S3SS10N Wednesday – DNS Part 2

Video Activity

This lesson continues where the last left off with Domain Naming System (DNS). Essentially, DNS is a database which has information on the systems and services within an organization and is a collection of records. DNS catalogs every domain and IP address on the internet and location in relation to other domains and web hosts. Participants in this ...

Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

3 hours 28 minutes
Video Description

This lesson continues where the last left off with Domain Naming System (DNS). Essentially, DNS is a database which has information on the systems and services within an organization and is a collection of records. DNS catalogs every domain and IP address on the internet and location in relation to other domains and web hosts. Participants in this lesson learn about the following DNS records: 1. Hosts - A - FDQN* to IP - AAAA - FDQN to IPv6 2. PTR - IP to FQDN 3. MX - Mail Exchange 4. SOA - Start of Authority 5. NS - Name Servers 6. SRV - Service Record *FQDN = Fully Qualified Domain Name

Video Transcription
I welcome back the sessions Wednesday. This is Kelly Hander Hand, and we're gonna continue on with our series of sessions on D. N s domain naming service. And earlier we talked about the basics of Deanna's and essentially its origin would have it come from Why is it here? What's it trying to do? Force. And we decided,
we're looking for name resolution because you and I, we prefer user friendly names, and we know that systems and computers like digits. They like number specifically binary numbers. But we do much better when we think of user friendly names.
So we already talked about its origin. Let's talk a little bit about how D. N s works. And we said that D. N s is a database,
and all the database really is is a collection of related information.
So the D. N s databases gonna have information on the systems and service is within our organization and the the D. N. A server is essentially made up of a collection of records, and each type of record will have a specific purpose. Okay, so when we look at the N s records, the one
that most people associate with the an *** that they immediately think of.
We think about naming right. We think about taking a user friendly name and mapping it to an I p address. And that's done through the records that air referred to his A records, also known as host Rep Records. And if you'll remember
that term, fully qualified domain name, that's a three dimensional address type that maps a server
or that list out the server. And it's full location within the domain structure, so fully qualified domain name to I P address. And usually when we think Deena's, that's what we think about.
Now we know that in the future, I p six is coming. So there's a quad, a record that maps and f que tiene too.
An I P V six
address. Hey, does the same thing. It's just in the format for I p version six.
Now additional records with D. N s. We have pointer records. Ah, and Pointer records are the reverse of host records or a records they actually take on i p address
and mapped them to NF que tiene. So when in the world would I not know the name of a host, but I'd know its I p address. You know, if you think about system logs that often track back to i p address or if you have a firewall products that can trace the i p. Address of, ah, host attempting an attack or attempting access.
Also, the fact that many troubleshooting utilities are gonna require pointer records to be intact
in s look up works much better if you have these pointer records trace route in some of those others. So these are very helpful to us. All right. Imex records that identifies our mail servers were asleep in his mail. Okay, so we need Imex records.
And if we have multiple mail servers, we can use priority to give preference of one over the other.
All right, then there's an S O a record, which stands for start of authority A. This is a record that contains a lot of domain properties. Things like who the authoritative servers are, how often zones are refreshed, and we'll talk about that and later
classes of our gayness, Siri's. But ultimately, this start of authority
who is theory? Jinnah ll D. N s service were server in this particular zone and any sort of properties that you want to control. How replication works, how zones were stored. All of that type of information is stored Is this will look more in depth of the SA way records. Okay, We also have
in s records, which stands for
name servers. So within our organization, we want to be ableto identify various servers that we have, uh, uh, created to be naming servers. The reason that's important is we want to go in and say server A, B and C or name servers so that we choose to replicate information
we can say on Lee send it toe naming servers in our environment
as opposed to something like, uh, in s look up, which is a tool that helps me view the contents of domain zone information. And I might say that's only available to other naming servers, and that would keep a regular user or an attacker from being able to display all the properties of a zone. Okay, so
this is just a way a name server record says
these are the guys. They're the other Dina servers in mind. Barn Mint.
All right. And then a super important type of record is called the Service Record. This one of the most important records in D and S. And this is the reason that D. N s is the heart and soul of active directory and active directory based environments.
Then Service Record is gonna indicate what service is our on what servers within the network.
Okay, kind of self explanatory service record. It lists the service's. But here's why. That's so important.
So let's say I go and I sit down to the client system, right? And I type out user name and password. Kelly hander, hand passwords, sunshine.
Well, that password that those log in credentials need to go somewhere, right? They need to go to a domain controller or an authentication server.
But how do I know where a domain controller is?
Who? How do I know who my authentication servers are? Because if you've set up client systems, it's not like you go in and say, Here's the I. P address that you send Log on credentials too, right?
And the servers don't broadcast either. That wouldn't be information. You necessarily want its broadcast out right to an attacker. Hey, I'm a really important server on the network. That's not a good idea to do that broadcast. So what happens? So the client, when they come online, essentially, they go to query the NS and they say,
Hey, is there an authentication server near me?
Because one of the things that D. N s also keeps track up or your physical locations within your environment, your sights? A. So the client essentially says, Hey, who's the closest authentication server to me? D. N s looks at its service records, and it looks for an L DAP server lightweight directory access protocol
and that with an active directory, those are your domain controllers.
So the simple answer to the question How does a client know who descend credentials to it asks D N s.
Well, who's my Kerberos server? Who's my, uh, my key distribution center, who is my ah, Web server? Who is my this? That and the other not Web server, necessarily. Ah, who's my global catalog server? All of that information is stored within D and s,
so the information that Dina stores contains and provides
it's all stacked up is part of the database. Through a series of records, you have your host records that match the F. Gideon's the I P. You have your Quad A Records, a A map, F Q T and the I P V six. Your pointer records do the reverse.
And even though you may not think they're necessary, they're very helpful for troubleshooting and other utilities.
IMAX marks the mail. Your S O is a very important one to control the behavior of your D. N s servers and how your zone information is stored in transferred name servers or where we essentially list out who verified Dina servers or buying servers are.
And then our service records very, very important
in orderto help us locate their special service is on the network. All of this information is very sensitive and can be used for evil if they fall into the wrong hands. So you want to protect your d n a server and protect all of the records in the information and how those records are created. So again,
just a brief overview give you an idea about some of the record types in D and s.
In our next sessions, we will be moving on to talking about what is his own, how do you create his own? How to delegate? What? Fording is different types of queries and how the big picture of D N s all comes together. So I hope you come back and take a look at our next session
on the multi part series on D. N s.
Up Next
Strategic DNS Ops and Security

Domain Name Servers (DNS) are the Internet's equivalent of a phone book. They maintain a directory of domain names and translate them to Internet Protocol (IP) addresses

Instructed By