Intro to DNS

1
Intro to DNS

• SOEN321 - Information Systems Security

2
Contents

• Intro to DNS and Security

3
DNS

• Domain Name System
• a distributed naming service for the entire
  Internet (including WWW)
• provides unified host-name-to-network-address and
  vice-versa lookup needed for remote computing

ping yahoo.com Pinging yahoo.com
66.218.71.198 with 32 bytes of data Reply
from 66.218.71.198 bytes32 time113ms TTL244
4
DNS

• Other capabilities
• Info about Name Servers
• Canonical host names
• Mail Exchange (MX) records

5
DNS

• Hierarchy

root
net
org
com
mydomain
amazon
yahoo
www
6
DNS Tools in UNIX

• Tools
• host
• dig
• nslookup (deprecated)

7
DNS Tools Example
haida.mokhov host -a www Trying
"www.cs.concordia.ca" -gtgtHEADERltlt- opcode
QUERY, status NOERROR, id 3704 flags qr aa
rd ra QUERY 1, ANSWER 1, AUTHORITY 5,
ADDITIONAL 4 QUESTION SECTION www.cs.concor
dia.ca. IN ANY ANSWER
SECTION www.cs.concordia.ca. 86400 IN
CNAME spider.cs.concordia.ca. AUTHORITY
SECTION cs.concordia.ca. 86400 IN
NS clyde.concordia.ca. cs.concordia.ca.
86400 IN NS Jerome.McRCIM.McGill.EDU
. cs.concordia.ca. 86400 IN NS
pollen.cs.concordia.ca. cs.concordia.ca.
86400 IN NS manitou.cs.concordia.ca. c
s.concordia.ca. 86400 IN NS
alcor.concordia.ca. ADDITIONAL
SECTION alcor.concordia.ca. 81883 IN
A 132.205.7.51 clyde.concordia.ca.
81827 IN A 132.205.1.1 pollen.cs.conc
ordia.ca. 86400 IN A
132.205.44.61 manitou.cs.concordia.ca. 86400 IN
A 132.205.4.3 Received 243 bytes from
132.205.64.6353 in 3 ms
8
Name Serves

• Manage certain part of the name space
• Help clients to find info within the hierarchy
• DNS Query - returns list of name servers
• One of the NS resolves clients query
• If name not found, pass on to another NS
• The one that has the answer, sends it back, and
  the previous NS caches it for the future.

9
DNS Threats

• Recall from firewalls and the rest (D. Probst)
• Filtering DNS How does one prevent DNS
  contamination (corruption)? Mail can be rerouted,
  passwords captured, etc. We need separate DNS for
  inside and outside.
• Tunneling over DNS is used to gain command-line
  access to remote utilities. With a proxy-based
  firewall, deny external DNS access to anything
  other than your proxy server. If you are using a
  packet filter, your options for blocking a DNS
  tunnel are limited.

10
DNS Cache Poisoning

• Was more actual in the past
• A NS doesnt have a name for a requested host
• Asks another NS, another NS may have been weak
  and compromised, or for some other reason had
  invalid name for the host requested.
• Our NS would cache the wrong name, and this can
  propagate over
• So, real amazon.com might have been redirected to
  elsewhere, get the consequences...

11
DNS Cache Poisoning

• Attack types DNS spoofing, host name spoofing
• One of the reasons earlier versions of bind
  simply had bugs servers trusted by ltname, IPgt
• Solution
• DNS triple ltname, IP, public keygt

12
Host Name Spoofing

• PTR records
• Mapping IP to a domain name
• All the transactions a legitimate
• DNS server according to the protocol tries to
  resolve a query using legitimate DNS Server, but
  the PTR deliberately was made to point elsewhere.

13
DNS Spoofing

• In combo with hostname spoofing
• Messing up the PTR
• And forcing the NS to have invalid resource
  record (RR) in their cache.