CRT Appendix C - Background Information Gathering and Open Source

What is DNS and its services?

Domain Name Server

Hostname to IP address translation

Host aliasing

Mail server aliasing

Load distribution

Why is DNS not centralised?

Presents a single point of failure

High volume of traffic

Distant centralised database

Maintenance

Doesn't scale

What is the structure of a DNS database, how would a request work?

Distributed, hierarchical database

Request - client wants IP for www.amazon.com

1) Client queries a root server to find .com DNS server

2) Client queries the .com DNS server to get amazon.com DNS server

3) Client queries the amazon.com DNS server to get the IP for www.amazon.com

What are root name servers? How many are there?

Highest level in the DNS hierarchy

13, labeled A through M

Directs requests to the appropriate Top Level Domain (TLD) servers

Provides the initial step in translating domain names into IP addresses

What are recursive and iterative DNS queries, what are the differences?

Recursive queries - fully resolves the requested domain name by traversing the entire DNS hierarchy for a resolution. Requires recursive DNS resolver and often caches DNS records for future queries.

Iterative queries - partially resolve, and delegate further resolution to the client or another server. Traverses parts of the DNS hierarchy and delegates further resolution accordingly.

Main difference - recursive query fully resolves domain name with a final IP address / Iterative partially resolves and delegates further resolution.

What is Type A DNS record?

Name is hostname

Value is IP address

'example.com IN A 190.0.1.2'

What is Type NS DNS record?

Name is domain

Value is IP address of authoritive name server

'example.com IN NS ns1.example.com'

What is Type CNAME DNS record?

Name is alias name for canonical name

Value is canonical name

'www.example.com IN CNAME example.com'

What is a Type MX DNS record?

Name is alias hostname name

Value is canonical name of mail server

'example.com IN MX 10 mail.example.com'

What is a Type SOA DNS record?

Start of Authority Record

Contains administrative information about domain name

'example.com IN SOA ns1.example.com. hostmaster.example.com'

What is a Type TXT DNS record?

Stores descriptive values, commonly used to help prevent email forging.

'example.com. IN TXT "v=spf1 include:_spf.example.com ~all"'

What is a Type PTR DNS record?

Pointer record - used for reverse DNS lookups to map an IP address to a domain name

'1.2.3.4.in-addr.arpa. IN PTR example.com'

What is a type HINFO DNS record?

Host Information

Provides info on hardware and OS of a host

'example.com IN HINFO "Intel" "Ubuntu"

What is DDNS? What are its security implications?

Dynamic DNS

Allows the mapping of a dynamic IP address to a domain name

Can link to malicious sites as IP address can constantly change

What is Domain WHOIS?

Databases that contain information about domain names

Info such as registrant, registrar, dates and contact info

What is IP WHOIS?

Databases that contain information about IP addresses.

Org/entity assigned to IP

Range of IP addresses

Contact info

Geographical data

What are some command-line queries used to query WHOIS?

whois - whois example.com

host - host -t SOA (state of authority) example.com

dig - dig +trace example.com