DNS Systems and Query Types

Questions and Answers

What is the primary function of the DNS in the context of the Internet?

To enhance network security through encryption

To manage network traffic and bandwidth

To translate hostnames to IP addresses (correct)

To store user credentials and passwords

Which of the following is NOT a service provided by DNS?

Load distribution among replicated servers

Host aliasing for easier identification

Data encryption for secure transmission (correct)

Mail server aliasing

What type of attack involves injecting malicious data into a DNS cache?

DDoS attack

Man-in-the-middle attack

Phishing attack

Cache poisoning attack (correct)

What is the typical format of a DNS message when requesting information?

UDP datagram

How does DNS caching improve performance?

By storing frequently accessed data for faster retrieval

Which component of a DNS structure provides the actual mapping of hostnames to IP addresses?

Authoritative server

Which query type would a DNS server respond to if it needs to provide an IP address for a given hostname?

A record query

What is one primary method to fix DNS cache poisoning?

Regularly flushing the DNS cache

What is a key step in executing a DNS cache poisoning attack?

Crafting UDP packets with manipulated DNS transaction IDs

Which of the following describes a characteristic of Dan Kaminsky's Attack?

Exploits caching nameservers accepting resource records for unqueried hosts

What does bailiwick checking involve in DNS security?

Verifying that the hostname in replies matches the original query

What significant event occurred on October 21, 2002, related to DNS?

A DDoS attack against DNS root servers was executed

In the context of a DNS cache poisoning attack, what is the purpose of flooding the target DNS server?

To match the Transaction ID of the original query with a fake response

How does DNSChanger malware alter a system's DNS settings?

By modifying the /etc/resolv.conf file

What was the nature of the DDoS attack on Dyn in October 2016?

It involved a massive increase in DNS queries from a botnet of IoT devices

What kind of packets does the attacker send during a DNS flood attack?

Manually crafted UDP packets simulating valid replies

What security measure can help prevent DNS cache poisoning by limiting the acceptance of unsolicited records?

Requiring a bailiwick check on the resource records in replies

What was a significant defense mechanism introduced following DNS poisoning exploits?

Randomizing query ports to enhance security

What is the primary function of the /etc/host.conf file?

To specify the order of name resolution sources.

What command is used to restart the network service after changing network configuration files?

sudo /etc/init.d/network restart

Which of the following describes the role of root servers in the DNS hierarchy?

They respond with the IP address of gTLD or ccTLD DNS servers.

What port does a DNS server listen to for queries?

53

What utility can be used to query DNS nameservers for information?

dig

What is the primary purpose of the gethostbyname() function on UNIX-based machines?

To perform hostname-to-IP-address translation.

What happens if the DNS response is larger than 1024 bytes?

It triggers a protocol switch to TCP.

Which class of DNS servers provides the IP addresses for authoritative DNS servers?

Top-level domain (TLD) servers

What happens when a DNS cache is flushed on a system?

Old cached entries are removed, forcing fresh queries.

What type of query is typically sent from a host to the local DNS server?

Recursive query

Which component of BIND listens for DNS queries?

named

What is a common vulnerability in earlier versions of BIND related to Transaction IDs?

They are not randomized and are sequential.

What is a primary benefit of DNS caching?

Reduces the number of DNS messages on the Internet.

What does a resource record (RR) in DNS contain?

A four-tuple consisting of Name, Value, Type, and TTL.

What does a DNS Cache Poisoning Attack involve?

Redirecting users to incorrect IP addresses.

What does the SOA record stand for in DNS terminology?

Start of Authority

Which of the following describes the authoritative section of a DNS message?

Records of other authoritative servers.

What are the roles of local DNS servers provided by ISPs?

Act as a proxy for forwarding queries into the DNS hierarchy.

Which command is used to view and manage the root server IP addresses?

dig @b.root-servers.net com

What is the purpose of the DNS TTL (Time To Live)?

To specify how long a DNS record is cached.

What does the 'TTL' field in a resource record signify?

The duration for which the record can be cached.

How does a registrar enter records into the DNS database?

By verifying domain name uniqueness and recording it.

What is a primary function of the nslookup program?

To send a DNS query to any DNS server.

What problem does a simple design with a single DNS server face?

High traffic volume and single point of failure.

What is the role of the root DNS servers?

To provide IP addresses of TLD servers.

What does the file /etc/resolv.conf do?

Lists the name servers for name resolution.

Study Notes

DNS: Three Levels of Servers

• Root DNS servers: Over 1000 instances globally, providing IP addresses for top-level domain (TLD) servers. Copies of 13 servers coordinated by IANA.
• Top-Level Domain (TLD) servers: For specific top-level domains (e.g., .com, .org) and country-level domains (e.g., .uk, .jp). Provide IP addresses of authoritative DNS servers.
• Authoritative DNS servers: Each organization with public hosts maintains its own; provide hostname-to-IP address mappings for their domain.

Query Types

• Iterative queries: DNS servers ask other servers until it reaches the correct answer, with each query proceeding to another server.
• Recursive queries: A DNS server on behalf of a client, forwards the query to other servers (eventually to an authoritative server). The client receives the final answer or an error message.

Caching

• DNS extensively uses caching. Servers storing previously resolved mappings.
• Cached information discarded after a set time (often 2 days).
• Reduced number of queries across the internet and decreased delay.

DNS Message Format

• Query and reply messages share the same format.
• Header (12 bytes): Includes query/reply flag, recursion desired/available flags, and section counts.
• Question section: Names and types of queries (e.g., A record (IP address), MX record(mail server)).
• Answer section: Resource records for the queried name.
• Authority section: Records for other authoritative servers.
• Additional section: Extra relevant records.

DNS Cache Poisoning

• Attack: Substituting incorrect IP addresses in the DNS cache.
• Vulnerable versions of BIND (pre-BIND9).
• Spoofing technique: Using a matching transaction ID in fake replies.
• Attacker needs information on the source port the DNS server uses for queries.
• Challenges: Creating spoofing DNS Transaction IDs and guessing the destination port.

Fixing Cache Poisoning

• Randomizing source ports for queries.
• Implement "bailiwick check": Verifying that response hostnames are part of the original query.

Description

Explore the three levels of DNS servers, including Root, TLD, and Authoritative servers, as well as the types of DNS queries: iterative and recursive. This quiz provides insights into how DNS functions and the importance of caching in the process.