Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "DNS"

From NetSec
Jump to: navigation, search
(DNS Recon)
Line 4: Line 4:
 
DNS resolves hostnames to IP addresses and vice versa.  DNS records also control the appointment of servers to control e-mail.   
 
DNS resolves hostnames to IP addresses and vice versa.  DNS records also control the appointment of servers to control e-mail.   
  
==DNS Basics==
+
=DNS Basics=
  
 
The DNS system is used to resolve domain names (such as www.blackhatacademy.org) into 4-byte addresses (such as 173.245.60.117) known as IP addresses or (more rarely) DNS addresses. It can be used to obtain a wealth of information concerning a website, all of which can be useful for troubleshooting, penetration testing and recon.
 
The DNS system is used to resolve domain names (such as www.blackhatacademy.org) into 4-byte addresses (such as 173.245.60.117) known as IP addresses or (more rarely) DNS addresses. It can be used to obtain a wealth of information concerning a website, all of which can be useful for troubleshooting, penetration testing and recon.
  
=== DNS Recon ===
+
== DNS Recon ==
  
 
In this example, random.com is given as a site that the hacker wishes to learn more about. The first step in a hacker's DNS recon might be to type:
 
In this example, random.com is given as a site that the hacker wishes to learn more about. The first step in a hacker's DNS recon might be to type:
Line 40: Line 40:
 
}}
 
}}
  
There are many useful free DNS utilities on the internet. One that in particular is endorsed by us is [http://www.yougetsignal.com/ YouGetSignal].
+
= Records =
  
See [[protocols]] for more information.
+
== MX Record ==
  
== DNS Server Software ==
+
<b>M</b>ail e<b>X</b>changer Record
 +
 
 +
This record prioritizes email delivery for specific domains over multiple protocols.
 +
 
 +
 
 +
SYNTAX:
 +
  domain.tld. TTL IN MX domain.tld
 +
 
 +
*The first domain.tld. represents the mailserver hostname.
 +
*The second domain.tld represents the domain name to deliver mail for
 +
*This can only be added to the record containing the primary A record to be effective.
 +
 
 +
==CNAME records==
 +
 
 +
==DNAME records==
 +
 
 +
==A records==
 +
 
 +
 
 +
 
 +
=DNS Server Software=
  
 
* [http://www.isc.org/software/bind Bind]
 
* [http://www.isc.org/software/bind Bind]
Line 51: Line 71:
 
* [http://cr.yp.to/djbdns.html djbdns]
 
* [http://cr.yp.to/djbdns.html djbdns]
 
* [http://www.corpit.ru/mjt/rbldnsd.html rbldnsd]
 
* [http://www.corpit.ru/mjt/rbldnsd.html rbldnsd]
 +
 +
= DNS Utilities =
 +
 +
* [http://www.yougetsignal.com/ YouGetSignal]
 +
 +
* [[dig]]
  
 
[[Category:Protocols]]
 
[[Category:Protocols]]

Revision as of 17:59, 24 April 2012

This article needs to be cleaned up, rewritten, updated or removed.

Dymic Name System or Domain Name System

DNS resolves hostnames to IP addresses and vice versa. DNS records also control the appointment of servers to control e-mail.

DNS Basics

The DNS system is used to resolve domain names (such as www.blackhatacademy.org) into 4-byte addresses (such as 173.245.60.117) known as IP addresses or (more rarely) DNS addresses. It can be used to obtain a wealth of information concerning a website, all of which can be useful for troubleshooting, penetration testing and recon.

DNS Recon

In this example, random.com is given as a site that the hacker wishes to learn more about. The first step in a hacker's DNS recon might be to type:

host random.com

That will return basic information on the site, ip addresses (a records, aaaa for v6) and mail servers (mx records). For a little bit more information, use the -a flag, it will return everything from txt records to dnssec records.

Taking it a bit further, you can really start to pull a lot of information from DNS given the right circumstances. For example, if a domain name server has axfr's (zone transfers) enabled for everyone, you can get a list of subdomains for any domain name on that server. The easiest way to do this would be something like this:

host -tns random.com

This would give return the dns servers for random.com, allowing you to do something like:

host -l random.com. ns75.worldnic.com

In order to perform a successful zone transfer, you usually want to directly specify the name server. Here is an example of a successful zone transfer:

outlookccc.wideopenwest.com has address 64.233.207.77 mail.outlookccc.wideopenwest.com has address 12.152.37.50 pop-13.wideopenwest.com has address 64.233.207.59 pop-14.wideopenwest.com has address 64.233.207.60 portal.wideopenwest.com has address 64.233.207.39

Records

MX Record

Mail eXchanger Record

This record prioritizes email delivery for specific domains over multiple protocols.


SYNTAX: 

 domain.tld. TTL IN MX domain.tld
  • The first domain.tld. represents the mailserver hostname.
  • The second domain.tld represents the domain name to deliver mail for
  • This can only be added to the record containing the primary A record to be effective.

CNAME records

DNAME records

A records

DNS Server Software

DNS Utilities

Retrieved from "http://nets.ec/index.php?title=DNS&oldid=4106"