- the lookup mechanism used to map an IP address to the domain name and vice-versa. the resolver DNS server is over the world they are in a distributed manner to reduce the load on a specific server. these servers dynamically modify and update their records as a new domain registered every second.
- Now the question arises that we need the DNS server because domain names are easier to remember instead of IP addresses.
Parts of DNS
- Namespace: Database contains all the information- delegations, zones, domains.
- Servers: Makes the namespace available for clients-serves
- Resolver: Will query the servers about a particular namespace and find out the particular information of that namespace.
Types
The cache text file contains names and addresses of root DNS servers that are needed to resolve names outside of the authoritative DNS domains. Root DNS Server is a group of a number of servers that are authoritative to resolve queries at the root level.
In Windows Server: /Windows/System32/Dns/cache.dns
In Centos: /etc/bind/db.root
DNS Working
when the user opens up the browser and type any website name and search for it than before opening the website DNS server comes into play because the internet works on IP address, not on a domain name, therefore, it became necessary for some to map this domain name into IP address. For this, the user query first passes to its local DNS first about the website IP address. The first process is that web browser searches for IP address inside its local cache file as I mentioned above if the cache file can't find IP address then it asks the local DNS server for IP.
Let's understand in brief
1. Client: searches securitythread.blogspot.com
2. Local DNS searches inside the DNS cache file for IP Address if found return to the browser if not then query passes to the local DNS server for further steps
3. Local DNS asks to roots server for IP but root server only contains top-level Domain like .com,.org,.net hence it only gives IP address of .com server in our case.
4. Then local DNS ask to .com server for the IP address of securitythread.blogspot.com but .com server only able to give the nearer public DNS server IP address like we use 8.8.8.8 for google.com
5. Public DNS server gives the IP address of securitythread.blogspot.com to our local DNS server which is further passed to the browser.
DNS Structure
It is like a hierarchical structure as shown:
key-term to understand:
HOSTNAME: www.securitythread.blogspot.com
FULLY QUALIFIED DOMAIN NAME(FQDN): www.securitythread.blogspot.com
FQDN= Hostname + Domain name
www.securitythread.blogspot.com = www+securitythread.blogspot.com
Top-level Domain(TLD)
Generic top-level domain = .org, .com, .edu
Country code top-level Domain = .in, .uk, .usa
 |
| DNS structure |
DNS QUERY
Query is a name resolution request from the local DNS server to point out the IP address of the given website.
Types: Iterative and Recursive
Iterative: Query which directed towards the DNS server and answered with many intermediate refereed servers.
Recursive: Query sent to a DNS server requires a complete answer there is no other DNS referral server
DNS Server types
Authoritative: Master(primary)
Slave(secondary)
Non-Authorative: Our own cache server
The major difference is that the primary server resolves the query with its own database. whereas non-authoritative server doesn't resolve the query with its database, actually refer the query to another DNS server for resolving.
Primary(master) DNS server
It has the main database to perform read/write operation. More than one Primary Server can also be installed for Redundancy & Fault Tolerance.
Secondary DNS server
This only has a copy of the main primary server database. It Established to balance the load on Server. It has a record taken from the Primary/Master Server in a specified time interval. So the record can only be read.
Whenever the DNS server gives the response to a query the response may be of four type
DNS Answer Types
Negative Answer: - When a website address for which the client is querying is not available (Its IP address doesn’t exist) then this response will come negative.
Authoritative Answer: - The Server has the record of that website in its own Database. Our Local DNS Server will also be called Authoritative Server if it has the website record in its own Database.
Non-Authoritative Answer:- The DNS Server doesn’t have the record of that website in its own Database but it queries other DNS Servers or check in its own DNS Cache & brings the website's record.
Referral Answer: - The DNS Server doesn’t have the record of that website in its own Database but it refers to another DNS Server for that.
DNS records
I am covering only the important ones
- A: Address mapping records give IPv4 address of a website
- AAAA: Address mapping records give IPv6 address of a website
- CNAME: Canonical Name record used to resolve alias name of a website like www.securitythread.com and securitythread.com are two canonical names of each other.
- PTR: Reverse-lookup pointer record work just opposite to A and AAAA record. This helps to map the IP address to the website name
- SOA: Start of Authority records gives full detail about DNS zone
- NS: name server records give an authoritative name server for the given host
- MX: mail exchanger records give mail exchange server detail.
commands:
nslookup securitythread.com > gives IP address
nslookup 8.8.8.8 > hostname of this IP
nslookup type=ns securitythread.com > gets ns record
nslookup type=all securitythread.com > gets ns record
DNS Zone
A DNS zone is a database that contains resource records of a neighboring DNS namespace. for example, you have a DNS zone called securitythread.com inside the DNS server. where you create records for all networking devices.
DNS Zone Types
- Primary zone: which have the read/write permission on any records
- Secondary zone: This zone only have the read permission on records
- Stub zone: store copy of a zone that contains only records used to locate name server
- Active Directory-integrated zone: In this data is stored in active directory zone rather than in traditional zone field
DNS zone transfer
Zone transfer is the process of copying the content of the zonal file from a primary DNS server to a secondary DNS server so that there is synchronization of records among primary and secondary. The primary zone server notifies to a secondary server when changes occur in zone database records.
Configuring the zone transfers
- Active Directory-integrated zone: In this type of DNS system server running on domain controllers can store their zones on active directory domain services because of this multiple masters can be created for DNS replication, therefore, any domain controller inside the running domain can write updates to the AD integrated DNS zones for the domain name. Active Directory-integrated zones store DNS zone data in the active directory database some replication occurs through an active directory of records.
- Traditional DNS zone: the transfer take place between primary and secondary zones.
Methods of Zone transfer
- Full transfer of records: when both primary and secondary server is configured and secondary server responses all coming request from a full copy of the primary DNS server.
- Incremental zone transfer: when there are any new entries and the primary and secondary server databases are not the same as primary because of new entries, therefore, to make the synchronization among the databases of both the server incremental zone transfer takes place. This requires less bandwidth than a full transfer
- Active directory transfer: Occur when Active directory integrated zones are replicated to the domain controller in a domain.
- DNS notify: DNS notify the secondary DNS server when they needed to initiate a zone transfer so that the updates of primary DNS server can be replicated to them
Great post, Thank you for sharing with us. It is really helpful information about Advanced Penetration Testing with Kali 20 malaysia
ReplyDelete