OPS535 Lab 5. Dynamic DNS. RFC 2136 Dynamic Updates in the Domain Name System (DNS UPDATE)
|
|
- Spencer Ferguson
- 5 years ago
- Views:
Transcription
1 OPS535 Lab 5 Dynamic DNS Overview In this lab, you add a forward lookup zone and a reverse lookup zone to your primary DNS server and configure both zones to support dynamic updates. Dynamic DNS zone accepts updates from the command line utility nsupdate. This lab does not configure the DNS server to use secure channel for the updates. Prerequisite Complete DNS lab Reference BIND 9 Administrator Reference Manual RFC 2136 Dynamic Updates in the Domain Name System (DNS UPDATE) Man page of nsupdate (BIND 9.9) Tasks Add a new zone ddns.net to your primary DNS's /etc/named.conf and configure this zone to allow updates. Add a new zone in-addr.arpa to your primary DNS's /etc/named.conf and configure this zone to allow updates. Create the initial zone files for the ddns.net and in-addr.arpa zones. Perform dynamic DNS updates using the nsupdate command. Preparation/Background Information You must have your primary DNS server for your registered domain (e.g. ops535.net) and your
2 assigned network ( x.0/24) up and running. Your primary DNS server IP address should be x.53. In this lab, the new hosts that we are going to added to the ddns.net zone are all in the /16 network. Part 1 Add 2 new zones to your Primary DNS server 1. The following example assume that the Primary DNS server is already authoritative for the zone cp.net and in-addr.arpa. 2. Edit the main BIND configuration file /etc/named.conf to be the authoritative for the two new zones ddns.net and in-addr.arpa. Part 2 Update /etc/named.conf to allow DNS update The zone file for the new zone ddns.net is zone-ddns.net and the zone file for inaddr.arpa is zone rev. Edit the file /etc/named.conf (or /var/named/chroot/etc/named.conf if named is running under chroot). Here is the final contents: // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // // updated on Nov 10, 2015 to make it a primary dns server // for spr500.net // options { listen-on port 53 { ; ; listen-on-v6 port 53 { ::1; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion no; Created by: Raymond Chan Page 2 of 12
3 dnssec-enable no; dnssec-validation no; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; logging { channel default_debug { file "data/named.run"; severity dynamic; zone "cp.net" IN { type master; file "zone-cp.net"; zone "ddns.net" IN { type master; file "zone-ddns.net"; allow-update { localhost; zone " in-addr.arpa" { type master; file "zone rev"; zone " in-addr.arpa" { type master; file "zone rev"; allow-update { localhost; #include "/etc/named.rfc1912.zones"; #include "/etc/named.root.key"; Part 3 - Create the initial zone files for DNS updates Create the initial zone file zone-ddns.net and zone rev in the /var/named (or /var/named/chroot/var/named if BIND is running under chroot) directory. Both zone files are the same with the following contents: Created by: Raymond Chan Page 3 of 12
4 $TTL IN SOA pri.cp.net. root.cp.net. ( ; serial 1h ; refresh 15m ; retry 3d ; expire 10m) ; minimum IN NS pri.cp.net. Replace pri.cp.net with your Primary DNS server actual FQDN. Verify the file user owner, group owner, permission, and SELinux contexts: [root@localhost named]# ls -lz zone* -rw-r--r--. named named unconfined_u:object_r:named_zone_t:s0 zone rev -rw-r--r--. named named system_u:object_r:named_zone_t:s0 zone-ddns.net Please note that the SELinux context type for both zone files should be named_zone_t. If it is not, you can fixed it by the command chcon -t named_zone_t zone.ddns.net. Do the same for zone rev. The directory /var/named should be writable by named as shown below: [root@localhost named]# ls -ld /var/named drwxrwx root named 4096 Nov 10 23:18 /var/named Start the named service ( service named restart or systemctl restart named.service ). If it does not complain, go to part 4, otherwise check the system log file /var/log/messages for error messages. In addition to the debugging messages you may find in the system log file, you can also use the two utilities named-checkconf and named-checkzone to check for typos or syntax errors in named.conf or your zone files. Please consult the man page for named-checkconf and named-checkzone for details. Part 4 Perform dynamic DNS update with nsupdate Please study the man page for nsupdate before perform the following task. The following instruction assume the network number X is 99. Replace X with the network number assigned to you. If you have SELinux running in enforcing mode, you should check the SELinux runtime setting for named. Run the following command to get a list of SELinux boolean for named: [root@localhost named]# getsebool -a grep named named_tcp_bind_http_port --> off named_write_master_zones --> on Created by: Raymond Chan Page 4 of 12
5 If the named_write_master_zones is not on, named will not be able to create the journal file to update the master zone file. If named_write_master_zones is off, run the following command to turn it on for good: named]# setsebool -P named_write_master_zones on named]# The -P flag make the change permanent and will stay on after a system reboot. DNS Update 1: Add an A record using nsupdate. FQDN: myhost.ddns.net, IP: , TTL=300 seconds Running the following command on your Primary DNS server ( x.53): [root@localhost named]# nsupdate -d > server localhost > update add myhost.ddns.net 300 A > send Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: ;; flags: qr aa; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;myhost.ddns.net. IN SOA ;; AUTHORITY SECTION: ddns.net. 0 IN SOA pri.cp.net. root.cp.net Found zone name: ddns.net The master is: pri.cp.net Sending update to ::1#53 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 0 ;; UPDATE SECTION: myhost.ddns.net. 300 IN A Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; ZONE SECTION: ;ddns.net. IN SOA The above Reply from update query section indicate that the update was successful with a NOERROR status. All changes made to a zone using dynamic update are stored in the zone's journal file, in this case, the file will be in the /var/named directory and is called zone-ddns.net.jnl. This file is automatically Created by: Raymond Chan Page 5 of 12
6 created by the DNS server when the first dynamic update is received. Please note that the name of the journal file is formed by appending the extension.jnl to the name of the corresponding zone file. The journal file is in a binary format and can not be edited using a text editor. The server will occasionally write the updates found in the journal file to its zone file or when a server is restarted after a shutdown. Go to the /var/named directory and run the command to list the zone file and its journal file: [root@localhost named]# ls -l zone-ddns.net* -rw-r--r--. 1 named named 306 Nov 10 23:59 zone-ddns.net -rw-r--r--. 1 named named 697 Nov 10 23:47 zone-ddns.net.jnl Use the file command to check the content type of the zone file and its journal file: [root@localhost named]# file zone-ddns.net* zone-ddns.net: ASCII text zone-ddns.net.jnl: data You can cat the contents of zone-ddns.net [root@localhost named]# cat zone-ddns.net $ORIGIN. $TTL 300 ; 5 minutes ddns.net IN SOA pri.cp.net. root.cp.net. ( ; serial 3600 ; refresh (1 hour) 900 ; retry (15 minutes) ; expire (3 days) 600 ; minimum (10 minutes) ) NS pri.cp.net. $ORIGIN ddns.net. myhost A Compare and study the updated version and the original version of the zone-ddns.net file. Although you can not view the contents of the journal file using the cat command, the command line utility named-journalprint from the bind package can be used to print the contents of the journal file: [root@localhost named]# named-journalprint zone-ddns.net.jnl del ddns.net. 300 IN SOA pri.cp.net. root.cp.net add ddns.net. 300 IN SOA pri.cp.net. root.cp.net add myhost.ddns.net. 300 IN A Created by: Raymond Chan Page 6 of 12
7 DNS Update 2: Add an incorrect PTR record using nsupdate IP address: FQDN: myhost.ddns.net TTL: 7200 second Running the following command on your Primary DNS server ( x.53): named]# nsupdate -d > server > update add in-addr.arpa PTR myhost.ddns.net. > send Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: ;; flags: qr aa; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ; in-addr.arpa. IN SOA ;; AUTHORITY SECTION: in-addr.arpa. 0 IN SOA pri.cp.net. root.cp.net Found zone name: in-addr.arpa The master is: pri.cp.net Sending update to #53 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 0 ;; UPDATE SECTION: in-addr.arpa IN PTR myhost.ddns.net. Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; ZONE SECTION: ; in-addr.arpa. IN SOA Check the contents of the files zone rev and zone rev.jnl. Please note that the last octet of the IP address was missed type as 100 instead of 10. If the contents of the zone file zone rev didn't get updated, restart the named service. The contents of the zone rev' should be similar to: [root@localhost named]# cat zone rev $ORIGIN. $TTL 300 ; 5 minutes in-addr.arpa IN SOA pri.cp.net. root.cp.net. ( ; serial 3600 ; refresh (1 hour) 900 ; retry (15 minutes) ; expire (3 days) Created by: Raymond Chan Page 7 of 12
8 600 ; minimum (10 minutes) ) NS pri.cp.net. $ORIGIN in-addr.arpa. $TTL 7200 ; 2 hours PTR myhost.ddns.net. DNS Update 3: Delete a non-existence PTR record using nsupdate IP address: FQDN: myhost.ddns.net TTL: 7200 second [root@localhost named]# nsupdate -d > server > update delete in-addr.arpa. > send Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: ;; flags: qr aa; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ; in-addr.arpa. IN SOA ;; AUTHORITY SECTION: in-addr.arpa. 0 IN SOA pri.cp.net. root.cp.net Found zone name: in-addr.arpa The master is: pri.cp.net Sending update to #53 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 0 ;; UPDATE SECTION: in-addr.arpa. 0 ANY ANY Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; ZONE SECTION: ; in-addr.arpa. IN SOA There is no complain from the update query. Check the contents of the journal file. Did the delete record got in to the journal file? [root@localhost named]# named-journalprint zone rev.jnl del in-addr.arpa. 300 IN SOA pri.cp.net. root.cp.net add in-addr.arpa. 300 IN SOA pri.cp.net. root.cp.net add in-addr.arpa IN PTR myhost.ddns.net. Created by: Raymond Chan Page 8 of 12
9 DNS Update 4: Delete an PTR record using nsupdate IP address: FQDN: myhost.ddns.net TTL: 7200 second named]# nsupdate -d > server localhost > update delete in-addr.arpa. > send Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr aa; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ; in-addr.arpa. IN SOA ;; AUTHORITY SECTION: in-addr.arpa. 300 IN SOA pri.cp.net. root.cp.net Found zone name: in-addr.arpa The master is: pri.cp.net Sending update to ::1#53 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 0 ;; UPDATE SECTION: in-addr.arpa. 0 ANY ANY Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; ZONE SECTION: ; in-addr.arpa. IN SOA Check the contents of the zone file and the journal file. Do not restart the DNS server. The contents of the journal file should look like the following: [root@localhost named]# named-journalprint zone rev.jnl del in-addr.arpa. 300 IN SOA pri.cp.net. root.cp.net add in-addr.arpa. 300 IN SOA pri.cp.net. root.cp.net add in-addr.arpa IN PTR myhost.ddns.net. del in-addr.arpa. 300 IN SOA pri.cp.net. root.cp.net del in-addr.arpa IN PTR myhost.ddns.net. add in-addr.arpa. 300 IN SOA pri.cp.net. root.cp.net Study the contents of the journal file carefully. Created by: Raymond Chan Page 9 of 12
10 DNS Update 5: Add a correct PTR record using nsupdate IP address: FQDN: myhost.ddns.net TTL: 7200 second [root@localhost named]# nsupdate -d > server localhost > update add in-addr.arpa. 300 PTR myhost.ddns.net. > send Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: ;; flags: qr aa; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ; in-addr.arpa. IN SOA ;; AUTHORITY SECTION: in-addr.arpa. 0 IN SOA pri.cp.net. root.cp.net Found zone name: in-addr.arpa The master is: pri.cp.net Sending update to ::1#53 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 0 ;; UPDATE SECTION: in-addr.arpa. 300 IN PTR myhost.ddns.net. Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; ZONE SECTION: ; in-addr.arpa. IN SOA Check the contents of the zone file and its journal file. If the zone file zone rev did not get updated, restart named and check again. The contents of the zone file zone rev should look similar to: [root@localhost named]# cat zone rev $ORIGIN. $TTL 300 ; 5 minutes in-addr.arpa IN SOA pri.cp.net. root.cp.net. ( ; serial 3600 ; refresh (1 hour) 900 ; retry (15 minutes) ; expire (3 days) 600 ; minimum (10 minutes) ) NS pri.cp.net. $ORIGIN in-addr.arpa PTR myhost.ddns.net. Created by: Raymond Chan Page 10 of 12
11 The contents of the journal file zone rev.jnl should look similar to: named]# named-journalprint zone rev.jnl del in-addr.arpa. 300 IN SOA pri.cp.net. root.cp.net add in-addr.arpa. 300 IN SOA pri.cp.net. root.cp.net add in-addr.arpa IN PTR myhost.ddns.net. del in-addr.arpa. 300 IN SOA pri.cp.net. root.cp.net del in-addr.arpa IN PTR myhost.ddns.net. add in-addr.arpa. 300 IN SOA pri.cp.net. root.cp.net del in-addr.arpa. 300 IN SOA pri.cp.net. root.cp.net add in-addr.arpa. 300 IN SOA pri.cp.net. root.cp.net add in-addr.arpa. 300 IN PTR myhost.ddns.net. Part 5 verify the update with nslookup The following outputs are to be expected: [root@localhost named]# nslookup -q=a myhost.ddns.net Server: Address: #53 Name: myhost.ddns.net Address: [root@localhost named]# nslookup -q=ptr Server: Address: # in-addr.arpa Study Questions name = myhost.ddns.net. Study Questions 1. Which rpm package provides the nsupdate command line utility? 2. What does the -d option do for the nsupdate command? 3. Which RFC document defines the Dynamic DNS update protocol? 4. Could nsupdate send a dynamic DNS update to a DNS server using a non-standard port? (port 53 is DNS standard port number.) 5. What are the steps using nsupdate to add an A record for a host with FQDN linux.ddns.net IP address with a TTL of 60 seconds? 6. What are the steps using nsupdate to add a 'PTR record for the host in question 5? Created by: Raymond Chan Page 11 of 12
12 7. What are the steps using nsupdate to add a CNAME record for gnu.ddns.net that points to linux.ddns.net? 8. What are the steps using nsupdate to delete the A record created in question 5? 9. What are the steps using nsupdate to delete the PTR record created in question 6? 10. What are the steps using nsupdate to delete the CNAME record created in question 7? 11. What would happen if you try to delete a non-existence resource record (PTR, A, CNAME, MX, etc) from a dynamic DNS zone using nsupdate? 12. What would happen if you ry to add a duplicate resource record to a dynamic zone using nsupdate? Completing the Lab Copy the following script to your Primary DNS server and save it as lab5.bash. Run the script on your Primary DNS server, redirect the output to lab5-[seneca-id].txt and upload the file to blackboard by the due date. Replace [seneca-id] with your actual MySeneca name. #! /usr/bin/bash hostname date ip addr show ls -lz /var/named cat /etc/named.conf cat /var/named/zone-ddns.netnamed-journalprint /var/named/zone-ddns.net.jnl cat /var/named/zone rev named-journalprint /var/named/zone rev.jnl lab5.bash > lab5.[seneca-id].txt Created by: Raymond Chan Page 12 of 12
Local DNS Attack Lab. 1 Lab Overview. 2 Lab Environment. 2.1 Install and configure the DNS server. SEED Labs Local DNS Attack Lab 1
SEED Labs Local DNS Attack Lab 1 Local DNS Attack Lab Copyright c 2006-2015 Wenliang Du, Syracuse University. The development of this document is partially funded by the National Science Foundation s Course,
More informationDNS Configuration Guide. Open Telekom Cloud
DNS Configuration Guide Open Telekom Cloud www.telekom.de/opentelekomcloud For this guide we assume that two subnets are already configured. In our example the subnets are called subnet_dns01 (in AZ eu-de-01)
More informationDNS Session 2: DNS cache operation and DNS debugging. Joe Abley AfNOG 2006 workshop
DNS Session 2: DNS cache operation and DNS debugging Joe Abley AfNOG 2006 workshop How caching NS works (1) If we've dealt with this query before recently, answer is already in the cache easy! Resolver
More informationCIA Lab Assignment: Domain Name System (1)
CIA Lab Assignment: Domain Name System (1) A. Bakker N. Sijm J. van der Ham M. Pouw Feedback deadline: September 22, 2015 10:00 CET Abstract The Domain Name System (DNS) is a hierarchical, distributed
More informationDNS Session 2: DNS cache operation and DNS debugging. How caching NS works (1) What if the answer is not in the cache? How caching NS works (2)
D Session 2: D cache operation and D debugging How caching works (1) If we've dealt with this query before recently, answer is already in the cache - easy! Joe Abley AfNOG 2006 workshop Resolver Query
More informationInternet Engineering. DNS Message Format. Contents. Robert Elz.
Internet Engineering 241-461 Robert Elz kre@munnari.oz.au kre@coe.psu.ac.th http://fivedots.coe.psu.ac.th/~kre Contents The Domain Name System The DNS Database DNS Protocols DNS Message Formats ueries
More informationDomain Name System - Advanced Computer Networks
- Advanced Computer Networks Saurabh Barjatiya International Institute Of Information Technology, Hyderabad 26 August, 2011 Contents 1 Distributed database, highly volatile Domain names Top level domains
More informationSecured Dynamic Updates
Secured Dynamic Updates Caution Portions of this slide set present features that do not appear in BIND until BIND 9.3 Snapshot code is available for this BIND 9.2 can perform most of the dynamic update
More informationDomain Name System (DNS) Session-1: Fundamentals. Joe Abley AfNOG Workshop, AIS 2017, Nairobi
Domain Name System (DNS) Session-1: Fundamentals Joe Abley AfNOG Workshop, AIS 2017, Nairobi Computers use IP addresses. Why do we need names? Names are easier for people to remember Computers may be moved
More informationDomain Name System (DNS) Session-1: Fundamentals. Computers use IP addresses. Why do we need names? hosts.txt does not scale
Domain Name System (DNS) Computers use IP addresses. Why do we need names? Names are easier for people to remember Session-1: Fundamentals Computers may be moved between networks, in which case their IP
More informationChapter 19. Domain Name System (DNS)
Chapter 19 Domain Name System (DNS) TCP/IP Protocol Suite 1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. OBJECTIVES: To describe the purpose of DNS. To define
More informationObjectives. Upon completion you will be able to:
Domain Name System: DNS Objectives Upon completion you will be able to: Understand how the DNS is organized Know the domains in the DNS Know how a name or address is resolved Be familiar with the query
More informationRHCE BOOT CAMP BIND. Wednesday, November 28, 12
RHCE BOOT CAMP BIND CONFIG FILES BIND basically has two types of configuration files: BIND configuration file, specific to BIND and it s features Database files, or zone files, which contain DNS resource
More informationApplication Session (Hands-on) Athanassios Liakopoulos (GRNET) version 1.01
Application Session (Hands-on) Athanassios Liakopoulos (GRNET) aliako@grnet.gr version 1.01 1. Lab information Network Topology The network topology is shown in Figure 1. PCs belong to different VLANs,
More informationECE 435 Network Engineering Lecture 7
ECE 435 Network Engineering Lecture 7 Vince Weaver http://web.eece.maine.edu/~vweaver vincent.weaver@maine.edu 25 September 2018 HW#3 was Posted Announcements 1 HW#2 Review C code will be discussed next
More informationDomain Name System (DNS) DNS Fundamentals. Computers use IP addresses. Why do we need names? hosts.txt does not scale. The old solution: HOSTS.
Domain Name System (DNS) Computers use IP addresses. Why do we need names? Names are easier for people to remember DNS Fundamentals Computers may be moved between networks, in which case their IP address
More informationServices: DNS domain name system
Services: DNS domain name system David Morgan Buying numbers and names numbers are IP addresses you buy them from an ISP the ISP makes sure those addresses go to your place the names are domain names you
More informationDNS / DNSSEC Workshop. bdnog November 2017, Dhaka, Bangladesh
DNS / DNSSEC Workshop bdnog7 19-22 November 2017, Dhaka, Bangladesh Issue Date: 03 November 2015 Revision: 2.0-draft4 Overview DNS Overview BIND DNS Configuration Recursive and Forward DNS Reverse DNS
More informationDNS & DHCP CONFIGURATION
WELCOME DNS & DHCP CONFIGURATION Group Members Anmol Nazakat Ameena Fatima Shakeel ur Rehman Gulraiz Azam Irfan Ullah 1 2 3 4 5 BSIT-F14-E78 BSIT-F14-E100 BSIT-F14-E66 BSIT-F14-E69 BSIT-F14-E79 3 Today
More informationSicurezza dei sistemi e delle reti
Sicurezza dei sistemi e delle reti LAB: DNS LOCAL ATTACK Pharming attacks The main objective of Pharming attacks on a user is to redirect the user to another machine B when the user tries to get to machine
More informationLinux Network Administration
Linux Network Administration Objective Describe the organization of the namespace Define the top-level subdomains of the Describe the process of converting IP addresses into names Define the concept of
More informationPrepared by Shiba Ratna Tamrakar
Lab on Package management with RPM and Yum 1. to install the package bind-utils #rpm -hiv bind-utils* Note: i for install, h for hash, v for verbose 2. to install the package bind-utils from URL ftp://www.xyz.com/rpms
More informationLab 6 Implementing DNSSEC
Lab 6 Implementing DNSSEC Objective: Deploy DNSSEC-signed zones. Background DNSSEC (or DNS Security Extensions) provide security to the zone files. Note: In the steps below, we are using myzone.net - our
More informationConfiguration of Authoritative Nameservice
Configuration of Authoritative Nameservice AfCHIX 2011 Blantyre, Malawi (based on slides from Brian Candler for NSRC) Recap DNS is a distributed database Resolver asks Cache for information Cache traverses
More informationDEPLOY A DNS SERVER IN A SECURE WAY
DEPLOY A DNS SERVER IN A SECURE WAY BIND (Berkeley Internet Name Domain) is one of the more widely used DNS servers. This article guides readers on how to deploy a BIND DNS server in a secure way by implementing
More informationGoal of this session
DNS refresher Overview Goal of this session What is DNS? How is DNS built and how does it work? How does a query work? Record types Caching and Authoritative Delegation: domains vs zones Finding the error:
More informationIllumio Adaptive Security Platform PCE Supercluster Reference Implementation Guide
Illumio Adaptive Security Platform PCE Supercluster Reference Implementation Guide 09/06/2018 Table of Contents Product Versions... 4 About Illumio... 4 Illumio Professional Services for Deployment...4
More informationCisco Expressway ENUM Dialing
Cisco Expressway ENUM Dialing Deployment Guide First Published: December 2013 Last Updated: November 2015 Cisco Expressway X8.7 Cisco Systems, Inc. www.cisco.com 2 Introduction ENUM (E.164 Number Mapping)
More informationThis time. Digging into. Networking. Protocols. Naming DNS & DHCP
This time Digging into Networking Protocols Naming DNS & DHCP Naming IP addresses allow global connectivity But they re pretty useless for humans! Can t be expected to pick their own IP address Can t be
More informationENUM Dialing on Cisco Expressway
ENUM Dialing on Cisco Expressway Deployment Guide Cisco Expressway X8.2 D15064.02 June 2014 Contents Introduction 3 Configuring the Expressway 4 Configuring an ENUM zone and search rule 4 Configuring the
More informationRoot Servers. Root hints file come in many names (db.cache, named.root, named.cache, named.ca) See root-servers.org for more detail
What is DNS? Systems to convert domain names into ip addresses: For an instance; www.tashicell.com 118.103.136.66 Reverse: 118.103.136.66 www.tashicell.com DNS Hierarchy Root Servers The top of the DNS
More informationMCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration. Chapter 5 Introduction to DNS in Windows Server 2008
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008 Objectives Discuss the basics of the Domain Name System (DNS) and its
More informationReverse DNS Overview
Reverse DNS Overview Principles Creating reverse zones Setting up nameservers Reverse delegation procedures IPv6 reverse delegations Current status 1 Creating reverse zones Same as creating a forward zone
More informationChapter 14. Configuring Linux Network Services Part 1 DHCP and DNS service
Chapter 14 Configuring Linux Network Services Part 1 DHCP and DNS service 1 Content Configuring a DHCP server on Linux Configuring a DNS server on Linux Configuring the Apache Web server on Linux Configuring
More informationComputer Center, CS, NCTU. Outline. Installation Basic Configuration
BIND Part 1 pschiu Outline Installation Basic Configuration 2 Installing ISC BIND Step # pkg install bind911 or # cd /usr/ports/dns/bind911 # make install clean or # yum install bind.x86_64 # yum install
More informationCSCE 463/612 Networks and Distributed Processing Spring 2018
CSCE 463/612 Networks and Distributed Processing Spring 2018 Application Layer III Dmitri Loguinov Texas A&M University February 8, 2018 Original slides copyright 1996-2004 J.F Kurose and K.W. Ross 1 Chapter
More informationLocal DNS Attack Lab. 1 Lab Overview. 2 Lab Tasks (Part I): Setting Up a Local DNS Server. SEED Labs Local DNS Attack Lab 1
SEED Labs Local DNS Attack Lab 1 Local DNS Attack Lab Copyright 2018 Wenliang Du, Syracuse University. The development of this document was partially funded by the National Science Foundation under Award
More informationDomain Name System (DNS) Session 2: Resolver Operation and debugging. Joe Abley AfNOG Workshop, AIS 2017, Nairobi
Domain Name System (DNS) Session 2: Resolver Operation and debugging Joe Abley AfNOG Workshop, AIS 2017, Nairobi DNS Resolver Operation How Resolvers Work (1)! If we've dealt with this query before recently,
More informationBased on Brian Candler's materials ISOC CCTLD workshop
Based on Brian Candler's materials ISOC CCTLD workshop Easier for people to remember Computers may be moved between networks, in which case their IP address will change A centrally maintained file, distributed
More informationBIND-USERS and Other Debugging Experiences. Mark Andrews Internet Systems Consortium
BIND-USERS and Other Debugging Experiences Mark Andrews Internet Systems Consortium Mark_Andrews@isc.org http://isc.org BIND-USERS and Other Debugging Experiences We will look at some typical debugging
More informationWelcome! Acknowledgements. Introduction to DNS. cctld DNS Workshop October 2004, Bangkok, Thailand
Welcome! cctld DNS Workshop 8-11 October 2004, Bangkok, Thailand Champika Wijayatunga, APNIC Acknowledgements Bill Manning Ed Lewis Joe Abley Olaf M. Kolkman EP.NET Introduction to
More informationAgha Mohammad Haidari General ICT Manager in Ministry of Communication & IT Cell#
Install a DNS server in Windows Server 2008 IT administrators who have little or no experience with Domain Name System (DNS), can learn to install, configure and troubleshoot a Windows Server 2008 DNS
More informationTable of Contents DNS. Short history of DNS (1) DNS and BIND. Specification and implementation. A short history of DNS.
Table of Contents Specification and implementation DNS dr. C. P. J. Koymans Informatics Institute University of Amsterdam September 14, 2009 A short history of DNS Root servers Basic concepts Delegation
More informationDNS Pharming Attack Lab
CNT 5140 - Fall 2017 1 DNS Pharming Attack Lab Copyright c 2006-2011 Wenliang Du, Syracuse University. The development of this document is funded by the National Science Foundation s Course, Curriculum,
More informationDomain Name Service. DNS Overview. October 2009 Computer Networking 1
Domain Name Service DNS Overview October 2009 Computer Networking 1 Why DNS? Addresses are used to locate objects (contain routing information) Names are easier to remember and use than numbers DNS provides
More informationDNS. dr. C. P. J. Koymans. September 16, Informatics Institute University of Amsterdam. dr. C. P. J. Koymans (UvA) DNS September 16, / 46
DNS dr. C. P. J. Koymans Informatics Institute University of Amsterdam September 16, 2008 dr. C. P. J. Koymans (UvA) DNS September 16, 2008 1 / 46 DNS and BIND DNS (Domain Name System) concepts theory
More informationLesson 9: Configuring DNS Records. MOAC : Administering Windows Server 2012
Lesson 9: Configuring DNS Records MOAC 70-411: Administering Windows Server 2012 Overview Exam Objective 3.2: Configure DNS Records Configuring DNS Record Types Using the DNSCMD Command to Manage Resource
More informationDNS Session 1: Fundamentals. Based on Brian Candler's materials ISOC CCTLD workshop
DNS Session 1: Fundamentals Based on Brian Candler's materials ISOC CCTLD workshop Computers use IP addresses. Why do we need names? Easier for people to remember Especially true for IPv6 Computers may
More informationHow to Add Domains and DNS Records
Configure the Barracuda NextGen X-Series Firewall to be the authoritative DNS server for your domains or subdomains to take advantage of Split DNS or dead link detection. Step 1. Make the X-Series Firewall
More informationManaging Caching DNS Server
This chapter explains how to set the Caching DNS server parameters. Before you proceed with the tasks in this chapter, see Introduction to the Domain Name System which explains the basics of DNS. Configuring
More informationDNS / DNSSEC Workshop. bdnog May 2017, Bogra, Bangladesh
DNS / DNSSEC Workshop bdnog6 19-23 May 2017, Bogra, Bangladesh Issue Date: 03 November 2015 Revision: 2.0-draft4 Overview DNS Overview BIND DNS Configuration Recursive and Forward DNS Reverse DNS 2 Overview
More informationPreSales Lab Build Guide. Event Broker Build Guide
PreSales Lab Build Guide Event Broker 2.21 Build Guide v1a 08/20/2018 Contents Contents... 2 Description... 3 Versions... 3 Physical Network... 4 DNS Configuration... 4 Host Configuration... 4 BIND Configuration...
More informationManaging Zones. Staged and Synchronous Modes CHAPTER. See Also
CHAPTER 15 Managing Zones The Domain Name System (DNS) is a distributed database for objects in a computer network. By using a nameserver approach, the network consists of a hierarchy of autonomous domains
More informationDNS Mark Kosters Carlos Martínez {ARIN, LACNIC} CTO
DNS Workshop @CaribNOG12 Mark Kosters Carlos Martínez {ARIN, LACNIC} CTO DNS Refresher and Intro to DNS Security Extension (DNSSEC) Outline Introduction DNSSEC mechanisms to establish authenticity and
More informationOverview. Last Lecture. This Lecture. Next Lecture. Scheduled tasks and log management. DNS and BIND Reference: DNS and BIND, 4 th Edition, O Reilly
Last Lecture Overview Scheduled tasks and log management This Lecture DNS and BIND Reference: DNS and BIND, 4 th Edition, O Reilly Next Lecture Address assignment (DHCP) TELE 301 Lecture 11: DNS 1 TELE
More informationAPNIC elearning: DNS Concepts
APNIC elearning: DNS Concepts 27 MAY 2015 11:00 AM AEST Brisbane (UTC+10) Issue Date: Revision: Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security IPv6
More informationDNS. Introduction To. everything you never wanted to know about IP directory services
Introduction To DNS everything you never wanted to know about IP directory services Linux Users Victoria, April 3 rd 2007 what is the domain name system anyway? it's like a phone book...kinda DNS is (1)
More informationDNS Basics BUPT/QMUL
DNS Basics BUPT/QMUL 2018-04-16 Related Information Basic function of DNS Host entry structure in Unix Two system calls for DNS database retrieving gethostbyname () gethostbyaddr () 2 Agenda Brief introduction
More informationDNS Mark Kosters Carlos Martínez ARIN - LACNIC
DNS Workshop @CaribNOG8 Mark Kosters Carlos Martínez ARIN - LACNIC DNS Refresher and Intro to DNS Security Extension (DNSSEC) Outline Introduction DNSSEC mechanisms to establish authenticity and integrity
More informationConfigure IBM Security Identity Manager Virtual Appliance in Cloud
Configure IBM Security Identity Manager Virtual Appliance in Cloud Rahul Relan rarelan3@in.ibm.com Nnaemeka Emejulu eemejulu@us.ibm.com Parag Gokhale parag.gokhale@in.ibm.com Abstract: Installing IBM Security
More informationCSc 450/550 Computer Networks Domain Name System
CSc 450/550 Computer Networks Domain Name System Jianping Pan Summer 2007 5/28/07 CSc 450/550 1 Review: Web/HTTP Web URI/URL, HTML tags, embedded objects HTTP request and response persistence, statefulness
More informationComputer Networks. Domain Name System. Jianping Pan Spring /25/17 CSC361 1
Computer Networks Domain Name System Jianping Pan Spring 2017 1/25/17 CSC361 1 Review: Web/HTTP Web URI/URL, HTML tags embedded/linked objects HTTP request and response persistence, statefulness web caching,
More informationAuthoritative-only server & TSIG
Authoritative-only server & TSIG cctld workshop Apia, Samoa,20 23 June 2006 Andy Linton (Materials by Alain Aina) Different type of servers Several types of name servers Authoritative servers master (primary)
More informationThis video will look at how to create some of the more common DNS records on Windows Server using Remote Administration Tools for Windows 8.
This video will look at how to create some of the more common DNS records on Windows Server using Remote Administration Tools for Windows 8. Demonstration The Windows 8 computer has Remote Server Administration
More informationSetting up DHCP, DNS and NFS on the CLTC Server
CLTC Documentation Sheet 2: Setting up DHCP, DNS and NFS on the CLTC Server Developed by The 'Free Range' Community Linux Training Centre Project - Version 1.0, January 2003. http://www.fraw.org.uk/cltc/
More informationTable of Contents DNS. Short history of DNS (1) DNS and BIND. Specification and implementation. A short history of DNS. Root servers.
Table of Contents Specification and implementation DNS Karst Koymans Informatics Institute University of Amsterdam (version 1.11, 2010/10/04 10:03:37) Tuesday, September 14, 2010 A short history of DNS
More informationIntroduction to Network. Topics
Introduction to Network Security Chapter 7 Transport Layer Protocols 1 TCP Layer Topics Responsible for reliable end-to-end transfer of application data. TCP vulnerabilities UDP UDP vulnerabilities DNS
More informationInstalling MyDNS And The MyDNSConfig Control Panel On Fedora 8
By Falko Timme Published: 2007-12-06 19:24 Installing MyDNS And The MyDNSConfig Control Panel On Fedora 8 Version 1.0 Author: Falko Timme Last edited 12/03/2007 In this tutorial
More informationQNAME minimisation. Ralph Dolmans (NLnet Labs) https://www.nlnetlabs.nl/ March 2016 Stichting NLnet Labs
QNAME minimisation Ralph Dolmans ralph@nlnetlabs.nl (NLnet Labs) March 2016 Stichting NLnet Labs page 2 Introduction About NLnet Labs A not for profit, public benefit foundation develop Open Source software
More informationQUICK START GUIDE Cisco Internet Streamer CDS
QUICK START GUIDE Cisco Internet Streamer CDS 2.0 2.3 1 Introduction 2 Getting Started 3 Configuring Delivery Services 4 Configuring the Service Router 5 Testing the Web Engine 6 Testing the Windows Media
More informationDNS Load Balancing in ONTAP
Technical Report DNS Load Balancing in ONTAP Configuration and Best Practices Justin Parisi, NetApp October 2016 TR-4253 Abstract This document explains how to configure NetApp storage systems with NetApp
More informationCourse Organization. The Internet as a Blackbox: Applications. Opening the Blackbox: The IP Protocol Stack
Course Organization The Internet as a Blackbox: Applications Basic terminology & concepts (protocols, API ) Dive into DNS, Email, HTTP, SNMP & their interface to the blackbox Opening the Blackbox: The
More informationIT Domain Name System Revisited
IT 3100 - Domain Name System Revisited Curtis Larsen DSU-CIT Fall 2013 Curtis Larsen (DSU-CIT) IT 3100 - Domain Name System Revisited Fall 2013 1 / 14 Outline 1 Domain Name System - Revisited Load Balancing
More informationDNS Security. *http://compsec101.antibozo.net/pa pers/dnssec/dnssec.html. IT352 Network Security Najwa AlGhamdi
DNS Security *http://compsec101.antibozo.net/pa pers/dnssec/dnssec.html 1 IT352 Network Security Najwa AlGhamdi Introduction The DNS provides a mechanism that resolves Internet host names into IP addresses
More informationSome advanced topics. Karst Koymans. Tuesday, September 16, 2014
DNS Some advanced topics Karst Koymans Informatics Institute University of Amsterdam (version 44, 2014/09/15 08:39:47) Tuesday, September 16, 2014 Karst Koymans (UvA) DNS Tuesday, September 16, 2014 1
More informationNetworking Applications
Networking Dr. Ayman A. Abdel-Hamid College of Computing and Information Technology Arab Academy for Science & Technology and Maritime Transport 1 Outline Introduction Name Space concepts Domain Name Space
More informationNetwork Protocols. DNS Intel *slightly modified public version of another talk. TDC 375 Autumn 2009/10 John Kristoff DePaul University 1
Network Protocols DNS Intel *slightly modified public version of another talk TDC 375 Autumn 2009/10 John Kristoff DePaul University 1 What's in a name? dns research01.cti.depaul.edu. TDC 375 Autumn 2009/10
More informationRemote DNS Cache Poisoning Attack Lab
CS482 Remote DNS Cache Poisoning Attack Lab 1 1 Lab Overview Remote DNS Cache Poisoning Attack Lab The objective of this lab is for students to gain the first-hand experience on the remote DNS cache poisoning
More informationDNS. Some advanced topics. Karst Koymans. Informatics Institute University of Amsterdam. (version 17.2, 2017/09/25 12:41:57)
DNS Some advanced topics Karst Koymans Informatics Institute University of Amsterdam (version 17.2, 2017/09/25 12:41:57) Friday, September 22, 2017 Karst Koymans (UvA) DNS Friday, September 22, 2017 1
More informationDNS. A Massively Distributed Database. Justin Scott December 12, 2018
DNS A Massively Distributed Database Justin Scott December 12, 2018 What is DNS? Translates Hostnames to IP Addresses What is DNS? Example: www.serverlogic.com 23.185.0.4 What is DNS? Example: www.serverlogic.com
More informationHow to Enable Internet for Guest Virtual Machine using Datacard Tata Photon.
How to Enable Internet for Guest Virtual Machine using Datacard Tata Photon. Table of Contents 1) Host, Guest and VBox version.... 2 2) Check your current Host and add 3 rd Adapter to Host windows... 3
More informationOutline NET 412 NETWORK SECURITY PROTOCOLS. Reference: Lecture 7: DNS Security 3/28/2016
Networks and Communication Department NET 412 NETWORK SECURITY PROTOCOLS Lecture 7: DNS Security 2 Outline Part I: DNS Overview of DNS DNS Components DNS Transactions Attack on DNS Part II: DNS Security
More informationConfiguring DNS on SLES 9
CHAPTER 3 Configuring DNS on SLES 9 This chapter covers the following requirements for Novell s Certified Linux Engineer (CLE) 9 certification: 1. Configure a DNS server using BIND. On a modern IP-based
More informationResource Records APPENDIXA
APPENDIXA Resource Records Resource records comprise the data within a DNS zone. There is no fixed limit to the number of resource records a zone can own. In general, there can be zero, one, or more resource
More informationRemote DNS Cache Poisoning Attack Lab
SEED Labs Remote DNS Cache Poisoning Attack Lab 1 Remote DNS Cache Poisoning Attack Lab Copyright 2006-2016 Wenliang Du, Syracuse University. The development of this document was partially funded by the
More informationA DNS Tutorial
http://ntrg.cs.tcd.ie/undergrad/4ba2/multicast/ Copyright Table of Contents What is a DNS?... 3 Why do we need a DNS?... 3 Why do computers prefer addresses based on numbers?... 3 What is a Domain Name,
More informationDNS & Iodine. Christian Grothoff.
DNS & Iodine christian@grothoff.org http://grothoff.org/christian/ The Domain Name System is the Achilles heel of the Web. Tim Berners-Lee 1 DNS: Domain Name System Unique Distributed Database Application-layer
More informationDNSreport for icharter.org
Page 1 of 6 Home Products Tools DNSrepo Your IP: 78.86.4.117 ASN: 0 [IANA-RSVD-0] Near: London, England United Kingdom DNSreport for icharter.org Generated by www.dnsreport.com at 12:44:18 GMT on 06 Feb
More informationDNS. Karst Koymans & Niels Sijm. Friday, September 14, Informatics Institute University of Amsterdam
DNS Karst Koymans & Niels Sijm Informatics Institute University of Amsterdam Friday, September 14, 2012 Karst Koymans & Niels Sijm (UvA) DNS Friday, September 14, 2012 1 / 32 1 DNS on the wire 2 Zone transfers
More informationLarge-scale DNS. Hot Topics/An Analysis of Anomalous Queries
Large-scale DNS Caching Servers Hot Topics/An Analysis of Anomalous Queries Shintaro NAKAGAMI, Tsuyoshi TOYONO Keisuke ISHIBASHI, Haruhiko NISHIDA, and Haruhiko OHSHIMA NTT Communications, OCN NTT Laboratories
More informationThe Application Layer: Sockets, DNS
The Application Layer: Sockets, DNS CS 352, Lecture 3 http://www.cs.rutgers.edu/~sn624/352-s19 Srinivas Narayana 1 App-layer protocol Types of messages exchanged, e.g., request, response Message format:
More informationInternet Engineering Task Force (IETF) Request for Comments: 7706 Category: Informational ISSN: November 2015
Internet Engineering Task Force (IETF) Request for Comments: 7706 Category: Informational ISSN: 2070-1721 W. Kumari Google P. Hoffman ICANN November 2015 Decreasing Access Time to Root Servers by Running
More informationDNSSEC for Humans and BIND 10. Paul Vixie Internet Systems Consortium June 9, 2011
DNSSEC for Humans and BIND 10 Paul Vixie Internet Systems Consortium June 9, 2011 Agenda BIND and DNSSEC Why do I want DNSSEC? Why DNSSEC for Humans? BIND 9.7 Features More DNSSEC for Humans Why BIND 10?
More informationImplementing DNSSEC with DynDNS and GoDaddy
Implementing DNSSEC with DynDNS and GoDaddy Lawrence E. Hughes Sixscape Communications 27 December 2017 DNSSEC is an IETF standard for adding security to the DNS system, by digitally signing every resource
More informationResponse Differences between NSD and other DNS Servers
Response Differences between NSD and other DNS Servers Jelte Jansen, NLnet Labs Wouter Wijngaards, NLnet Labs NLnet Labs document 2006-004 November 2, 2006 Abstract This note describes observed differences
More informationOversimplified DNS. ... or, even a rocket scientist can understand DNS. Step 1 - Verify WHOIS information
Oversimplified DNS... or, even a rocket scientist can understand DNS Step 1 - Verify WHOIS information GOALS: Make sure that WHOIS reports every name server you have, and doesn't report any that aren't
More informationExpiration Date: May 1997 Randy Bush RGnet, Inc. November Clarifications to the DNS Specification. draft-ietf-dnsind-clarify-02.
Network Working Group Internet Draft Expiration Date: May 1997 Robert Elz University of Melbourne Randy Bush RGnet, Inc. November 1996 Clarifications to the DNS Specification Status of this Memo draft-ietf-dnsind-clarify-02.txt
More informationWeb Portal User Manual for
Web Portal User Manual for Copyright 2009 Afilias Limited Contents 1. Introduction... 1 1.1 About Afilias Managed DNS Service... 1 1.2 Afilias Managed DNS Service Website Help... 1 1.3 Support... 2 2.
More information1 Release Notes for BIND Version b1
1 Release Notes for BIND Version 9.12.0b1 1.1 Introduction BIND 9.12.0 is a new feature release of BIND, still under development. This document summarizes new features and functional changes that have
More informationManaging DNS Firewall
, page 1 DNS firewall controls the domain names, IP addresses, and name servers that are allowed to function on the network. This enables Internet Service Providers (ISP), enterprises, or organizations
More information