ALL ABOUT DNS



Domain Name Servers (DNS) are the Internet's equivalent of a phone book. They maintain a directory of domain names and translate them to Internet Protocol (IP) addresses.

This is necessary because, although domain names are easy for people to remember, computers or machines, access websites based on IP addresses.

Information from all the domain name servers across the Internet are gathered together and housed at the Central Registry. Host companies and Internet Service Providers interact with the Central Registry on a regular schedule to get updated DNS information.

When you type in a web address, e.g., www,google.com, your Internet Service Provider views the DNS associated with the domain name, translates it into a machine friendly IP address and directs your Internet connection to the correct website.

After you register a new domain name or when you update the DNS servers on your domain name, it usually takes about 12-36 hours for the domain name servers world-wide to be updated and able to access the information. This 36-hour period is referred to as propagation.

DNS Records :

A
Address record, Returns a 32-bit IPv4 address, most commonly used to map hostnames to an IP address of the host, but it is also used for DNSBLs, storing subnet masks in RFC 1101, etc.

CNAME 
Canonical name record, Alias of one name to another: the DNS lookup will continue by retrying the lookup with the new name.

AAAA 
IPv6 address record, Returns a 128-bit IPv6 address, most commonly used to map hostnames to an IP address of the host.

MX
Mail exchange record, Maps a domain name to a list of message transfer agents for that domain

NS 
Name server record, Delegates a DNS zone to use the given authoritative name servers

SOA 
State of authority record, Specifies authoritative information about a DNS zone, including the primary name server, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone.

SPF 
Sender Policy Framework, a simple email-validation system designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain comes from a host authorized by that domain's administrators.

TXT
Text record, Originally for arbitrary human-readable text in a DNS record.

PTR
Pointer record, Pointer to a canonical name. Unlike a CNAME, DNS processing stops and just the name is returned. The most common use is for implementing reverse DNS lookups, but other uses include such things as DNS-SD.

SRV
Service locator, Generalized service location record, used for newer protocols instead of creating protocol-specific records such as MX.

NSEC
Next Secure record, Part of DNSSEC—used to prove a name does not exist. Uses the same format as the (obsolete) NXT record.

AXFR
Authoritative Zone Transfer, Transfer entire zone file from the master name server to secondary name servers. DNS Zone Transfer is typically used to replicate DNS data across a number of DNS servers, or to back up DNS files. A user or server will perform a specific zone transfer request from a ―name server. If the name server allows zone transfers to occur, all the DNS names and IP addresses hosted by the name server will be returned in human-readable ASCII text.

IXFR
Incremental Zone Transfer, Transfer entire zone file from the master name server to secondary name servers.

Zone Transfer 

A zone transfer allows a secondary server to update its zone database from the primary server. this is useful if primary server becomes unavailable.

generally, A DNS zone transfer needs to be performed only by secondary DNS servers. many DNS servers, however, are misconfigured and provide a copy of the zone to anyone who asks. this isn’t necessarily bad if the only information provided is related to systems that are connected to the internet and have valid hostnames, although it makes it that much easier for attackers to find potential targets.

The Real Problem Occurs When An Organization Does Not Use A Public/Private DNS Mechanism To Segregate its External DNS Information (Which Is Public) From Its Internal, Private DNS Information. In This Case, Internal Host Names And IP Addresses Are Disclosed To The Attacker. Providing A Complete Blueprint, Or Road map, Of An Organization’s Internal Network.

dnsrecon -d target -t axfr

Cache Snooping

DNS cache snooping is a technique that involves querying DNS servers to see if they have specific records cached. Using this technique, we can harvest a bunch of information from DNS servers to see which domain names users have recently accessed, possibly revealing some interesting and maybe even embarrassing information.

dnsrecon -t snoop -n ns2.google.com -D /root/Domains.txt 

Zone Walking

This technique may unveils internal records if zone is not configured properly. The information that can be obtained can help us to map network hosts by enumerating the contents of a zone.

dnsrecon -d site.com -t zonewalk

Reverse Lookup

Reverse Lookup is the querying of the Domain Name System (DNS) to determine the domain name associated with an IP address

For example, one IP address of Google.com is 74.125.142.147. If you were to type this IP address in the Reverse DNS Lookup Tool, it will return the host name of Google as listed in the database of ARPA, the Address and Routing Parameter Area (arpa) top-level domain of the Internet.

Note that some IP addresses will not return a domain name because there may be records indicating multiple domain names for a given IP address. Common examples of this include shared web hosting, where one IP address of the server is shared among one or more domains.


TXT Record 

A TXT record (short for text record) is a type of resource record in the Domain Name System (DNS) used to provide the ability to associate some arbitrary and unformatted text with a host or other name, such as human readable information about a server, network, data center, and other accounting information.

Example:

name  ttl  class   rr     text
joe        IN      TXT    "Located in a black hole" "Likely to be eaten by a grue"

SOA Record

SOA Start Of Athority is a record which has zone file with detail info about the server

owner-name  ttl class rr    name-server email-addr  (sn ref ret ex min)
example.com.    IN    SOA   ns.example.com. hostmaster.example.com. (
                              2003080800 ; sn = serial number
                              172800     ; ref = refresh = 2d
                              900        ; ret = update retry = 15m
                              1209600    ; ex = expiry = 2w
                              3600       ; nx = nxdomain ttl = 1h

It is stored in a primary server and this record sync with other secondery server

SRV Record

An SRV record is intended to provide information on available services for your systems, most commonly used with SIP configuration. SRV records have a unique system for naming.

Example: _Service._Protocol.DomainName.
         _http._tcp.example-1.com.

No comments:

Post a Comment

Popular Posts