Home

Digging Up Dirt in the DNS Hierarchy, Part I

Issue 165

From Issue #165
January 2008

Jan 01, 2008  By Ron Aitchison
 in
Explore hidden secrets of the DNS hierarchy with a benign and systematic diagnostic and audit methodology using readily available tools.

Obtaining Tools

Dig is one of the many utilities made available with a normal distribution of BIND, which may be obtained from www.isc.org in source form, and is widely available as a package for most Linux distributions and is in the ports system for BSD. It also can be installed on Windows 2000, XP and Server 2003 for those administrators who work in heterogeneous environments. For casual use on Windows, there is no need to install BIND fully; simply unpack the Windows distribution zip file and copy dig.exe, libbind9.dll, libdns.dll, libisc.dll, libisccfg.dll and liblwres.dll onto suitable portable media.

fpdns is a Perl script, developed by two of the smartest guys in the DNS world (Roy Arends and Jakob Shlyter), and it can be obtained from www.rfc.se/fpdns, the ports collection in FreeBSD and by using get-apt install fpdns for Debian/Ubuntu users.

Dig Header Values

dig response HEADER values:

id: the 16-bit message ID supplied by the requester (the questioner) and reflected back unchanged by the responder (answerer). Identifies the transaction. Range 0 to 65535.

Flags may be one or more of the following values:

  • AA (Authoritative Answer): set if the response was received from a zone master or slave.

  • TC: (TrunCation): length greater than permitted, set on all truncated messages except the last one.

  • RD (Recursion Desired): set in a query and copied into the response if recursion is supported.

  • RA (Recursion Available): valid in a response and, if set, denotes recursive query support is available.

  • AD (Authenticated Data), DNSSEC only: indicates that the data was reliably authenticated.

  • CD (Checking Disabled), DNSSEC only: disables checking at the receiving server.

Status field response code:

  • 0 = NOERR: no error.

  • 1 = FORMERR: format error—the server was unable to interpret the query.

  • 2 = SERVFAIL: name server problem or lack of information. Often also returned with the same meaning as REFUSED.

  • 3= NXDOMAIN Name does not exist: meaningful only from an authoritative name server.

  • 4 = NOTIMPL: not implemented.

  • 5 = REFUSED: typically for policy reasons, for example, a zone transfer request.

Resources

DNS Statistics: dns.measurement-factory.com

BIND: www.isc.org

BIND Configuration: www.zytrax.com/books/dns

fpdns: www.rfc.se/fpdns

Ron Aitchison is the author of Pro DNS and BIND and loves nothing better than using dig to uncover bizarre DNS configurations. One day, real soon now, he is going to get a real life.

______________________

White Paper
More Resources
Fabric-Based Computing Enables Optimized Hyperscale Data Centers

Today’s modular x86 servers are compute-centric, designed as a least common denominator to support a wide range of IT workloads. Those generic, virtualized IT workloads have much different resource optimization requirements than hyperscale and cloud applications. They have resulted in a “one size fits all” enterprise IT architecture that is not optimized for a specific set of IT workloads, and especially not emerging hyperscale workloads, such as web applications, big data, and object storage. In this report, you will learn how shifting the focus from traditional compute-centric IT architectures to an innovative disaggregated fabric-based architecture can optimize and scale your data center.

Learn More

Sponsored by AMD

White Paper
More Resources
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy

Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6

Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.

Learn more about catching the bad guy in this free white paper.

Learn More

Sponsored by DLT Solutions