DNS

“Comutar ou não comutar? Eis a questão.Será mais sábio sofrer, na rede,

ou armazenar e reencaminhar, na indeterminação dos processos?Ou fazer frente a esse mar de dados com linhas,

que, dedicadas, a eles irão servir?”Vint Cerf, RFC 1121

DNS

Anderson SouzaSérgio Carlos Pagani

DNS

● O que é o DNS?

● RFC 1034 e 1035

● Elementos do DNS: Domain Name Space, Resources Records, Name Servers, Resolvers.

● FQDN

Domain Name Space

Resources Records● ;● ; BIND data file for local loopback interface● ;● $TTL 604800● @ IN SOA debian.labredes.linux. root.labredes.linux. (● 2 ; Serial● 604800 ; Refresh● 86400 ; Retry● 2419200 ; Expire● 604800 ) ; Negative Cache TTL● ;● labredes.linux. IN NS debian.labredes.linux.● labredes.linux. IN A 10.5.5.1● debian IN A 10.5.5.1● _ldap._tcp.labredes.linux. SRV 0 0 389 debian.labredes.linux.● _kerberos._udp.labredes.linux. SRV 0 0 88 debian.labredes.linux.● _ldap._tcp.dc._msdcs.labredes.linux. SRV 0 0 389 debian.labredes.linux.● _kerberos._udp.dc._msdcs.labredes.linux. SRV 0 0 88 debian.labredes.linux.● _kpasswd._udp.labredes.linux. SRV 0 0 464 debian.labredes.linux.

Consulta do DNS# tcpdump -nv -i eth0 host 10.29.88.250 and port 53

tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes

19:21:27.959370 IP (tos 0x0, ttl 64, id 62854, offset 0, flags [DF], proto UDP (17), length 63)

10.29.88.134.37852 > 10.29.88.250.53: 4715+ A? lablinux.mooo.com. (35)

19:21:27.959381 IP (tos 0x0, ttl 64, id 62855, offset 0, flags [DF], proto UDP (17), length 63)

10.29.88.134.37852 > 10.29.88.250.53: 50393+ AAAA? lablinux.mooo.com. (35)

19:21:32.964411 IP (tos 0x0, ttl 64, id 63303, offset 0, flags [DF], proto UDP (17), length 63)

10.29.88.134.37852 > 10.29.88.250.53: 4715+ A? lablinux.mooo.com. (35)

19:21:32.964423 IP (tos 0x0, ttl 64, id 63304, offset 0, flags [DF], proto UDP (17), length 63)

10.29.88.134.37852 > 10.29.88.250.53: 50393+ AAAA? lablinux.mooo.com. (35)

19:21:37.969496 IP (tos 0x0, ttl 64, id 63522, offset 0, flags [DF], proto UDP (17), length 73)

10.29.88.134.46505 > 10.29.88.250.53: 57978+ A? lablinux.mooo.com.LAB.REDES. (45)

19:21:37.969506 IP (tos 0x0, ttl 64, id 63523, offset 0, flags [DF], proto UDP (17), length 73)

10.29.88.134.46505 > 10.29.88.250.53: 41262+ AAAA? lablinux.mooo.com.LAB.REDES. (45)

19:21:37.971462 IP (tos 0x0, ttl 128, id 24219, offset 0, flags [none], proto UDP (17), length 140)

10.29.88.250.53 > 10.29.88.134.46505: 57978 NXDomain* 0/1/0 (112)

19:21:37.971594 IP (tos 0x0, ttl 128, id 24220, offset 0, flags [none], proto UDP (17), length 140)

10.29.88.250.53 > 10.29.88.134.46505: 41262 NXDomain* 0/1/0 (112)

19:21:39.425334 IP (tos 0x0, ttl 128, id 24231, offset 0, flags [none], proto UDP (17), length 63)

10.29.88.250.53 > 10.29.88.134.37852: 4715 ServFail 0/0/0 (35)

19:21:39.425429 IP (tos 0x0, ttl 128, id 24232, offset 0, flags [none], proto UDP (17), length 63)

10.29.88.250.53 > 10.29.88.134.37852: 50393 ServFail 0/0/0 (35)

Consulta do DNS

# tcpdump -nvv -i wlan0 port 53

tcpdump: listening on wlan0, link-type EN10MB (Ethernet), capture size 262144 bytes

20:54:56.575550 IP (tos 0x0, ttl 64, id 45932, offset 0, flags [DF], proto UDP (17), length 63)

192.168.1.15.58699 > 8.8.8.8.53: [udp sum ok] 26917+ A? vivaolinux.com.br. (35)

20:54:56.695862 IP (tos 0x0, ttl 56, id 60727, offset 0, flags [none], proto UDP (17), length 79)

8.8.8.8.53 > 192.168.1.15.58699: [udp sum ok] 26917 q: A? vivaolinux.com.br. 1/0/0 vivaolinux.com.br. A 162.144.34.3 (51)

20:54:56.981612 IP (tos 0x0, ttl 64, id 46008, offset 0, flags [DF], proto UDP (17), length 71)

192.168.1.15.37252 > 8.8.8.8.53: [udp sum ok] 7460+ PTR? 3.34.144.162.in-addr.arpa. (43)

20:54:57.082423 IP (tos 0x0, ttl 56, id 11715, offset 0, flags [none], proto UDP (17), length 114)

8.8.8.8.53 > 192.168.1.15.37252: [udp sum ok] 7460 q: PTR? 3.34.144.162.in-addr.arpa. 1/0/0 3.34.144.162.in-addr.arpa. PTR 162-144-34-3.unifiedlayer.com. (86)

Conclusão

● Importância da Configuração