WHAT IS A DNS ?
The Domain Name System (DNS) serves as the Internet's phonebook, allowing users to access online information via domain names such as nytimes.com and espn.com It functions by translating these domain names into Internet Protocol (IP) addresses, enabling web browsers to load various online resources efficiently.
Every device connected to the Internet is assigned a unique IP address, allowing other machines to locate it easily DNS servers simplify this process by eliminating the need for users to remember complex IP addresses, whether in the traditional IPv4 format, like 192.168.1.1, or the more intricate alphanumeric IPv6 format, such as 2400:cb00:2048:1::c629:d7a2.
DNS records are regularly updated, allowing a server's IP address to change seamlessly without disrupting end users This means that users can continue to access the same domain name while being automatically redirected to the new IP address.
A DNS A or AAAA Record points a domain or subdomain to an IP, and a
CNAME record points a domain or subdomain to another domain name. period is referred to as propagation With next-generation DNS technology propagation can be reduced to minutes or seconds.
DNS enables multiple hostnames to be linked to a single IP address, facilitating virtual hosting where numerous websites are served from one host Additionally, a single hostname can resolve to multiple IP addresses, allowing for load distribution across several servers.
When connecting to a local network, ISP, or WiFi, the modem or router transmits essential network configuration details to your device, which includes information about one or more DNS servers.
DNS servers your device will use to translate host names to IP addresses.
A component called a DNS Resolver is responsible for checking if the host name is available in local cache, and if not, contacts a series of DNS Name
Servers, until eventually it receives the IP of the website or service you are trying to reach If everything is working well, this can take less than a second
The process is known as DNS resolution of a hostname to IP address.
DNS primarily serves to convert domain names in URLs into their respective IP addresses, but its functionality extends beyond this basic role, playing a crucial part in various other forms of Internet communication.
What is DNS Used For?
Resolving names of World Wide Web (WWW) sites
Routing messages to email servers and webmail services
Connecting app servers, databases and middleware within a web application
Peer-to-peer sharing programs
Instant messaging and online meeting services
Communication between IoT devices, gateways and servers
HOW TO OPERATE DNS SERVICES & Building Blocks of DNS
There are four main building blocks that enable DNS to function:
A DNS resolver, often referred to as a recursive resolver, is a specialized server that processes DNS queries from web browsers and various applications When a user inputs a hostname, such as www.example.com, the resolver's primary function is to locate and return the corresponding IP address for that hostname.
The DNS resolver might be operated by the local network, an Internet Service
A resolver, which can be a provider, mobile carrier, WIFI network, or third party, first checks its local cache or the operating system's cache on the device If the hostname is located in these caches, it is resolved instantly.
When a DNS resolver cannot find the requested hostname, it queries a DNS Root Server, which provides information about the corresponding TLD Name Server The resolver then contacts the TLD Name Server to obtain details of the Authoritative Name Server, which is responsible for the specific domain Finally, the resolver requests the IP address associated with the hostname from the Authoritative Name Server, successfully resolving the query when it receives the IP address.
The root server plays a crucial role in converting human-readable host names into IP addresses When a user queries a domain like www.example.com, the Top Level Domain (TLD) processes the provided TLD and directs the request to the appropriate com TLD Name Server for further information.
There are 13 logical root servers worldwide, indicated by the letters through , operated by organizations such as Verisign, Cogent, the A M
University of Maryland and the U.S Army Research Lab.
The TLD Name Server takes the domain name provided in the query - for
Each Top Level Domain (TLD) has its own Name Server, with over 1,500 valid TLDs currently available This includes traditional TLDs like com and org, country-specific codes such as co.uk and co.fr, as well as newer options like biz.
The Authoritative Name Server is the last stop in the name server query The
Authoritative Name Server takes the domain name and subdomain, and if it has access to the DNS records, it returns the correct IP address to the DNS
As the Internet expands, the outdated IPv4 standard, which permits only 4.3 billion IP addresses, is being succeeded by IPv6, capable of accommodating approximately 3.4×10^38 IP addresses Consequently, DNS servers are increasingly providing IP addresses in the IPv6 format.
In some cases, the Authoritative Name Server will route the DNS Resolver to another Name Server that contains specific records for a subdomain, for example, support example.com
Authoritative Name Servers are structured within DNS Zones, each containing a specific set of these servers They are deemed "authoritative" because they deliver accurate and reliable responses regarding the current IP address associated with a particular domain.
Summary of the DNS Process - a DNS Example
1 DNS Query - a web browser or other application requests a human readable hostname such as “www.example.com” The query is handled by the
DNS Resolver, which is responsible for finding the IP matching the hostname.
2 DNS Root Servers - the Resolver talks to a Root Server and is referred to a
Top Level Domain (TLD) Name Server, corresponding to the TLD in the query, such as com.
3 TLD Name Server - the Resolver contacts the relevant TLD Name Server and is referred to an Authoritative Name Server that holds the current details for the domain name.
4 Authoritative Name Server - finally, the Resolver sends the query to the
An authoritative name server is crucial for managing a domain, as it holds the information specified in the zone file on the TLD name server This DNS server is responsible for resolving the full domain name, such as www.example.com, by providing the corresponding IP address.
Once the DNS Resolver successfully retrieves the IP address associated with the domain name, it sends this information back to the client's browser or application This allows the client to establish a connection with the server using the provided IP address, enabling effective communication between the two.
Clients, such as web browsers or messaging apps, facilitate communication with servers When a user enters a domain in a browser, the corresponding website is displayed Similarly, in a messaging app, users can send messages to others through the server.
In this section we provide some more details about how DNS works behind the scenes.
DNS Types - 3 Types of DNS Queries
A recursive query occurs when a DNS client asks a DNS server, usually a DNS recursive resolver, to provide either the requested resource record or an error message if the record cannot be found.
An iterative query enables a DNS client to receive the most accurate response from a DNS server If the server lacks a match for the hostname, it provides a referral to an authoritative DNS server within a lower tier of the DNS hierarchy, prompting the DNS client to query the referred address for further information.
This process continues with additional DNS servers down the query chain until either an error or timeout occurs.
3 Non-recursive query - this occurs when a DNS Resolver queries a DNS
DNS resource records (RR) are the basic information elements of the Domain
Name System They are entries in the DNS database which provide information about hosts The records are physically stored in the Zone Files on the DNS server.
The following are common DNS records:
Address Mapping records (A) - records that hold a hostname and its corresponding IPv4 address.
IP Version 6 Address records (AAAA) - records that hold a hostname and its corresponding IPv6 address.
Canonical Name records (CNAME) - used to create aliases of domain names Can be used to alias a domain to another domain.
Mail exchanger record (MX) - specifies a mail exchange server for the domain name, used in the SMTP protocol to route emails to the correct email server.
Name Server records (NS) - delegates a DNS Zone to use a specific
Reverse-lookup Pointer records (PTR) - used to look up domain names based on an IP address.
Certificate record (CERT) - stores encryption certificates such as PKIX,
Service Location (SRV) - service location record, like MX but for other, newer protocols.
The DNS protocol uses two types of DNS messages, queries and replies Both queries and replies consist of a header and four sections: question, answer, authority, and an additional space:
The header section includes essential components such as Identification for aligning responses with queries, Flags, the total Number of Questions, Number of Answers, the Count of Authority Resource Records (RRs), and the Number of Additional Resource Records.
The flag field consists of one or four bits that specify the nature of the message, indicating whether it is a query or a reply It also reveals if the current packet is a reply, a status, or a request, and whether the DNS server is authoritative Additionally, the field shows the client's desire for a recursive query ("RD"), the DNS server's support for recursion, whether the request was truncated ("TC"), and includes four bits at the end that indicate the status.
The question section contains the domain name and type of record (A,
AAAA, MX, TXT, etc.) being resolved The domain name is broken into labels, each label prefixed by the length of that label.
The answer section has the resource records of the queried name A domain name may occur in multiple records if it has multiple IP addresses associated with it.
DNS primarily operates using the User Datagram Protocol (UDP) on port 53, facilitating efficient request handling Each DNS query involves a single UDP request sent from the client, followed by a corresponding UDP reply from the server, ensuring a streamlined communication process.
Protocol (TCP) is used when the response data size exceeds 512 bytes, or for zone transfers Some DNS resolvers use TCP for all communication.
HOW TO INSTALL AND CONFIGURATION DNS SERVICES?
HOW TO INSTALL DNS SERVER? ( In windown server 2019)
At the Server Manager window select item Manage click Add roles and Features
Select DNS Server click Next
Continue to default and click Next click install to install DNS Server
How to configuration DNS Server?
At the Server Manager window select item Tools click DNS
Right click Forward Lookup Zones chọn New Zone
In the New Zone Wizard screen click Next
In the Zone Type screen , select item Primary Zone to configure primary
In the Zone Name screen, write zone name in item Zone name For example: network.com.vn click Next
The next to default and click Next in the Completing screen, check the information about DNS Server and click Finish to finish creating new zone
The next, right click to network.com.vn select New Host ( A or AAAA )
In the New Host window write name PC in Name and write IP of PC current in
IP address click Add Host
For example: name PC: sv1, IP address: 172.17.77.172
The next, right click to network.com.vn select new Alias (CNAME) in the New Resource Record window write www in title Alias name click
Browse select SV1 select Forward lookup Zones select network.com.vn select sv1 click OK
The next, do the same as create New Host sv1, but with the name vy and same
IP range, for example: IP 172.17.77.100
The next, right click network.com.vn select New Mail Exchanger (MX) in the Mail Exchanger (MX) select Browse choose to mail click OK
So, configure the Forward Lookup Zones section (convert domain to IP address)
Next configure the Reverse Lookup Zones section (convert IP address to domain)
To create a new Reverse Lookup Zone, right-click on "Reverse Lookup Zones" and select "New Zone." Keep the default settings and click "Next." Enter the current PC's IP address in the "Network ID" field, leaving the end blank, then click "Next" and finally "Finish."
The next, click 77.17.172 in-addr.arp right click select refesh to automatically create 2 records named IP of sv1 and mail
+ TEST NEW DNS SERVER ON WINDOWS 10
Step 1: open Control Pannel click Network and Sharing Center or right click network icon in the system tray, select Open Network and Internet
Settings search Change adapter options
Step 2: click Change Adapter setting
Step 3: select the internet connection currently in use, right click Properties.
Step 4: click Internet Protocol Version 4 (TCP/TPv4) Properties
Gerneral Use the following DNS server addresses ( with the IP of the newly installed DNS Server above)
For example: Perferred DNS server: 172.17.77.172
Click OK to finish selecting the DNS Server address
PACKET ANALYSIS WITH WIRESHARK?
When data is transferred from one computer to another, the data stream consists of smaller units called packets.
When you download a file online, it is transmitted in packets from the server, which your computer then reassembles to recreate the original file.
A packet can contain the following data:
source and destination IP addresses
length, flags, TTL, and so on
Each packet in a data transfer holds crucial details about the devices participating in the exchange In fact, a single data transfer can consist of thousands or even millions of these packets moving between the source and destination devices.
Now you can understand the importance of Wireshark Wireshark lets you capture each of these packets and inspect them for data.
Wireshark, to a network engineer, is similar to a microscope for a biologist
Wireshark lets you ‘listen’ to a live network (after you establish a connection to it), and capture and inspect packets on the fly.
Wireshark is an essential tool for network engineers and ethical hackers to debug and secure networks effectively However, it can also be misused by malicious hackers to "sniff" network packets, potentially capturing sensitive information such as credit card transactions.
This is why it is unwise to connect to a public network like Starbucks and perform financial transactions or access private data Even though sites with
HTTPS can encrypt your packets, it is still visible over the network If someone really wants to crack it, they can.
Packet analysis, also referred to as packet sniffing or protocol analyzing, involves intercepting and capturing live data as it traverses a network, whether via Ethernet or Wi-Fi, to gain insights into network activity This process is facilitated by protocol analyzers like Wireshark, which can be found online in both free and commercial versions In this report, we will utilize these tools for our analysis.
Wireshark to perform network analysis, which is an open source software and the best free-network analyzer available on the Internet.
In today's networking landscape, it's crucial to stay equipped with the latest troubleshooting tools to effectively address various issues that can arise Problems often originate at the packet level and can escalate to significant network downtime Even the most reliable protocols and services can malfunction or act maliciously To effectively maintain your network, it's essential to analyze packet-level data to identify and resolve underlying issues.
To analyze network problems by looking into the packets and their specific details so that you can get a better hold over your network.
Detecting network intrusion attempts is crucial for identifying malicious users attempting to access your network or those who may have already gained unauthorized access to sensitive information.
To detect network misuse by internal or external users by establishing firewall rules in your security appliance and then monitoring each of these rules through Wireshark.
To isolate exploited systems so that the affected system doesn't become a pivot point for your network for malicious users.
To effectively manage data in motion within your network, it is essential to monitor both allowed and restricted data categories For example, if you wish to block access to BitTorrent sites, you can implement a rule on your router However, to identify the source of the requests, tools like Wireshark can provide valuable auditing capabilities.
Gathering and reporting network statistics involves filtering specific packets according to your needs, allowing you to create tailored capture filters that will be beneficial in the long run.
Wireshark enables users to monitor network activity by identifying who is on the network, their actions, and any attempts to bypass restrictions This powerful tool simplifies essential daily tasks related to network security and management.
To debug client/server communications so that all the request and replies communicated between the peers on our network can be audited to maintain the integrity of your network.
Identify applications lurking within your network that may be consuming bandwidth and compromising security These overlooked applications can expose your network to public visibility and allow unrestricted network traffic to infiltrate your system.
To debug network protocol implementations and any kind of anomalies present due to various misconfigurations in the current running devices.
To identify possible or malicious attacks that your network can be a victim of, to analyze them, control/supervise them, and make yourself ready for any possible malicious activity.
When conducting packet analysis, it's essential to consider the interpretable protocols, select the best software based on your expertise, and choose a protocol analyzer that meets your network needs Experience plays a crucial role; as you work with Wireshark, you'll develop innovative strategies for troubleshooting and analyzing packets more effectively.
Packet sniffers can interpret common network protocols (such as IP and
ICMP), transport layers (such as TCP and UDP), and application protocols
(such as DNS and HTTP).
Due to the overwhelming amount of information presented by Wireshark's
GUI, it might seem complex to some users and might be considered as one of its demerits There are a few CUI/GUI tools that can solve this purpose They
Wireshark is a powerful network protocol analyzer that captures packets from network connections, including those between your computer and the internet In an Ethernet network, a packet refers to a distinct unit of data, making Wireshark essential for analyzing network traffic and diagnosing connectivity issues.
Wireshark is the most often-used packet sniffer in the world Like any other packet sniffer, Wireshark does three things:
1 Packet Capture: Wireshark listens to a network connection in real time and then grabs entire streams of traffic – quite possibly tens of thousands of packets at a time
2 Filtering: Wireshark is capable of slicing and dicing all of this random live data using filters By applying a filter, you can obtain just the information you need to see.
Wireshark, a powerful packet sniffer, enables users to explore the intricacies of network packets and offers the ability to visualize complete conversations and network streams.
# DNS - PACKET ANALYSIS WITH WIRESHAK?
Part 1: Record a PC’s IP Co Information
In Part 1 of the lab, utilize the ipconfig /all command on your local PC to obtain and document the MAC and IP addresses of your network interface card (NIC), along with the IP address of the designated default gateway and the DNS server IP address assigned to the PC Ensure to record this information in the provided table, as it will be essential for subsequent packet analysis in the following parts of the lab.
Part 2: Use Wireshark to Capture DNS Queries and Responses
In Part 2, you will configure Wireshark to capture DNS query and response packets, showcasing the use of the UDP transport protocol in communication with a DNS server Begin by clicking the Windows Start button and locating the Wireshark program.
Note: If Wireshark is not yet installed, it can be downloadehttp://www.wireshark.org/download.html b Select an interface for Wireshark for capturing packets Use the Interface
List to choose the interface that is associated with the recorded PC’s IP and