dns notes from a hsgr workshop http://hackerspace.gr

1. DNS Workshop
DNS Workshop
Evaggelos Balaskas
Serial: 2014011901

2. disclaimer
• This presentation is just a supported
material based on a dns workshop made
on http://hackerspace.gr.
• May have errors! Plz email me to correct
them.
• At the time you are reading this, the
examples my have different values.
• The domains used in this presentation are
randomly selected.
• Be aware of the serial in the first page!

3. Before DNS, What?
• /etc/hosts
• C:Windowssystem32driversetchosts
.
• Postel - Mockapetris

4. Now, What?
• /etc/resolv.conf
●
Nameserver 212.205.212.205

6. Domain Name System
• domain: hackerspace.gr.
• root NS
• TLD
• ITE NS
• dns1.papaki.gr
•@
.
gr
hackerspace
@
185.4.135.249
• dig +trace hackerspace.gr.
(notice the dot in the end)

7. Root ns

8. Root ns

9. root ns
• http://www.internic.net/domain/named.root
• > dig.exe NS . @a.root-servers.net.

10. Top Level Domains
• http://www.iana.org/domains/root/db
• Greek TLDs
.gr
country-code
ICS-FORTH GR
.δοκιμή
test
Internet Assigned
Numbers Authority

11. Top Level Domain: gr. (ITE)
• gr.
• gr.
• gr.
• gr.
• gr.
• gr.
• gr.
• gr.
10748
10748
10748
10748
10748
10748
10748
10748
IN
IN
IN
IN
IN
IN
IN
IN
NS
NS
NS
NS
NS
NS
NS
NS
gr-br.ics.forth.gr.
gr-m.ics.forth.gr.
estia.ics.forth.gr.
grdns.ics.forth.gr.
gr-at.ics.forth.gr.
gr-us.ics.forth.gr.
gr-ix.ics.forth.gr.
grdns-de.denic.de.

12. Check gr domains
• http://www.gr
• dig +trace NS hackerspace.gr
• dig +trace NS ebalaskas.gr
• dig +trace NS goethe.gr
• Check the differences !
• dig +trace www.hackerspace.gr.
• dig +trace A hackerspace.gr.

13. Check domains
• > dig A www.ert.gr +short
• > dig NS nerit.gr +short
[de nada!]
ITE does not serve nerit.gr but ...
(see next slide)

15. servers
• NS
Vs
• Auth
Vs
• Zone files Vs
DNS
Resolvers (caching/recursive)
RAM (memory)
• ns1.otenet.gr
• ns2.otenet.gr
(serve zone files – don’t ask ITE)
(serve zone files – don’t ask ITE)
• dns1.otenet.gr
●
dns2.otenet.gr
(ask root NS – ask ITE – ask NS)
(ask root NS – ask ITE – ask NS)
All OTE customers MUST use
●
212.205.212.205 - dns1 & dns2
●

16. Public DNS – caching servers
• Google Public DNS (they record your dns queries)
●
8.8.8.8
●
8.8.4.4
• opennicproject
●
85.126.4.170 (T, AT)
●
151.236.10.135 (AT)
( the above IPs are just an example, click here:
http://www.opennicproject.org/ )
• opendns
●
208.67.222.222 (resolver1.opendns.com)
●
208.67.220.220 (resolver2.opendns.com)

17. RR – resource records
• SOA - Start of Authority Record
• NS - Name Server Record
• MX - Mail Exchanger Record
• A - IPv4 Address Record
• CNAME - Host Alias Record
• SRV - Services Record
• TXT - Text Record
• PTR - Pointer Record

18. Start Of Authority
> dig soa ebalaskas.gr +short
ns14.ebalaskas.gr. ebalaskas.ebalaskas.gr. 2012052408
172800 3600 1209600 86400
•
•
•
•
•
•
domain: ebalaskas.gr
TTL: 86400
Master NS: ns14.ebalaskas.gr.
Mail: ebalaskas.ebalaskas.gr.
Serial Number: 2012052408
Refresh: 172800 (when the slave will try to refresh
the zone from the master)
• Retry: 1h (if the slave fails to contact the master)
• Expiry: 2w (slave remove the zone from memory)
• Minumum: 24h (slave remove the zone from memory if
Non eXistent DOMAIN)

19. Serial number
• Integer number
• Must always be greater than the previous
value
• We change the serial on every DNS
change
• Is the way to notify the slave NS that a
change has occurred
• We use the reverse date format + AA of
the change
• eg. 2013/06/20-01 -> 2013062001

20. NOTIFY
• Master NS sends notifies (UDP packages)
to all slaves NS
(NS RR in the zone file)
• Slaves NS check their SERIAL with master’s
SERIAL
• If master’s serial greater than slave’s serial
then

pull the zone (zone transfer)

21. TTL Time to Live
How many seconds a DNS
(caching/resolver) should:
• remember a record
• should ask again the master NS for
something
• or keep records from a zone (if expired)
in memory.
• TTL is the reason we (sometimes) need to
flush!

22. dns flushing
A simple method to remove a specific
entry or an entire zone from the
memory/cache of a resolver name server.
Useful when you dont want to wait till the
TTL expire.

23. ttl
> dig CNAME www.otenet.gr +nocomments +noqr
+nocmd +nostats +noauthority +noadditional
www.otenet.gr.
86074 IN
CNAME otenet.gr.
> dig CNAME www.otenet.gr +nocomments +noqr
+nocmd +nostats +noauthority +noadditional
www.otenet.gr.
86072 IN
CNAME otenet.gr.

24. ORIGIN
• With origin we refer to the domain, or the
zone file.
• @ is the representative character
• Origin can ONLY be A record
eg. yellowpagesbusiness.gr
@
IN
A
195.170.6.20
www
IN
CNAME xo.gr.

25. MX
> dig MX gmail.com +short
5
10
20
30
40
gmail-smtp-in.l.google.com.
alt1.gmail-smtp-in.l.google.com.
alt2.gmail-smtp-in.l.google.com.
alt3.gmail-smtp-in.l.google.com.
alt4.gmail-smtp-in.l.google.com.
mx defines the mail servers that recieving
emails for a domain/email address.

26. A - CNAME
• hostname IN A 1.2.3.4
eg.
• ebalaskas.gr IN A 158.255.214.14
• hostname IN CNAME fqdn
eg.
• www IN CNAME ebalaskas.gr.
• A fqdn must always finish with a dot (.) or
else is a reference to another record
inside the dns zone

27. Round-robin DNS
An example of DNS round robin (a poor
man’s balancing mechanism):
eg. example.com
www IN A 1.2.3.4
www IN A 2.3.4.5
(sometimes here!)
(sometimes there!)

28. CDN: Web hosting
• eg. webhosting on akamai or cloudflare
• They serve a different www (IP) according
to the most network route wise (cost
efficient) – looks like geolocation!!!
• They don’t serve A records! only CNAMEs
to www
• CDN stands for content delivery network

29. Check a domain
eg cdn webhosting: www.plaisio.gr
• GREECE
> dig www.plaisio.gr +short
plaisio.gr.edgesuite.net.
a944.g.akamai.net.
212.205.126.41
212.205.126.34
• GERMANY
>dig www.plaisio.gr +short
plaisio.gr.edgesuite.net.
a944.g.akamai.net.
87.245.215.73
87.245.215.23

30. TXT
• txt RR are simply TEXT fields.
• max length: 4000characters
Syntax:
hostname TTL IN TXT “TEXT TEXT TEXT”
So the customers must send us the text
inside double quotes (plz don’t fax)

31. TXT
• is the only resource record that can
expand to more than one line
syntax:
joe IN TXT ("Located in a black hole"
" somewhere over the rainbow")
Be carefuly when using custom parsers

32. Some examples:
• DZC
IN
•@
3600
•@
IN
TXT
IN
TXT
"eoMi3Yk“
TXT
"MS=ms70870252"
"v=spf1 a mx ip4:195.170.6.0/24 -all"
• turbo-smtp._domainkey IN
TXT
"k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBg
QDT3MWLni6so1q9eQggRYBCLHFjohZkCnYHH8gZNDBm6zR
rodRVpWpJQW7x3cWWiuBhS1X0IfBB80l5tqFa+yc+mVgnk8t
kUzOHFbPQPp4fi7egTpMtsQW/ZMrxw73SItNvPr72qvJTYZNP
xarMx+ULjEWybcfEdXHPY8jslGcpCwIDAQAB"

33. SPF
• Sender Policy Framework
• Mostly Microsoft
• define the mail servers that can send an
email for the domain they serve
• The DNS check comes from the receiver
mail server
(see last page for reference)

34. DKIM
• In the TXT RR is the public key of the
receiver mail server.
• If defined, the sender mail server can
encrypt the communication between the
two mail servers.
• We cant convert a customer request from
FAX. Plz ask text file from the customer.
Pretty PLZ!

35. SRV
• Service Resource Record
• Define a service for a domain and the server that serve this
service
• Syntax:
• _service._protocol IN SRV PRI WEIGHT PORT record
•
•
•
•
•
•
Mostly for xmpp communications,
SIP (voip communications)
web service
mail service
ntp service
etc
(see last page for reference)

36. some examples:
• _http._tcp
IN
SRV 10 5 80 www.tickethour.gr.
• _autodiscover._tcp IN
mail.yellowpages.gr.
SRV
• _ntp._udp
10 0 123
IN
SRV
• _xmpp-server._tcp
IN
server.l.google.com.
• _sip._tcp IN
SRV
SRV
10
0
443
creta.logifer.gr.
5 0 5269 xmpp-
10 0 5061 sip.logifer.gr.

37. PTR
• dig +trace -x 185.4.135.249
• A.IN-ADDR-SERVERS.ARPA
• B.IN-ADDR-SERVERS.ARPA
• C.IN-ADDR-SERVERS.ARPA
• D.IN-ADDR-SERVERS.ARPA
• E.IN-ADDR-SERVERS.ARPA
• F.IN-ADDR-SERVERS.ARPA
(operated
(operated
(operated
(operated
(operated
(operated
by
by
by
by
by
by
ARIN)
ICANN)
AfriNIC)
LACNIC)
APNIC)
RIPE NCC)

38. reverse zone
> dig 135.4.185.in-addr.arpa. +trace
135.4.185.in-addr.arpa.172800 IN NSdns2.papaki.gr.
135.4.185.in-addr.arpa.172800 IN NSdns1.papaki.gr.
https://apps.db.ripe.net/search/query.html?searchtext=
135.4.185.in-addr.arpa

39. subdomains
• www.cs.teiath.gr.
• HOST
• www.cs
• www
 DOMAIN
 teiath.gr (not subdomain)
 cs.teiath.gr (subdomain, lets check it)
• > dig A www.cs.teiath.gr +short
• 195.130.109.88
• > dig NS cs.teiath.gr +short
• athena.teiath.gr.
• hermes.teiath.gr.

40. DNS Ports
UDP port 53 (stateless)
TCP port 53 (statefull)
default udp,
transform to tcp when >512bytes

41. Zone transfer
• Transfer zone from authoritave name
server to slave name servers.
• That makes dns a distribute service
• Authoritave name servers MUST open
their firewall for UDP and TCP protocols
on UDP/TCP port 53

42. Useful links
• http://www.zytrax.com/books/dns/
• http://www.internic.net/domain/named.root
• http://www.iana.org/domains/root/db
• http://www.kloth.net/services/dig.php
• http://www.iana.org/
• http://www.ripe.net/
• http://www.openspf.org/
●
http://www.gr-ix.gr/services/statistics/