Skip to content

Instantly share code, notes, and snippets.

@crazyguitar

crazyguitar/dns.md

Last active September 24, 2023 12:10
Show Gist options
  • Save crazyguitar/d2f16526c24bc66767c43eef1505706a to your computer and use it in GitHub Desktop.
Save crazyguitar/d2f16526c24bc66767c43eef1505706a to your computer and use it in GitHub Desktop.
Download ZIP
learn dns hard way
Raw
dns.md

Domain Name Server (DNS)

Concept

  1. Two type of DNS network activities:
    1. lookup: DNS client queries a DNS server for information
    2. zone transfers: DNS server (the secondary server) requests from another DNS server (the primary server)
  2. DNS lookups are usualy executed usin UDP. (If some of data is lost in transit by UDP, the lookup will be redone using TCP)
  3. DNS sever uses well-known port 53 (UDP/TCP)
  4. Proxying characteristics of DNS:
    1. DNS is structured so that servers always act as proxies for clients
    2. It's also possible to use a DNS feature called forwarding so that a DNS server is effectively a proxy for another server
  5. The forwarders directive tells the server that, if it doesn't know the information itself already, it should forward the query to a specific server and let this other server figure out the answer, rather than try to contact servers all over the Internet in an attempt to determine the answer itself.

Structure of a DNS message


    +---------------------+
    |        Header       |
    +---------------------+
    |       Question      | the question for the name server
    +---------------------+
    |        Answer       | RRs answering the question
    +---------------------+
    |      Authority      | RRs pointing toward an authority
    +---------------------+
    |      Additional     | RRs holding additional information
    +---------------------+
  1. Answer: The answer section contains RRs that answer the question
  2. Authority: The authority section contains RRs that point toward an authoritative name server
  3. Additional: The additional records section contains RRs which relate to the query, but are not strictly answers for the question

DNS query flow

DNS name lookup

Using dig to trace DNS query flow

$ dig +trace google.com @8.8.8.8

DNS query flow

DNS name lookup (with packet detail)

DNS server use the field:

  • Authority
  • Additional

to hint the DNS server to query the another DNS server

$ dig +trace google.com

DNS query flow detail

DNS name lookup (when name is CNAME)

$ dig www.github.com

dns-query-cname-flow

DNS with forwarding

Using dig to trace DNS query flow inside the internal network

$ internal_dns="192.168.53.53"
$ dig +trace google.com @${internal_dns}

DNS query forwarding flow

Reverse DNS lookup

dig +trace -x 192.30.253.113 # github.com

DNS query reverse flow

Why we need a NS and a A record to point ourselves?

The reason is that sometimes we have to deal with the query which send to us directly. The following figure shows this scenario:

DNS need NS record

If we don't have any NS and A record to point ourselves, the client cannot find the authroizative nameserver

DNS no NS record

dig usage cheat sheet

# query A record
$ dig google.com

# query A record with short message
$ dig +short google.com

# query A record and specify the dns server
$ dig +short google.com @"${dns_server}"

# query specific record
$ rtype=txt
$ dig -t ${rtype} google.com
$ dig -t soa google.com

# query records with trace
$ dig +trace google.com

# reverse look-up
$ dig +short 172.217.24.14

bind9

Reference

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment