Difference between revisions of "SRT210 Lab 4 Part 2"

From CDOT Wiki
Jump to: navigation, search
(Created page with "= PART 1: REVIEW OF LAST WEEK = == Record types == * Use dig to find the A, NS, MX, and TXT records for lin1.yoursenecaid.ops, senecacollege.ca , and google.ca == DNS Autho...")
 
(PART 3: DNS IMPORTANCE FOR SECURITY)
 
(One intermediate revision by the same user not shown)
Line 35: Line 35:
  
 
Set this up for all your hosts and test it with the host command.
 
Set this up for all your hosts and test it with the host command.
 +
 +
= PART 3: DNS IMPORTANCE FOR SECURITY =
 +
 +
There are many types of attacks on DNS or using DNS. We won't have time to try any of them, but we can do something simple to illustrate the significance of reliable DNS, and the potential of exploiting it.
 +
 +
* Set up your lin2 Bind server to be an authoritative server for google.com
 +
* Set up a record for www.google.com to point to your web server on lin1.
 +
* Confirm that c7host is still using lin2 as the DNS server.
 +
* Clear the history from Firefox in c7host.
 +
* Go to [http://www.google.com http://www.google.com] in your web browser on c7host.
 +
 +
= Lab completion =
 +
 +
* Make sure you understand what you've done in this lab, so that you're ready to answer questions about it.
 +
* Have notes in your labbook from this lab.
 +
* Show your work to the professor and have them sign your labbook.

Latest revision as of 08:49, 6 February 2019

PART 1: REVIEW OF LAST WEEK

Record types

  • Use dig to find the A, NS, MX, and TXT records for lin1.yoursenecaid.ops, senecacollege.ca , and google.ca

DNS Authority

  • Use nslookup to see whether you're getting authoritative responses for lin1.yoursenecaid.ops, senecacollege.ca , and google.ca
  • For results that are not authoritative, use the 'server' command in nslookup to query the authoritative servers directly.

PART 2: REVERSE DNS

Here's a quick overview on simpledns.com. The important thing to understand is that the registrar for your domain can't do reverse DNS registration for you.

We'll set up reverse DNS in our Bind server for our three machines we have so far:

  • Configure bind to do reverse lookups by adding this to its main configuration file:
    zone "210.168.192.in-addr.arpa" IN {
              type master;
              file "reverse-mydb-for-yoursenecaid-ops";
    };
  • Create reverse lookup zone data in /var/named/:
    $TTL 1D
    @	IN SOA	lin2.yoursenecaid.ops. hostmaster.yoursenecaid.ops. (
    					20140520; serial
    					1D	; refresh
    					1H	; retry
    					1W	; expire
    					3H )	; minimum
    	IN NS	lin2.yoursenecaid.ops.
    11	IN PTR	lin1.yoursenecaid.ops.

Set this up for all your hosts and test it with the host command.

PART 3: DNS IMPORTANCE FOR SECURITY

There are many types of attacks on DNS or using DNS. We won't have time to try any of them, but we can do something simple to illustrate the significance of reliable DNS, and the potential of exploiting it.

  • Set up your lin2 Bind server to be an authoritative server for google.com
  • Set up a record for www.google.com to point to your web server on lin1.
  • Confirm that c7host is still using lin2 as the DNS server.
  • Clear the history from Firefox in c7host.
  • Go to http://www.google.com in your web browser on c7host.

Lab completion

  • Make sure you understand what you've done in this lab, so that you're ready to answer questions about it.
  • Have notes in your labbook from this lab.
  • Show your work to the professor and have them sign your labbook.