[podcast] History of DNS, DNS reconnaissance in pentests, and protecting your DNS infrastructure

[embed]https://traffic.libsyn.com/brakeingsecurity/2016-010-DNS_Reconnaissance.mp3[/embed] DNS... we take it for granted... it's just there. And we only know it's broken when your boss can't get to Facebook.This week, we discuss the Domain Naming System (DNS). We start with a bit of history, talking about the origins of DNS, some of the RFCs involved in it's creation, how it's hierarchical structure functions to allow resolution to occur, and even why your /etc/hosts is important.We discuss some of the necessary fields in your Domain Name Service records. MX, ALIAS, CNAME, SOA, TXT, and how DNS is used for non-repudiation in email.We also touch on how you can use DNS to enumerate an external network presence when you are the red team, and what you should know about to make it harder for bad actors to not use your external DNS in amplification attacks.Finally, you can't have a discussion about the Domain Name Service without talking about how to secure your DNS implementation. So we supply you with a few tips and best practices.Plenty of informational links down below, including links to the actual RFCs (Request for Comment) which detail how DNS is supposed to function. Think of them as the owner's manual for your car.Direct Download: http://traffic.libsyn.com/brakeingsecurity/2016-010-DNS_Reconnaissance.mp3#iTunes: https://itunes.apple.com/us/podcast/2016-010-dns-reconnaissance/id799131292?i=364331694&mt=2Comments, Questions, Feedback: bds.podcast@gmail.comSupport Brakeing Down Security using Patreon: https://www.patreon.com/bds_podcastRSS FEED: http://www.brakeingsecurity.com/rssOn#Twitter: @brakesec @boettcherpwned @bryanbrake#Facebook: https://www.facebook.com/BrakeingDownSec/#Tumblr: http://brakeingdownsecurity.tumblr.com/Google Play Store: https://play.google.com/music/podcasts/portal/#p:id=playpodcast/series&a=100584969Player.FM : https://player.fm/series/brakeing-down-security-podcastStitcher Network: http://www.stitcher.com/s?fid=80546&refid=stprTuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/ Podcast Links we used for information:http://www.slideshare.net/BizuworkkJemaneh/dns-42357401300+ million domains registered: https://www.verisign.com/en_US/internet-technology-news/verisign-press-releases/articles/index.xhtml?artLink=aHR0cDovL3ZlcmlzaWduLm13bmV3c3Jvb20uY29tL2FydGljbGUvcnNzP2lkPTIwMTIwNTI%3Dhttps://technet.microsoft.com/en-us/library/cc770432.aspxhttp://security-musings.blogspot.com/2013/03/building-secure-dns-infrastructure.htmlhttp://tldp.org/HOWTO/DNS-HOWTO-6.htmlhttps://en.wikipedia.org/wiki/Domain_Name_Systemhttps://en.wikipedia.org/wiki/DNS_spoofinghttp://www.esecurityplanet.com/network-security/how-to-prevent-dns-attacks.htmlhttp://www.firewall.cx/networking-topics/protocols/domain-name-system-dns/161-protocols-dns-response.htmlhttp://www.thegeekstuff.com/2012/05/ettercap-tutorial/https://isc.sans.edu/forums/diary/New+tricks+that+may+bring+DNS+spoofing+back+or+Why+you+should+enable+DNSSEC+even+if+it+is+a+pain+to+do/16859/https://support.google.com/a/answer/48090?hl=enhttp://www.ecsl.cs.sunysb.edu/tr/TR187.pdfhttps://tools.ietf.org/html/rfc882https://tools.ietf.org/html/rfc883https://tools.ietf.org/html/rfc1034https://tools.ietf.org/html/rfc1035#bind, #cissp, #cname, #cpes, #dkim, #dmarc, #dns, #infosec, #mx, #named, #podcast, #rfc, #name server, #soa, #spf