module 8
Download
Skip this Video
Download Presentation
Module 8

Loading in 2 Seconds...

play fullscreen
1 / 22

Module 8 - PowerPoint PPT Presentation


  • 139 Views
  • Uploaded on

Module 8. DNS Tools & Diagnostics. DNS Tools & Diagnostics. Dig always available with BIND (*nix) and windows Nslookup available on windows and *nix Dig on windows – unpack zip, copy only dig.exe, libbind9.dll, libdns.dll, libisc.dll, libisccfg.dll, liblwres.dll to portable media

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Module 8' - alaric


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
module 8
Module 8

DNS Tools & Diagnostics

dns tools diagnostics
DNS Tools & Diagnostics
  • Dig always available with BIND (*nix) and windows
  • Nslookup available on windows and *nix
  • Dig on windows – unpack zip, copy only dig.exe, libbind9.dll, libdns.dll, libisc.dll, libisccfg.dll, liblwres.dll to portable media
  • SamSpade.org provides windows GUI utility with dig. Freeware.
slide3
DIG
  • Command line tool – tons of options
  • Powerful – gives precise DNS RRs
  • Typically only available with BIND
  • Casual use on Windows
    • Unpack Windows zip file
    • Copy to portable media dig.exe, libbind9.dll, libdns.dll, libisc.dll, libisccfg.dll, liblwres.dll
  • Google for SamSpade.org GUI DNS tools including DIG
dig command format
Dig Command Format
  • Tons of options to govern formatting and behavior
    • -x required for reverse lookup
  • @dns = optionally defines the name or IP of name server to send the query – default is locally defined DNS (typically recursive)
  • target-name = name required
  • type = RR type (default is A) Additional pseudo types any and axfr

dig [opts] [@dns] target-name type

dig commands
Dig Commands

dig www.example.com

Returns A RR of www.example.com using local DNS

dig @ns1.example.com www.example.com

Returns A RR of www.example.com using using ns1.example.com authoritative name server for domain

dig www.example.com any

Returns any RRs with label of www.example.com using local DNS

dig –x 192.168.2.5

Returns reverse lookup for 192.168.2.5 using local DNS

dig command
DIG command

dig @ns1.example.com www.example.com

dig response
DIG Response

; <<>> DiG 9.4.1-P1 <<>> ns1.example.com www.example.com

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49319

;; flags: qr rd ra aa; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:

;www.example.com. IN A

;; ANSWER SECTION:

www.example.com. 5 IN A 10.10.0.5

www.example.com. 5 IN A 10.10.0.6

;; AUTHORITY SECTION:

example.com. 172800 IN NS ns1.example.com.

example.com. 172800 IN NS ns2.example.com.

;; ADDITIONAL SECTION:

ns1.example.com. 3000 IN A 10.10.0.8

ns2.example.com. 3000 IN A 10.10.0.9

;; SERVER: 192.5.6.30#53(192.5.6.30)

dig response1
DIG Response
  • May contain up to 5 sections
  • Header – flags, status, id
  • QUESTION SECTION
    • The query
  • ANSWER SECTION
    • Present only if successful
  • AUTHORITY SECTION
    • One or more name servers
  • ADDITIONAL SECTION
    • Typically A/AAAA RRs of name servers
dns flag values
DNS Flag Values

QR – Query response received. Indicates direction of query

AA - Authoritative Answer. Set if the response was received from a zone master or slave.

TC - TrunCation - length greater than permitted, set on all truncated messages except the last one.

RD - Recursion Desired - set in a query and copied into the response if recursion supported.

RA - Recursion Available - valid in a response and if set denotes recursive query support is available.

AD - Authenticated Data. DNSSEC only. Indicates that the data was reliably authenticated.

CD - Checking Disabled. DNSSEC only. Disables checking at the receiving server.

dns status values
DNS Status Values

0 = NOERR. No error.

1 = FORMERR. Format error - the server was unable to interpret the query.

2 = SERVFAIL – name server problem or lack of information. Often also returned with the same meaning as REFUSED.

3= NXDOMAIN Name does not exist - meaningful only from an authoritative name server.

4 = NOTIMPL Not Implemented.

5 = REFUSED - typically for policy reasons, for example, a zone transfer request.

dig result
DIG Result
  • No errors (NOERROR)
  • Flags query response, recursion desired, recursion available, authoritative
  • Answer = 2 A RRs for the web server
  • Authority = 2 name servers
  • Additional = 2 A RRs of name servers
dig commands1
DIG commands

dig @a.root-servers.net www.example.com

dig response2
DIG Response

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15570

;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 14

;; WARNING: recursion requested but not available

;; QUESTION SECTION:

;www.example.com. IN A

;; AUTHORITY SECTION:

com. 172800 IN NS A.GTLD-SERVERS.NET.

com 172800 IN NS M.GTLD-SERVERS.NET.

;; ADDITIONAL SECTION:

A.GTLD-SERVERS.NET 172800 IN A 192.5.6.30

A.GTLD-SERVERS.NET. 172800 IN AAAA 2001:503:a83e::2:30

....

;; Query time: 38 msec

;; SERVER: 198.41.0.4#53(198.41.0.4)

dig response3
DIG Response
  • No error = NOERROR
  • Status = query response, recursion desired
  • No answer section
  • Authority = multiple
  • Additional = multiple A RRs
  • This is a referral
nslookup
NSLOOKUP
  • Available on windows and with BIND (*nix)
  • Command line and interactive mode
  • Default pretty print output
  • Useful quick check
  • depends on mindset
    • Detailed data or overview
    • Use –d2 option for RRs

nslookup [opts] target [dns]

nslookup commands
NSLOOKUP Commands

nslookup -type=MX example.com

Gets mail server records for example.com using locally defined name server

nslookup 192.168.2.1

Gets reverse mapped name for 192.168.2.1

nslookup www.example.com ns1.example.com

Gets A RR for www.example.com using name server ns1.example.com

nslookup

Enter interactive mode – exit to terminate

nslookup1
NSLOOKUP

# nslookup www.example.com

Server: ns1.example.net

Address: 192.168.6.73

Name: www.example.com

Address: 192.168.2.80

# nslookup www.example.com ns1.example.com

Server: ns1.example.com

Address: 192.168.2.53

Name: www.example.com

Address: 192.168.2.80

additional tools bind
Additional Tools - BIND
  • named-checkzone, named-checkconf – validation utilities
  • Rndc, rndc-confgen – remote control of name server (optionally secure)
  • nsupdate - Dynamic Update (DDNS) of DNS RRs
  • dnssec-keygen, dnssec-signzone – secure DNS cryptographic tools
dns logging
DNS Logging
  • BIND defaults to syslog (*nix)
  • BIND Controlled by logging clause
  • Windows DNS Event log via DNS console or Event log (DNS)
    • Debug log default systemroot\System32\Dns\Dns.log (text file) DNS console Properties->logging
bind log analysis
BIND Log Analysis
  • stream log carefully (category)
  • single or multiple logs
  • watch log size! (use version/size)
  • iterate based on experience
  • post processing tools
  • know what a normal log looks like
bind log analysis1
BIND Log Analysis

lame-servers: unexpected RCODE (REFUSED)

resolving 'mail10fr2.emthtpmy1.net/A/IN': 213.251.188.141#53

update-security: client 69.196.169.154#49160:

update 'mediazoneplus.com/IN' denied

security: client 93.174.93.72#35411: query (cache)

'doc.gov/ANY/IN' denied

lame-servers: unexpected RCODE (SERVFAIL) resolving

'cns.electro-com.ru/A/IN': 86.110.161.228#53

lame-servers: host unreachable resolving

'mumns5.mtnl.net.in/A/IN': 198.32.64.12#53

security: client 12.190.240.131#9980: query (cache)

'google.com/A/IN' denied

lame-servers: connection refused resolving

'pdns5.ultradns.info/A/IN': 2001:500:1a::1#53

security: client 128.223.8.114#45985: query (cache)

'com/ANY/IN' denied

lame-servers: connection refused resolving

'211.142.235.91.in-addr.arpa/PTR/IN': 2001:470:300::2#53

quick quiz
Quick Quiz
  • What is the default RR type for dig?
  • What is the default RR type for nslookup?
  • Name any BIND utility?
  • Can you run dig on windows?
  • Dig command for mx RR for google.com?
  • Nslookup command for mx RR for google.com?
ad