Skip to main content

DNS Part 1 - Basics of DNS



Hello friends,
I am back again with some more tutorials . The whole tutorial is going to be divided in 4 parts . 

 Part 1 - Basics of DNS
Part 2 - Linux and Windows Commandine Utilties to query dns
Part 3 - Advanced Tools - Dnsdict6 , Fiere , theHarvester 
Part 4 - Bash Scripting to Automate DNS Queries and Security Issues in DNS 

 Well what is DNS ?
DNS stands for Domain Name System. It is used to resolve host name to IP Address and vice-versa.

 A simple overview of its working

 It is not possible to remember all the ip address of the system. DNS helps to give a hostname i.e a meaningful name for an ip address since it is easy to remember a name instead of a series of numbers. So when I want to browse any site say google.com I put that address in the address bar. After that the system using DNS query queries the dns server to resolve the ip address of google.com. Say it responds with an answer 74.125.236.41 . Now the browser will intiate a TCP connection to 74.125.236.41 at port 80. 

 It provides the following services

 1. Host Aliasing - Say for example a complicated hostname like training.subgroup.site.com can have alias like www.site.com . Here training.subgroup.site.com is a cannonical hostname.

 2. MailServer Aliasing - Example mail.school.hackerrank.com can have alias like hackerrank.com . The MX records can be used to extract the information about the various email server. We will see it in details when we will study about nslookup in details.

Port used by dns to query and resolve hostname to ip : Port 53

 Type of connection used : Mostly UDP . But can use TCP if the size of payoad is greater than 512. Like if we do zone transfer.

 Types of DNS Server
  • Root DNS Server 
  • Top Level Domain
  • Authoritative DNS Server
  • Local DNS Server




Types of queries DNS make to resolve any ip address
  • Iterative
  • Recursive


Types of records 

 1. Type=A - Hostname to IPv4 addressing
2. Type=AAAA - Hostname to IPv6 addressing
3. Type=NS - Name server record that maps a domain name to a list of DNS Servers authorative to that domain
4. Type=MX - Mail Exchange records that maps a domain name to a list of mail sever for that domain
There are even more types of record. Please do some more research work and find about some more interesting records . 
Okay so now you know how dns works ! And its time to have fun with dns ! It time for some real life demos. Check out part II . And thanks for reading :) 




Popular posts from this blog

KringleCon : Sans Holiday Hack 2018 Writeup

SANS HOLIDAY HACK 2018 Writeup , KRINGLECON The objectives  Orientation Challenge  Directory Browsing  de Bruijn Sequences  Data Repo Analysis  AD Privilege Discovery  Badge Manipulation  HR Incident Response  Network Traffic Forensics  Ransomware Recovery  Who Is Behind It All? First I go to Bushy Evergreen and try to solve the terminal challenge . Solving it is fairly easy , Escape_Key followed by  ":q" without quotes After this we move to the kiosk and solve the questions The question were based on the themes of previous Holiday Hack Challenges. Once we answer it correctly we get the flag. For this I visited Minty Candycane and I tried to solve the terminal challenge.  The application has command injection vulnerability , so injecting a system command with the server ip allows execution of the command. So first I perform an `ls` operation to list of the directory contents , followed by a cat of t
Read more

Linux Privilege Escalation : SUID Binaries

After my OSCP Lab days are over I decided to do a little research and learn more on Privilege Escalation as it is my weak area.So over some series of blog post I am going to share with you some information of what I have learnt so far. The methods mentioned over here are not my own. This is something what I have learnt by reading articles, blogs and solving CTFs SUID - Set User ID The binaries which has suid enabled, runs with elevated privileges. Suppose you are logged in as non root user, but this suid bit enabled binaries can run with root privileges. How does a SUID Bit enable binary looks like ? -r- s r-x---  1 hack-me-bak-cracked hack-me-bak         7160 Aug 11  2015 bak How to find all the SUID enabled binaries ? hack-me-bak2@challenge02:~$ find / -perm -u=s 2>/dev/null /bin/su /bin/fusermount /bin/umount /usr/lib/openssh/ssh-keysign /usr/lib/eject/dmcrypt-get-device /usr/lib/dbus-1.0/dbus-daemon-launch-helper /usr/bin/gpasswd /usr/bin/newgrp /usr/bin
Read more

Bluetooth Low Energy : Build, Recon,Enumerate and Attack !

Introduction In this post I will try to share some information on bluetooth low energy protocol. Bluetooth Low Energy ( BLE ) is Bluetooth 4.0.It has been widely used in creating "smart" devices like bulbs that can be controlled by mobile apps, or electrical switches that can be controlled by mobile apps. The terms Low Energy refers to multiple distinctive features that is operating on low power and lower data transfer. Code BLE Internals and Working The next thing what we need to know is a profile. Now every bluetooth device can be categorized based on certain specification which makes it easy. Here we will take a close look into two profiles of Bluetooth which is specifically designed for BLE. Generic Access Profile (GAP) - This profiles describes how two BLE devices defines discovery and establishment of connection with each other. There are two types of data payload that can be used. The Advertising Data Payload and Scan Response Payload . The GAP uses br
Read more