#100DaysOfAzureSecurity Posts Notes Talks Tags Categories About

DNS

Collection of notes on Domain Name System (DNS). The sources of the information is given in links wherever possible, please feel free to click the links and learn more (or make your own notes).

RFC 1035 : Domain Names – Implementation and Specification

User Program: A program running on the host which is trying to request the IP for a domain name.

Resolver: Programs that extract information from name servers in response to client requests. Should atleast have access to one name server. Resolver are typically system routines which are accessible to the requesting program.

Name Server: Server programs which hold information about the domains

Data items will be stored redundantly in two or more name servers

When the resolver processes a user query it asks a known name server for the information; in return, the resolver either receives the desired information or a referral to another name server

Common config of DNS
Common config of DNS. Source: RFC 1035

Name Servers manages 2 types of data:

  1. authoritative data : Complete data of domains segregated as zones
  2. cached data : acquired by a local resolver of the name server. Eventually discarded by a timeout mechanism.

Primary name server acquires information about one or more zones by reading master files from its local file system, and answers queries about those zones that arrive from foreign resolvers. Master files are text files that contain resource records in text form.

Common config of DNS resolvers
Common config of DNS resolvers. Source: RFC 1035

Resource Records (denoted as RRs in the RFC) – Records in zone data files – Basic building blocks of DNS

Instead of writing network DNS resolvers on all (less capable) devices resolvers are replaced with stub resolvers which act as front ends to resolvers located in a recursive server in one or more name servers. They utilize a small number of centralized caches.

Stub resolvers
Stub resolvers. Source: RFC 1035

DNS port (53) supports both TCP and UDP

UDP – recommended method for standard queries in the Internet. Not acceptable for zone transfers.

Maximum characters for a DNS label is 63.

DNS Label : consecutive series of alphanumeric characters or hyphens, separated by periods

Domain name is represented as a series of labels, and terminated by a label with zero length.

www.example.com has 4 labels: www, example, com and empty root domain at the end. (Source)

RFC 1033 : Domain Names – Concepts and Facilities

Resolver – tries to contact all the root servers (mentioned in local file) sequentially. Once it gets connected, it requests current list of root servers and discards the data from local file.

TTL – Time to Live – time (in seconds) that a resolver will use the data it got from the NS before it asks again. If TTL is blank, it defaults to that specified in SOA record of zone.

The Start Of Authority record designates the start of a zone. The zone ends at the next SOA record.

Forward DNS lookup is using an Internet domain name to find an IP address. Reverse DNS lookup is using an Internet IP address to find a domain name. Dig command example for reverse DNS lookup: dig -x 8.8.8.8

DNS Zone transfers : DNS transaction to replicate DNS databases across a set of DNS servers. Example: dig axfr @nsztm1.digi.ninja zonetransfer.me

A – host address NS – authoritative name server CNAME – canonical name for an alias SOA – Start of a zone of authority PTR – domain name pointer HINFO – host information MX – mail exchange TXT – text strings SRV – Service record

HINFO – contains information about the CPU type and operating system type. Rarely used. dig cloudflare.com ANY

SPF records– These are provided as TXT records. It lists all authorized hostnames / IP addresses that are permitted to send email on behalf of the domain. Never have +all in SPF record – this tag allows any server to send email from your domain. For domains that aren’t sending email, it is recommended to have the following record v=spf1 -all

MX record – the number in MX record is the preference. Specifies the order a mailer should try multiple MX records when delivering mail. 0 is highest preference.

  • Get any records of a domain : dig any google.com
  • Reverse DNS lookups of IPs : dig -x <ip-address>
  • Check if NS allows zone transfer : dig axfr @nameserver target-domain.com
  1. Open about:config
  2. Search for network.trr.mode
  3. Change it to 2

Remember: Setting the mode to 2 tries to fetch the DNS queries over DoH, if not possible it falls back to using traditional DNS calls. If you need to completely use DoH, try setting mode to 3.

To learn more about the modes, check this : https://wiki.mozilla.org/Trusted_Recursive_Resolver#network.trr.mode