A CNAME must always be a sub-domain record name ttl class type value(fqdn/host) joe.example.com. IN A 192.168.10.5 mail.abc.com. IN CNAME joe.example.com. $ORIGIN example.com. joe IN A 192.168.10.5 mail IN CNAME joe.example.com.
  • 32. 4. SAO Record • SOA – Start ofAuthority • SOA records are part of the DNS infrastructure.They are generated automatically and are not editable. • SOA record is the Information stored in a DNS zone about that zone • A DNS zone is the part of a domain for which an individual DNS server is responsible • Each zone contains a single SOA record. • SOA Records stores the following information about a zone • Administrator of the zone • Current version of the data file • Default number of seconds for theTime to Live (TTL) file on resource records example.com. IN SOA ns.example.com. admin.example.com. ( 2003080800 ; sn = serial number 172800 ; ref = refresh = 2d 900 ; ret = update retry = 15m 1209600 ; ex = expiry = 2w 3600 ; nx = nxdomain ttl = 1h )
  • 33. 5. MX Record • MX – Mail Exchange • Maps an email domain to a FQDN of a mail server • Value: FQDN/ Unqualified Name • For email (SMTP) traffic • An MX record cannot map to a FQDN that is mapped to another FQDN using a CNAME record name ttl class type pref value(fqdn/ host) example.com. 3w IN MX 10 mail.example.com. mail.example.com. IN A 192.168.1.25
  • 34. 6. TXT Record • Used often with other protocols or systems Ex: • Sender Policy Framework (SPF), Domain Keys (DK) • Holds free form text of any type Ex: • To validate the owner of a domain, they ask the owner to create aTXT record with some information in it. It is then checked, and if the correct record is found, the domain owner can be verified. name ttl class type value(text) egs IN TXT “Cyber Security"
  • 35. 7. NS Record • NS – Name Server • Maps a subdomain to a FQDN of a name server • Value: FQDN/ Host name ttl class type value(fqdn/ host) IN NS ns1.example.com. ns1.example.com. IN A 192.168.100.20
  • 36. 8. PTR Record • PTR – Pointer • Map a network interface (IP) to a host name • Value: FQDN • These are primarily used for reverse DNS • An A record should exist for every PTR record • The PTR records are must have for outgoing mail servers Most of the mail providers reject or mark as spam messages received by mail servers without valid reverse DNS configuration (missing PTR or mismatch A record for the hostname) name ttl class type value(fqdn) 15 IN PTR mail.example.com.
  • 37. 8. PTR Record Cont.. • Ex 1: 192.168.100.0/24 Block • Mail Server : 192.168.100.30 • Zone : 100.168.192.in-addr.arpa • Entry : 30.100.168.192.in-addr.arpa • Ex 2: 10.128.0.0/16 Block • Mail Server : 10.128.0.15 • Zone : 128.10.in-addr.arpa • Entry : 15.0.128.10.in-addr.arpa name ttl class type value(fqdn) 30 IN PTR mail.example.com. name ttl class type value(fqdn) 15.0 IN PTR mail.example.com.
  • 38. 9. HINFO Record • HINFO – Host Information • Allows definition of the Hardware type and Operating System in use at a host • For security reasons these records are rarely used on public servers name ttl class rr Hardware OS IN HINFO PC-Intel-700mhz "Redhat Linux 7.1"