Table of Contents
Today we will learn the basics of setting up and maintaining a Domain Name Server using the popular BIND 9 package.
DNS can be fraught with difficulty for the unsuspecting newbie. To help keep this lab manageable, it will be a very basic introduction to setting up a DNS server, for a small LAN for IPv4 and IPv6. You will be given a template to work from.
Because DNS is such a crucial part of a network, and pretty much every service makes use of it, you will use the knowledge gained in this lab throughout the rest of this paper. You will be required to make changes to your DNS server in some of the labs that follow.
Please ensure that you read the entire lab before coming to class, otherwise it’s very likely you will not complete it during the lab.
dig is the Domain Information Groper, and is the successor to a tool called nslookup. There is also a simplified version of dig called host, but we won’t cover that. So without further ado, here are some ways you can use dig. You should be able to try all these on your server or client.
You will get more information by not using the
+short option. The answer will be found in the
Answer section. You’ll also get some supplementary information, as
well as result codes. Using the
is a good way of getting DNS information in shell scripts.
What is the IP address of www.isc.org? This is querying for an A record. The domain is that of the Internet Software Consortium, the organisation behind software such as BIND.
dig isc.org; <<>> DiG 9.6.1-P2 <<>> isc.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13764 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4 ;; QUESTION SECTION: ;isc.org. IN A ;; ANSWER SECTION: isc.org. 43200 IN A 188.8.131.52 ;; AUTHORITY SECTION: isc.org. 40039 IN NS ord.SNS-PB.isc.org. isc.org. 40039 IN NS ams.SNS-PB.isc.org. isc.org. 40039 IN NS ns.isc.afilias-nst.info. isc.org. 40039 IN NS sfba.SNS-PB.isc.org. ;; ADDITIONAL SECTION: ns.isc.afilias-nst.info. 83240 IN A 184.108.40.206 ams.SNS-PB.isc.org. 16723 IN A 220.127.116.11 ord.SNS-PB.isc.org. 16723 IN A 18.104.22.168 sfba.SNS-PB.isc.org. 16723 IN A 22.214.171.124 ;; Query time: 230 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Tue Apr 27 16:40:32 2010 ;; MSG SIZE rcvd: 204
The same query, but this time in short format.
dig +short www.isc.org126.96.36.199 Don’t panic if yours is different
Same as above,
-t A is the default
-t A asks for resource records of
A, which maps a hostname to an IPv4
dig +short -t A www.isc.org188.8.131.52
You can use dig without specifying a
fully qualified hostname. Note that dig
will not use the default search path (in
/etc/resolv.conf) by default; we can
change this behaviour and use the search path using
dig gallardo; <<>> DiG 9.7.0-P1 <<>> gallardo ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 38969 FAILED! ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;gallardo. IN A Because it wasn’t searching in our domain. …
dig +search +short gallardo184.108.40.206
What’s the (canonical) hostname for 220.127.116.11?
dig +short -x 18.104.22.168gallardo.otago.ac.nz.
Note that the above inverse query is equivalent to this:
dig +short -t PTR 22.214.171.124.in-addr.arpagallardo.otago.ac.nz.
For the following exercises you will use dig to explore your local network enviroment a little. Take a screenshot showing the results.
Who are the name servers for
dig +short -t NS otago.ac.nz
Which of the nameservers (each domain should have at
least two) is the master server? You can find this out by
looking at the
SOA for the domain.
dig -t SOA otago.ac.nz
You can query a particular name server using the
@ character before the nameserver’s DNS name or IP address. Select one of the nameservers you discovered in the previous step.
Who are the mail exchangers for
dig +short -t MX otago.ac.nz
Like web servers, which are also high-traffic, e-mail services can be designed in various ways for high availability of for load balancing. So if you get a single result, it may be that there are multiple servers behind one address and a device called a load balancer is acting as the entry point to a cluster of e-mail servers.
You can use dig to perform a zone transfer, which is to get a listing of all the data in a particular zone (domain).
Do not request this from a machine you do not administer, as it will be considered rude or hostile activity. You will have a chance to do the following later in the lab to your own network.
dig @127.0.0.1 -t AXFR
Once you have your DNS server up and
running, you can try to find out which version of
BIND is running on the server. Servers are
often configured to give a different result instead, to make it
harder for an attacker to know what software version you are
using. Don’t use
You can do this in your virtual machine later.
dig @localhost -t TXT -c chaos +short version.bind"9.7.0-P1"
chaos “class” (like the “inet”
class) refers to a historical networking system called
Chaosnet that you don’t need to know anything about. Just know
that this it was around when the Internet was still referred
to as the ARPAnet, and that the only reason we use it today is
as a way to determine the version of the software running on a
DNS server running BIND.