catalog

DNS <https://blog.csdn.net/qq_36119192/article/details/82752515#DNS>

Domain transfer vulnerability
<https://blog.csdn.net/qq_36119192/article/details/82752515#%E5%9F%9F%E4%BC%A0%E9%80%81%E6%BC%8F%E6%B4%9E>

Spatial structure of domain name
<https://blog.csdn.net/qq_36119192/article/details/82752515#%E5%9F%9F%E5%90%8D%E7%A9%BA%E9%97%B4%E7%BB%93%E6%9E%84>

DNS Analytic process  
<https://blog.csdn.net/qq_36119192/article/details/82752515#DNS%E8%A7%A3%E6%9E%90%E8%BF%87%E7%A8%8B%C2%A0>

Various analytical records
<https://blog.csdn.net/qq_36119192/article/details/82752515#%E5%90%84%E7%A7%8D%E8%A7%A3%E6%9E%90%E8%AE%B0%E5%BD%95>

DNS Installation and deployment of server
<https://blog.csdn.net/qq_36119192/article/details/82752515#DNS%E6%9C%8D%E5%8A%A1%E5%99%A8%E7%9A%84%E5%AE%89%E8%A3%85%E4%B8%8E%E9%83%A8%E7%BD%B2>

Master slave DNS Construction of server :
<https://blog.csdn.net/qq_36119192/article/details/82752515#%C2%A0%20%E4%B8%BB%E4%BB%8EDNS%E6%9C%8D%E5%8A%A1%E5%99%A8%E7%9A%84%E6%90%AD%E5%BB%BA%EF%BC%9A>

forward DNS Server configuration
<https://blog.csdn.net/qq_36119192/article/details/82752515#%E8%BD%AC%E5%8F%91DNS%E6%9C%8D%E5%8A%A1%E5%99%A8%E7%9A%84%E9%85%8D%E7%BD%AE>

DNS

DNS(Domain Name Service)  Domain name resolution service , That is, the domain name and ip Do the corresponding conversion , utilize TCP and UDP Of 53 Port No
DNS System function :

* Forward analysis : Find the corresponding ip address
* Reverse analysis : according to ip Address search corresponding domain name
DNS Classification of servers :

* Primary name server : To store the relevant settings in this area DNS The server , It stores the original data of regional documents
* Secondary name server : Copy data from other servers , The data is a replica and cannot be modified
* Master name server : Provides data replication oriented DNS The server
* Cache domain name server : Get domain names by querying like root or other servers ip The analytic relation of , Cache query results locally , Speed up duplicate search
Domain transfer vulnerability

Domain transfer : The backup server is the master server copy , And use the obtained data to update its own database .  Synchronize the database between the primary and secondary servers , Need to use “DNS Domain transfer ”.

Domain transfer vulnerability : Because DNS Improper server configuration , Causing anonymous users to exploit DNS Domain transfer protocol gets all the DNS record .

Harm of domain transfer vulnerability : Network topology leaked to potential attackers , Includes some less secure internal hosts , Such as test server . Direct acceleration , Facilitate the attacker's invasion process .

Testing process :
1) input nslookup Command to enter interactive shell; 2) server The command parameter sets the query to use DNS The server ; 3) ls The command lists all domain names in a domain ;
4) exit Command exit




Spatial structure of domain name

Root domain (.)

Top level domain ( Top level domain includes organization domain and country / Regional top level domain (net,edu,com,gov,mail,org,cn,uk.... )

   -- Organization top level domain (net,edu,com,gov,mail,org....)

   -- country / Regional top level domain (cn,uk...)

Secondary domain name (baidu,taobao...)

Third level domain name (www,mail...)


Organization top level domain name

explain


gov

government sector


com

commercial enterprise


edu

Education sector


org

Civil society organizations


net

Network service organization


mil

Military sector


National top level domain name

explain


cn

China


hk

Hong Kong, China


uk

britain




 



DNS Analytic process  



DNS Domain name resolution process :

* Client access domain name , Check your host's DNS cache ( There is a time limit ), If the host cache has , Access the corresponding ip
* If the host computer DNS There is no cache , Check the host's hosts file , If so , Access the corresponding ip
* If hosts There is no document , The request is sent to the domain name server specified by the host .
* After the domain name server receives the request , Query local cache first , If there is such an entry , Then the domain name server will directly return the query results .
* If the record is not in the local cache , Then the domain name server sends the request to the root domain name server , The root domain name server returns a queried domain to the domain name server ( Subdomains of roots ) The address of the primary domain name server for .
* The local server sends a request to the primary domain name server returned in the previous step , The server accepting the request queries its own cache , If there is no such record , Then the address of the related subordinate domain name server is returned .
* Keep repeating the previous step , Until the corresponding access domain name is found ip address . then DNS The server matches the domain name ip Address sent to host , meanwhile DNS The server saves it locally .
therefore , priority :   local DNS cache > hosts file   > DNS The server
windows in hosts File storage path :  C:\Windows\System32\drivers\etc\hosts
Linux in hosts File storage path :       /etc/hosts

Various analytical records

type explain
A Host record , Record the corresponding ip
PTR Reverse address resolution record , record ip Corresponding domain name
CNAME Alias record
MX Mailbox exchange record
NS Server records
SOA Authoritative record
TXT Description for record
SRV Lists the servers that are providing a specific service
AAAA ipv6 Address record
A record
A (Address) Records are also called host records , Is used to specify the corresponding domain name IP Address record . Users can point the web server under the domain name to their own web server (web
server) upper . At the same time, you can also set the sub domain name of the domain name . Generally speaking A The record is the server's IP, Domain name binding A Record is telling DNS, When entering the domain name, it will guide you to set the DNS Of A Record the corresponding server . You can use the nslookup
-qt=a www.baidu.com To see A record .



PTR record
be relative to A record ,PTR The record is IP Address to domain name



CNAME record
CNAME Records are also known as alias records , It allows you to map multiple records to the same computer . For example, you created the following records :



We visit a1(a2,a3).baidu.com When , The DNS server will return a CNAME record , And point to a.baidu.com, Then our local computer will send another request , request a.baidu.com Analysis of , Then the domain name server will return a.baidu.com Of IP address .


When we want to point to many domain names on a computer , use CNAME It's convenient , Just like the example above , If we change the server IP 了 , We just need to replace it a.baidu.com
Of A Record it .
You can use the  nslookup -qt=cname a1.baidu.com  To see CNAME record .


MX record
MX Weight pairs of records mail Service is very important , When sending mail ,Mail The server resolves the domain name first , lookup mx record . Find the server with the least weight first ( For example, it is
10), If it can be connected , Then it will be sent ; If you can't connect mx Recorded as 10 Server for , Then send the email to the 20 Of mail Server .
There is an important concept here , weight 20 The server is configured as a temporary cache mail , When the weight 20 The server can be connected, and the weight is 10 Server time , Mail will still be sent with a weight of
10 Of Mail Server . of course , This mechanism needs to be Mail Configuration on the server .
You can use the nslookup  -qt=mx  baidu.com To see MX record .


TXT record  
TXT A record usually sets a description for a record , For example, you built a new one a.ezloo.com Of TXT record ,TXT Record content "this is a test TXT
record.", And then you use it nslookup -qt=txt a.ezloo.com , You can see it "this is a test TXT record" Words of .

except ,TXT It can also be used to verify all domain names , For example, your domain name is used Google A service for ,Google You will be asked to build one TXT record , then Google Verify that you have administrative rights for this domain name .
You can use the nslookup -qt=txt    baidu.com  To see TXT record



Here's what I'm talking about TXT record , We're going to talk TXT In the record SPF 了.SPF yes Sender Policy Framework
Abbreviation for , A kind of IP Address authentication technology of e-mail sender identity .
The receiving party will check the domain name first SPF record , To determine the sender's IP Is the address included in the SPF In the record , If , Think it's the right email , Otherwise, it will be considered as a forged email to be returned .
    SPF It can prevent people from faking you to send emails , Is an anti forgery mail solution . When you define your domain name SPF After recording ,
The email will be sent according to your SPF Record to confirm the connection IP Is the address included in the SPF In the record , If , It's the right email , Otherwise, it is considered as a forged email . 
Set the correct SPF Record can improve the success rate of sending foreign mail by mail system , It can also prevent others from fake your domain name to send email to some extent .

MX The function of the record is to indicate to the sender which mail servers there are for a certain domain name .SPF The role of MX contrary , It shows the recipient , Which mail servers are authenticated by a certain domain name and can send mail .

It can be seen from the definition ,SPF The main function of anti spam is anti spam , Mainly for those senders forged domain name spam .

AAAA record
AAAA Record is a direction IPv6 Record of address .
have access to nslookup -qt=aaaa  a.ezloo.com To see AAAA record .
NS record
NS Records are domain name server records , Used to specify which server the domain name is resolved by .
have access to nslookup -qt=ns   baidu.com To see .


TTL value
TTL=time to
live, Indicates that the resolution record is in DNS Cache time in the server . For example, when we request parsing www.ezloo.com When ,DNS The server found no such record , It's going to be next NS The server makes a request , After getting the record , The record is in DNS Save on server TTL The length of time for . When we send a request to parse again www.ezloo.com
When ,DNS The server directly returns the previous record , Don't ask NS The server .TTL Is the length of time in seconds , It is generally 3600 second

SOA record

Defines the authoritative name server in the domain



SRV record

Lists the servers that are providing a specific service

DNS Installation and deployment of server

Package required by the program :  bind (DNS Server package )
,bind-utils(DNS test tools , contain dig,host,nslookup etc. ),bind-chroot( send BIND Security enhancement tools running in the specified directory ),caching-nameserver( Cache DNS Basic configuration file of the server , It is recommended to install it )
Directory of executable file : /usr/sbin/named (Rhel7)     /etc/init.d/named (Rhel6)
Directory of configuration file :  /etc/named.conf
Directory of zone configuration file :/var/named/xxx.zone

* install DNS program : yum  -y  install  bind*
* Modify master profile :/etc/named.conf
* Add and modify zone profiles   /var/named/xxx.zone
* Modify file permissions : chown   named:named   /var/named/xxx.zone
* Open service , And verify      systemct  start  named  ;    nslookup  www.xie.com
Modify master profile : /etc/named.conf
options { listen-on port 53 { any; }; // Modify line listen-on-v6 port 53 { ::1; };
directory "/var/named"; dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt"; memstatistics-file
"/var/named/data/named_mem_stats.txt"; allow-query { any; }; // Modify line } zone "."
IN { // System defined root domain server , It has to be type hint; file "named.ca"; }; zone "xie.com." IN{
// Custom , Add forward resolution type master; // Master slave DNS file "xie.com.zone";
// Specifies the zone profile name , stay /var/named/ Under the table of contents }; zone "10.168.192.in-addr.arpa" IN{
// Custom , Add reverse resolution type master; file "xie.com.zone"; }; zone "mi.com." IN {
// Add resolution to another domain name type master; file "mi.com.zone" }
stay /var/named/  Directory respectively   xie.com.zone  and  mi.com.zone  file , And the configuration is as follows
// xie.com.zone File configuration $TTL 1D @ IN SOA www.xie.com. root.xie.com. ( // @ On behalf of the machine 0
; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS www.xie.com. MX
10 root.xie.com. // mailbox www IN A 192.168.10.100 // This must be written in the first item !! web IN A
192.168.10.110 root IN A 192.168.10.120 * IN A 192.168.10.130
// Add a default match , When none of the configuration files match , Match this item ftp IN CNAME www // to www.xie.com Add an alias ftp.xie.com
1 IN PTR web1.xie.com. // Add reverse resolution record 192.168.10.1 The resolution is web1.xie.com 2 IN PTR
web2.xie.com. // mi.com.zone File configuration $TTL 1D @ IN SOA www.mi.com. root.mi.com. (
0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS www.mi.com. MX
10 root.mi.com. www IN A 192.168.10.100 web IN A 192.168.10.200
  Master slave DNS Construction of server :

main DNS The server is based on the above configuration , In the main profile  /etc/named.conf  Add the following line , It means transfer is allowed
allow-transfer { 192.168.10.10; }; // allow from DNS Server's ip address
And then from DNS The server writes which domain name to synchronize zone, We only synchronize here  xie.com  This domain name  , The file path for synchronization is by default   /var/named/slaves 
lower
zone "xie.com." IN { type slave; file "slaves/xie.com.zone"; // Specify profile directory
masters { 192.168.10.124; }; // Designated master DNS IP }; zone "10.168.192.in-addr.arpa" IN{
type slave; file "slaves/xie.com.zone"; masters{ 192.168.10.128; }; };
Restart after configuration  named  service : systemctl restart  named  , Then synchronize the domain profile :  rndc  reload

forward DNS Server configuration

forward DNS The server is when you send a DNS Server request DNS When parsing , He put DNS The request was forwarded to another DNS Server

forward DNS The server also requires installation bind package : yum  -y  install  bind*

Then modify the main configuration file :/etc/named.conf
option{ listen-on port 53 { any; }; # modify allow-query { any; }; # modify forwarders
{ 192.168.10.10; }; # You are assigned to DNS Which request is forwarded to DNS The server }
Related articles :DNS The use of domain name detection tools whois,dnsmap,DIG,Layer
<https://blog.csdn.net/qq_36119192/article/details/84068625>