DNS
Last updated
Last updated
DNS (Domain Name System) is a system that translates human-readable domain names into IP addresses, allowing browsers to locate and load internet resources.
DNS Interrogation is the process of querying or probing a DNS server to gather information about a specific domain. This process is typically part of reconnaissance during penetration testing or network analysis, where attackers attempt to enumerate DNS records to learn more about the target's network infrastructure.
DNS Interrogation mainly include - Enumerating DNS Records, Probing the DNS Server, Gathering Information like IP Addresses, Subdomain Names, Mail Server Addresses.
If DNS recursion is enabled on a DNS server, an attacker can spoof the origin IP in a UDP packet, making the DNS server send the response to a victim server instead of the attacker. This type of attack is known as a DNS amplification DDoS attack.
To maximize the impact, attackers may abuse the ANY or DNSSEC record types, which typically result in larger DNS responses, amplifying the attack.
In the response, check for the "ra" flag in the flags
section. If it is present, recursion is available, and the DNS server may be vulnerable to abuse in a DDoS attack.
DNS Amplification DDoS Attack Breakdown
host.conf
: Configures the order and methods used for resolving hostnames (e.g., DNS, NIS).
/etc/resolv.conf
: Specifies the DNS servers used for domain name resolution.
/etc/bind/named.conf
: Main configuration file for BIND DNS server, where global options and settings are defined.
/etc/bind/named.conf.local
: Defines local zones and specific DNS settings for the server.
/etc/bind/named.conf.options
: Contains general DNS server options, like recursion settings, forwarders, and DNSSEC parameters.
/etc/bind/named.conf.log
: Configures logging options for the BIND DNS server.
/etc/bind/*
: Contains additional configuration files and directories for BIND, including zone files and secondary configurations.
allow-query
Defines which hosts are allowed to send requests to the DNS server.
allow-recursion
Defines which hosts are allowed to send recursive requests to the DNS server.
allow-transfer
Defines which hosts are allowed to receive zone transfers from the DNS server.
zone-statistics
Collects statistical data of zones.