1 / 13

Intro to DNS

Intro to DNS. SOEN321 - Information Systems Security. Contents. Intro to DNS and Security. DNS. D omain N ame S ystem a distributed naming service for the entire Internet (including WWW) provides unified host-name-to-network-address and vice-versa lookup needed for remote computing.

shona
Download Presentation

Intro to DNS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Intro to DNS SOEN321 - Information Systems Security Serguei A. Mokhov, mokhov@cs.concordia.ca

  2. Contents • Intro to DNS and Security Serguei A. Mokhov, mokhov@cs.concordia.ca

  3. DNS • Domain Name System • a distributed naming service for the entire Internet (including WWW) • provides unified host-name-to-network-address and vice-versa lookup needed for remote computing $ ping yahoo.com Pinging yahoo.com [66.218.71.198] with 32 bytes of data: Reply from 66.218.71.198: bytes=32 time=113ms TTL=244 Serguei A. Mokhov, mokhov@cs.concordia.ca

  4. DNS • Other capabilities: • Info about Name Servers • Canonical host names • Mail Exchange (MX) records Serguei A. Mokhov, mokhov@cs.concordia.ca

  5. DNS • Hierarchy root net org com mydomain yahoo amazon www Serguei A. Mokhov, mokhov@cs.concordia.ca

  6. DNS Tools in UNIX • Tools • host • dig • nslookup (deprecated) Serguei A. Mokhov, mokhov@cs.concordia.ca

  7. DNS Tools Example haida.mokhov [~] % host -a www Trying "www.cs.concordia.ca" ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3704 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 4 ;; QUESTION SECTION: ;www.cs.concordia.ca. IN ANY ;; ANSWER SECTION: www.cs.concordia.ca. 86400 IN CNAME spider.cs.concordia.ca. ;; AUTHORITY SECTION: cs.concordia.ca. 86400 IN NS clyde.concordia.ca. cs.concordia.ca. 86400 IN NS Jerome.McRCIM.McGill.EDU. cs.concordia.ca. 86400 IN NS pollen.cs.concordia.ca. cs.concordia.ca. 86400 IN NS manitou.cs.concordia.ca. cs.concordia.ca. 86400 IN NS alcor.concordia.ca. ;; ADDITIONAL SECTION: alcor.concordia.ca. 81883 IN A 132.205.7.51 clyde.concordia.ca. 81827 IN A 132.205.1.1 pollen.cs.concordia.ca. 86400 IN A 132.205.44.61 manitou.cs.concordia.ca. 86400 IN A 132.205.4.3 Received 243 bytes from 132.205.64.63#53 in 3 ms Serguei A. Mokhov, mokhov@cs.concordia.ca

  8. Name Serves • Manage certain part of the name space • Help clients to find info within the hierarchy • DNS Query - returns list of name servers • One of the NS resolves client’s query • If name not found, pass on to another NS • The one that has the answer, sends it back, and the previous NS caches it for the future. Serguei A. Mokhov, mokhov@cs.concordia.ca

  9. DNS Threats • Recall from firewalls and the rest (D. Probst): • Filtering DNS: How does one prevent DNS contamination (corruption)? Mail can be rerouted, passwords captured, etc. We need separate DNS for inside and outside. • Tunneling over DNS is used to gain command-line access to remote utilities. With a proxy-based firewall, deny external DNS access to anything other than your proxy server. If you are using a packet filter, your options for blocking a DNS tunnel are limited. Serguei A. Mokhov, mokhov@cs.concordia.ca

  10. DNS Cache Poisoning • Was more actual in the past: • A NS doesn’t have a name for a requested host • Asks another NS, another NS may have been weak and compromised, or for some other reason had invalid name for the host requested. • Our NS would cache the wrong name, and this can propagate over • So, real amazon.com might have been redirected to elsewhere, get the consequences... Serguei A. Mokhov, mokhov@cs.concordia.ca

  11. DNS Cache Poisoning • Attack types: DNS spoofing, host name spoofing • One of the reasons: earlier versions of bind simply had bugs; servers trusted by <name, IP> • Solution: • DNS triple: <name, IP, public key> Serguei A. Mokhov, mokhov@cs.concordia.ca

  12. Host Name Spoofing • PTR records • Mapping IP to a domain name • All the transactions a legitimate • DNS server according to the protocol tries to resolve a query using legitimate DNS Server, but the PTR deliberately was made to point elsewhere. Serguei A. Mokhov, mokhov@cs.concordia.ca

  13. DNS Spoofing • In combo with hostname spoofing: • Messing up the PTR • And forcing the NS to have invalid resource record (RR) in their cache. Serguei A. Mokhov, mokhov@cs.concordia.ca

More Related