Learning DNS for Enterprise

By
Sergey Babkevych
-
0
2143

Learning DNS for Enterprise

I can tell you couple of things and a little facts about DNS :)))

There are two types of DNS queries, recursive and iterative.
When a DNS resolver issues a recursive query to a name server, the server attempts to resolve the name completely with full answers (or an error) by following the naming hierarchy all the way to the authoritative name server.

Upon receiving an iterative query, the name server can simply give a referral to another name server for the resolver to contact next.

A resolver sets the RD (recursion desired) bit in DNS query packet to indicate that it would like to have the query resolved recursively.

Not all servers support recursive queries from arbitrary rresolves… 🙁

– Instead of using your default name server, issue the query for www.test.edu to one of the
root DNS servers (e.g. a.root-servers.net). Does this server accept recursive query from
you? If not, perform iterative queries yourself using dig by following the chain of referrals to
obtain the www.test.edu address. What are the sequence of name servers that you have
queried? Which domain is each name server responsible for?

– Alice works at a search engine startup whose main competitor is Google. She would like to
crush her competitor in the “non-traditional” way by messing up with DNS servers…… Recalling
from her networking class that DNS servers cache A and NS records from DNS replies and
referrals, Alice realizes she can configure her own DNS server to return incorrect results for
arbitrary domains. If the resolver caches Alice’s malicious results, it will return bad results
to future DNS queries. Help Alice complete her master plan to hijack Google’s domain name
by writing down exactly what Alice’s name server returns upon a DNS query. What must a
robust DNS server implementation do to counter this attack?

– Use multiple recursive DNS servers located at different geographical regions1 as well as your
default name server to resolve www.google.com. Attach your dig output. What geographi-
cal regions do those IP addresses reside? How quickly do the corresponding A and NS records
expire? Why do A records expire so soon? Compare this setup using DNS with some alterna-
tive way of achieving the same goal.

———————-

Its very hard to explain to you . ..
Practically its a very dangerous thing is to touch the dns …. :))
May be someone ales can explain more specifically .

Good luck .