Module 8 DNS Tools & Diagnostics. Objectives Understand dig and nslookup Understand BIND toolset Understand BIND logs Understand wire level messages.

Slides:



Advertisements
Similar presentations
Chapter 16. Windows Internet Name Service(WINS) Network Basic Input/Output System (NetBIOS) N etBIOS over TCP/IP (NetBT) provides commands and support.
Advertisements

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
Implementing Domain Name System
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
DNS Session 4: Delegation and reverse DNS Joe Abley AfNOG 2006 workshop.
Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 8: Managing and Troubleshooting DNS.
Chapter 13 Chapter 13: Managing Internet and Network Interoperability.
Domain Name System: DNS
Hands-On Microsoft Windows Server 2003 Administration Chapter 9 Administering DNS.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
Presented by Neeta Jain CISC 856 TCP/IP and Upper Layer Protocols RFC 1034 & RFC 1035.
Domain Name Services Oakton Community College CIS 238.
1 Enabling Secure Internet Access with ISA Server.
Linux Networking Commands
Domain Name System (DNS) Ayitey Bulley Session-1: Fundamentals.
Module 3 DNS Types.
Tony Kombol ITIS Who knows this? Who controls this? DNS!
Advanced Module 3 Stealth Configurations.
Name Resolution Domain Name System.
Netprog: DNS and name lookups1 Address Conversion Functions and The Domain Name System Refs: Chapter 9 RFC 1034 RFC 1035.
1 Objectives Discuss the basics of the Domain Name System (DNS) and its terminology Configure DNS clients Install a standard DNS server on Server 2008.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 17 Domain Name System (DNS)
Troubleshooting. Why Troubleshoot? What Can Go Wrong? –Misconfigured zone –Misconfigured server –Misconfigured host –Misconfigured network.
1 DNS: Domain Name System People: many identifiers: m SSN, name, Passport # Internet hosts, routers: m IP address (32 bit) - used for addressing datagrams.
14 DNS : The Domain Name System. 14 Introduction - Problem Computers are used to work with numbers Humans are used to work with names ==> IP addresses.
October 15, 2002Serguei A. Mokhov, 1 Intro to DNS SOEN321 - Information Systems Security.
Chapter 17 Domain Name System
DNS Related Commands Sayed Ahmed Computer Engineering, BUET, Bangladesh (Graduated on 2001 ) MSc, Computer Science, U of Manitoba, Canada
© NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.Creative Commons Attribution 3.0 Unported License Troubleshooting.
25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 6: Name Resolution.
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
Module 5 BIND Configuration. named.conf – controls operational features Located - Linux: /etc/named.conf /etc/bind/named.conf Located- BSD: /usr/local/etc/named.conf.
Netprog: DNS and name lookups1 Address Conversion Functions and The Domain Name System Refs: Chapter 9 RFC 1034 RFC 1035.
Objectives Discuss the basics of the Domain Name System (DNS) and its terminology Configure DNS clients Install a standard DNS server on Server 2008 Create.
Module 2 Zone Files. Objective Understand the idea of a zone and how it relates to a domain name understand zone file structure Understand the major Resource.
1 Kyung Hee University Chapter 18 Domain Name System.
Tony Kombol ITIS DNS! overview history features architecture records name server resolver dnssec.
Domain Name System Refs: Chapter 9 RFC 1034 RFC 1035.
1 Internet Network Services. 2 Module - Internet Network Services ♦ Overview This module focuses on configuring and customizing the servers on the network.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
Module 8 DNS Tools & Diagnostics. Dig always available with BIND (*nix) and windows Nslookup available on windows and *nix Dig on windows – unpack zip,
DNS DNS overview DNS operation DNS zones. DNS Overview Name to IP address lookup service based on Domain Names Some DNS servers hold name and address.
Linux Operations and Administration
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 18 Domain Name System (DNS)
AfNOG-2003 Domain Name System (DNS) Ayitey Bulley
Module 4 DNS Installation. DNS Software BIND (80+ %) Berkeley Internet Name Domain NSD (Name Server Daemon)
OPTION section It is the first section of the named.conf User can use only one option statement and many option-value pair under the section. Syntax is.
Domain Name System (DNS) Joe Abley AfNOG Workshop, AIS 2014, Djibouti Session-1: Fundamentals.
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
Troubleshooting. Why Troubleshoot? What Can Go Wrong? –Misconfigured zone –Misconfigured server –Misconfigured host –Misconfigured network.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.
1 Lecture A.3: DNS Security r Domain Name Service r Security Problems in DNS.
1 CMPT 471 Networking II DNS © Janice Regan,
Domain Name System Tony Kombol ITIS 3110.
Module 5: Resolving Host Names by Using Domain Name System (DNS)
IMPLEMENTING NAME RESOLUTION USING DNS
Configuring and Troubleshooting DNS
Chapter 19 Domain Name System (DNS)
IIS.
RPZ Configuration DNS RPZ Configuration Lecturer: Ron Aitchison
Domain Name System Refs: Chapter 9 RFC 1034 RFC 1035.
Domain Name System: DNS
Presentation transcript:

Module 8 DNS Tools & Diagnostics

Objectives Understand dig and nslookup Understand BIND toolset Understand BIND logs Understand wire level messages

DNS Tools & Diagnostics Dig always available with BIND (*nix) and windows Nslookup available on windows and *nix Dig on windows – unpack zip, copy only dig.exe, libbind9.dll, libdns.dll, libisc.dll, libisccfg.dll, liblwres.dll to portable media SamSpade.org provides windows GUI utility with dig. Freeware.

DIG Command line tool – tons of options Powerful – gives precise DNS RRs Typically only available with BIND Casual use on Windows Unpack Windows zip file Copy to portable media dig.exe, libbind9.dll, libdns.dll, libisc.dll, libisccfg.dll, liblwres.dll Now an install option

Dig Command Format Tons of options to govern formatting and behavior -x required for reverse = optionally defines the name or IP of name server to send the query – default is locally defined DNS (typically recursive) target-name = name required type = RR type (default is A) Additional pseudo types any and axfr dig [opts] target-name type

Dig Commands dig Returns A RR of using local DNS Returns A RR of using using ns1.example.com authoritative name server for domain dig any Returns any RRs with label of using local DNS dig –x Returns reverse lookup for using local DNS

DIG command

DIG Response ; > DiG P1 > ns1.example.com ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr rd ra aa; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ; IN A ;; ANSWER SECTION: 5 IN A IN A ;; AUTHORITY SECTION: example.com IN NS ns1.example.com. example.com IN NS ns2.example.com. ;; ADDITIONAL SECTION: ns1.example.com IN A ns2.example.com IN A ;; SERVER: #53( )

DIG Response May contain up to 5 sections Header – flags, status, id QUESTION SECTION The query ANSWER SECTION Present only if successful AUTHORITY SECTION One or more name servers ADDITIONAL SECTION Typically A/AAAA RRs of name servers

DNS Flag Values QR – Query response received. Indicates direction of query AA - Authoritative Answer. Set if the response was received from a zone master or slave. TC - TrunCation - length greater than permitted, set on all truncated messages except the last one. RD - Recursion Desired - set in a query and copied into the response if recursion supported. RA - Recursion Available - valid in a response and if set denotes recursive query support is available. AD - Authenticated Data. DNSSEC only. Indicates that the data was reliably authenticated. CD - Checking Disabled. DNSSEC only. Disables checking at the receiving server.

DNS Status Values 0 = NOERR. No error. 1 = FORMERR. Format error - the server was unable to interpret the query. 2 = SERVFAIL – name server problem or lack of information. Often also returned with the same meaning as REFUSED. 3= NXDOMAIN Name does not exist - meaningful only from an authoritative name server. 4 = NOTIMPL Not Implemented. 5 = REFUSED - typically for policy reasons, for example, a zone transfer request.

DIG Result No errors (NOERROR) Flags query response, recursion desired, recursion available, authoritative Answer = 2 A RRs for the web server Authority = 2 name servers Additional = 2 A RRs of name servers

DIG commands

DIG Response ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 14 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ; IN A ;; AUTHORITY SECTION: com IN NS A.GTLD-SERVERS.NET. com IN NS M.GTLD-SERVERS.NET. ;; ADDITIONAL SECTION: A.GTLD-SERVERS.NET IN A A.GTLD-SERVERS.NET IN AAAA 2001:503:a83e::2: ;; Query time: 38 msec ;; SERVER: #53( )

DIG Response No error = NOERROR Status = query response, recursion desired No answer section Authority = multiple Additional = multiple A RRs This is a referral

NSLOOKUP Available on windows and with BIND (*nix) Command line and interactive mode Default pretty print output Useful quick check depends on mindset Detailed data or overview Use –d2 option for RRs nslookup [opts] target [dns]

NSLOOKUP Commands nslookup -type=MX example.com Gets mail server records for example.com using locally defined name server nslookup Gets reverse mapped name for nslookup ns1.example.com Gets A RR for using name server ns1.example.com nslookup Enter interactive mode – exit to terminate

NSLOOKUP # nslookup Server: ns1.example.net Address: Name: Address: # nslookup ns1.example.com Server: ns1.example.com Address: Name: Address:

Additional Tools - BIND named-checkzone, named-checkconf – validation utilities Rndc, rndc-confgen – remote control of name server (optionally secure) nsupdate - Dynamic Update (DDNS) of DNS RRs dnssec-keygen, dnssec-signzone – secure DNS cryptographic tools

DNS Logging BIND defaults to syslog (*nix) BIND Controlled by logging clause Windows DNS Event log via DNS console or Event log (DNS) Debug log default systemroot\System32\Dns\Dns.log (text file) DNS console Properties- >logging

BIND Log Analysis stream log carefully (category) single or multiple logs watch log size! (use version/size) iterate based on experience post processing tools know what a normal log looks like

BIND Log Analysis lame-servers: unexpected RCODE (REFUSED) resolving 'mail10fr2.emthtpmy1.net/A/IN': #53 update-security: client #49160: update 'mediazoneplus.com/IN' denied security: client #35411: query (cache) 'doc.gov/ANY/IN' denied lame-servers: unexpected RCODE (SERVFAIL) resolving 'cns.electro-com.ru/A/IN': #53 lame-servers: host unreachable resolving 'mumns5.mtnl.net.in/A/IN': #53 security: client #9980: query (cache) 'google.com/A/IN' denied lame-servers: connection refused resolving 'pdns5.ultradns.info/A/IN': 2001:500:1a::1#53 security: client #45985: query (cache) 'com/ANY/IN' denied lame-servers: connection refused resolving ' in-addr.arpa/PTR/IN': 2001:470:300::2#53

DNS Diagnostics (Wire Level) wireshark is the easiest way load wireshark-charlotte-com.txt dns filter partial expansion and/or load dns-charlotte-com.pcap dns traffic only filter both use the domain charlottecrystalinteriordesign.com

DNS - Diagnostics (Wire) Internet Protocol, Src: ( ), Dst: ( ) User Datagram Protocol, Src Port: (16533), Dst Port: domain (53) Domain Name System (query) [Response In: 4] Transaction ID: 0xef45 Flags: 0x0000 (Standard query) Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 1 Queries type A, class IN Name: Type: A (Host address) Class: IN (0x0001) Additional records : type OPT

DNS – Diagnostics (Wire) eb a b6 f2 0b 2b &Dh.rpZ...+..E f 59 c c0 a d2 17._Y A b 9d 6e ef e c f c 69 6e ottecrystalinter f e f 6d iordesign.com )

Quick Quiz What is the default RR type for dig? What is the default RR type for nslookup? Name any BIND utility? Can you run dig on windows? Dig command for mx RR for google.com? Nslookup command for mx RR for google.com? dig command for reverse lookup?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.