Intro to DNS - PowerPoint PPT Presentation
1 / 13
Title: Intro to DNS
1
Intro to DNS
- SOEN321 - Information Systems Security
2
Contents
- Intro to DNS and Security
3
DNS
- Domain Name System
- a distributed naming service for the entire
Internet (including WWW) - provides unified host-name-to-network-address and
vice-versa lookup needed for remote computing
ping yahoo.com Pinging yahoo.com
66.218.71.198 with 32 bytes of data Reply
from 66.218.71.198 bytes32 time113ms TTL244
4
DNS
- Other capabilities
- Info about Name Servers
- Canonical host names
- Mail Exchange (MX) records
5
DNS
- Hierarchy
root
net
org
com
mydomain
amazon
yahoo
www
6
DNS Tools in UNIX
- Tools
- host
- dig
- nslookup (deprecated)
7
DNS Tools Example
haida.mokhov host -a www Trying
"www.cs.concordia.ca" -gtgtHEADERltlt- opcode
QUERY, status NOERROR, id 3704 flags qr aa
rd ra QUERY 1, ANSWER 1, AUTHORITY 5,
ADDITIONAL 4 QUESTION SECTION www.cs.concor
dia.ca. IN ANY ANSWER
SECTION www.cs.concordia.ca. 86400 IN
CNAME spider.cs.concordia.ca. AUTHORITY
SECTION cs.concordia.ca. 86400 IN
NS clyde.concordia.ca. cs.concordia.ca.
86400 IN NS Jerome.McRCIM.McGill.EDU
. cs.concordia.ca. 86400 IN NS
pollen.cs.concordia.ca. cs.concordia.ca.
86400 IN NS manitou.cs.concordia.ca. c
s.concordia.ca. 86400 IN NS
alcor.concordia.ca. ADDITIONAL
SECTION alcor.concordia.ca. 81883 IN
A 132.205.7.51 clyde.concordia.ca.
81827 IN A 132.205.1.1 pollen.cs.conc
ordia.ca. 86400 IN A
132.205.44.61 manitou.cs.concordia.ca. 86400 IN
A 132.205.4.3 Received 243 bytes from
132.205.64.6353 in 3 ms
8
Name Serves
- Manage certain part of the name space
- Help clients to find info within the hierarchy
- DNS Query - returns list of name servers
- One of the NS resolves clients query
- If name not found, pass on to another NS
- The one that has the answer, sends it back, and
the previous NS caches it for the future.
9
DNS Threats
- Recall from firewalls and the rest (D. Probst)
- Filtering DNS How does one prevent DNS
contamination (corruption)? Mail can be rerouted,
passwords captured, etc. We need separate DNS for
inside and outside. - Tunneling over DNS is used to gain command-line
access to remote utilities. With a proxy-based
firewall, deny external DNS access to anything
other than your proxy server. If you are using a
packet filter, your options for blocking a DNS
tunnel are limited.
10
DNS Cache Poisoning
- Was more actual in the past
- A NS doesnt have a name for a requested host
- Asks another NS, another NS may have been weak
and compromised, or for some other reason had
invalid name for the host requested. - Our NS would cache the wrong name, and this can
propagate over - So, real amazon.com might have been redirected to
elsewhere, get the consequences...
11
DNS Cache Poisoning
- Attack types DNS spoofing, host name spoofing
- One of the reasons earlier versions of bind
simply had bugs servers trusted by ltname, IPgt - Solution
- DNS triple ltname, IP, public keygt
12
Host Name Spoofing
- PTR records
- Mapping IP to a domain name
- All the transactions a legitimate
- DNS server according to the protocol tries to
resolve a query using legitimate DNS Server, but
the PTR deliberately was made to point elsewhere.
13
DNS Spoofing
- In combo with hostname spoofing
- Messing up the PTR
- And forcing the NS to have invalid resource
record (RR) in their cache.
