Risorse

Test e Notebook

• DNS - Playing with dig.ipynb We will use the dig command for emulating the behavior of any application that operates as a DNS client.

• DNS - Understanding traffic.ipynb We will analyze the traffic generated by a browser for accessing a web page, in particular, for understanding the usage of the DNS to obtain IP addresses of web servers.

• Test - Uso DNS

Altro

Interrogare il DNS

• dig Linux man page Linux command for interacting with web servers, used in one of the Colab notebooks above.
• Online DNS Lookup Webapp for interacting with name servers (a sort of dig on line). Specify query (name and type) and name server IP address.
• The exact same operations of dig can be performed with nslookup, which is available in both Linux and Windows (with some differences between the two platforms). The syntax and output of nslookup is different from that of dig. Search for a tutorial if you are interested.

Gestione domini

• Domain Name Industry Brief - Dashboards Dati statistici sulla dimensione del DNS.

• DNS Zone Stats On this page you can find links to graphs displaying the total domain count per TLD zone.

• Internet Corporation for Assigned Names and Numbers (ICANN) is the organization that "coordinates" the DNS globally. Its website contains all the technical and procedural definitions related to how domains must be managed. A few relevant pages:

  • Registrant A domain name registrant is an individual or entity who registers a domain name.
  • Registrar ("DNS provider") An entity wishing to register a domain name under a generic top-level domain ("gTLD") may do so by using a registrar.
  • Registry operator The owner of a TLD (a TLD is a "registry").
  • Registro.it The owner of the .it domain (Consiglio Nazionale delle Ricerche, Pisa). Come diventare un Registrar (DNS provider) in grado di creare domini sotto .it.

• WHOIS: Fragile, unparseable, obsolete... and universally relied upon Detailed description of whois: how it works and some history.

• DOJ, Microsoft seize dozens of domains ‘used by Russian intelligence agents’ Uno dei numerosissimi casi di cronaca relativi al "sequestro" (disattivazione) di domini associati ad attività fraudolenta. In questo caso una campagna di spear phishing (cioè phishing mirato verso persone specifiche) attribuita ad una organizzazione associata al governo russo.

Altri link

Argomenti non inclusi nel programma del corso.

• The Internet Domain Name System Explained for Non-Experts Una descrizione di come è realizzato il DNS (come interagiscono i name server tra loro e molto altro).
• Root Name Servers The 13 root name servers are operated by 12 independent organisations.
  • Each IP address used for root name servers actually corresponds to many different servers, thanks to a technology called anycast that we will not study in this course (thus the number of root name servers is much greater than 13). This interaction with ChatGPT provides an overview of how anycast works.
• Root Name Servers Traffic Count of queries made to root name servers (daily averages): They are in the order of hundreds of billions queries every day.

Can I block the DNS in an entire nation?

Robustness analysis of DNS paths and web access paths in public administration websites Computer Communications, Dec. 2021, Alberto Bartoli.

In this paper we examine the dependence of a large set of public administration websites on DNS entities for four different countries: Italy, Germany, UK and US. We collected the dependencies of those websites from DNS zones, nameservers, networks and assessed the potential global impact of localized attacks on those entities:

• How many websites could be affected, whether in name resolution or web server access, by an attack on a single zone, nameserver, network?
• How prevalent is the usage of groups of IP addresses, networks for providing redundancy? How many websites could be affected by an attack to one of those groups?

Wireshark DNS Exercises

Download network capture dns_recursivequery_client.pcapng and analyze it with Wireshark.

• Intro to Wireshark: Basics + Packet Analysis An excellent and focused video introduction. Warmly suggested (up to minute 8:10; at that point it starts discussing TCP Congestion, excellent discussion but far beyond this course).
• You may analyze the above network capture also with Python Scapy. Here you can find an interaction with ChatGPT for obtaining the code that answers the questions below. I have not checked it for correctness but I think it more or less works.

Questions:

• How long is this capture in seconds?
• What is the IP address of the DNS server?
• What is the IP address associated with the first name being asked?
• How many names are resolved?
• How long did it take, on the average?

Suppose you have the ability to modify the DNS response to the first DNS request; you want to drive the requesting client to 131.114.9.252.

• Write the byte sequence corresponding to the DNS response that you should send.
• Emphasize the portions of the DNS response that can be constructed in advance and those that depend on the matching request and thus must be constructed on the fly.

Suggestions (not to be executed in sequence...just suggestions):

• Statistics--> DNS
• Statistics-->Flow graph
• Display filters: dns.flags.rcode != 0 Indicates which dns requests could not be correctly resolved
• Select DNS response in middle window / Right click / Copy byte as HEX dump or as HEX stream

https://github.com/chrissanders/packets/blob/master/dns_lab.pcapng Same questions as above.

https://github.com/chrissanders/packets/blob/master/http_espn.pcapng Same questions as above.