All Things DNS - DNS on Cloud
-
Upload
virendra-bhalothia -
Category
Technology
-
view
735 -
download
0
Transcript of All Things DNS - DNS on Cloud
![Page 1: All Things DNS - DNS on Cloud](https://reader036.fdocuments.us/reader036/viewer/2022092623/587604f31a28ab4a508b665b/html5/thumbnails/1.jpg)
DNS for fun and profitHemant Soni
Pradeep Aradhya
![Page 2: All Things DNS - DNS on Cloud](https://reader036.fdocuments.us/reader036/viewer/2022092623/587604f31a28ab4a508b665b/html5/thumbnails/2.jpg)
The Remote Lab's story
![Page 3: All Things DNS - DNS on Cloud](https://reader036.fdocuments.us/reader036/viewer/2022092623/587604f31a28ab4a508b665b/html5/thumbnails/3.jpg)
Connect with DevOps gurus
Blog (http://theremotelab.io/blog)
Twitter (https://twitter.com/TheRemoteLab)
Github (https://github.com/TheRemoteLab)
LinkedIn (https://www.linkedin.com/company/the-remote-lab)
Facebook (https://www.facebook.com/TheRemoteLab)
#100Days100DevOpsTools Campaign (https://twitter.com/hashtag/100Days100DevOpsTools?src=hash)
letsdevops.slack.com (https://letsdevops.slack.com)
Connect with us on Slack. Drop an email to [email protected] to get the invitation.
![Page 4: All Things DNS - DNS on Cloud](https://reader036.fdocuments.us/reader036/viewer/2022092623/587604f31a28ab4a508b665b/html5/thumbnails/4.jpg)
Agenda:
Name resolution on Linux systems
DNS server internals
Zonefiles, frequently used DNS records, TTL and DNS caches
DNS and email systems
Size and perfomance: MTU and IP fragmentation
TXT record for custom applications
![Page 5: All Things DNS - DNS on Cloud](https://reader036.fdocuments.us/reader036/viewer/2022092623/587604f31a28ab4a508b665b/html5/thumbnails/5.jpg)
Name resolution on Linux systems
What happens when...
Zoom into name resolution
/etc/nsswitch.conf
ltrace -n3 -S ping -c 1 theremotelab.co.uk 2>&1 |less
![Page 6: All Things DNS - DNS on Cloud](https://reader036.fdocuments.us/reader036/viewer/2022092623/587604f31a28ab4a508b665b/html5/thumbnails/6.jpg)
DNS server internals
Who did we talk to
How did we talk
+trace
dig +trace mail.google.com
Common DNS configurations (https://help.ubuntu.com/lts/serverguide/dns-configuration.html)
![Page 7: All Things DNS - DNS on Cloud](https://reader036.fdocuments.us/reader036/viewer/2022092623/587604f31a28ab4a508b665b/html5/thumbnails/7.jpg)
Zonefiles, DNS records, TTL
A
PTR
CNAME
MX
TXT - the simplest and the most powerful
And many more..
![Page 8: All Things DNS - DNS on Cloud](https://reader036.fdocuments.us/reader036/viewer/2022092623/587604f31a28ab4a508b665b/html5/thumbnails/8.jpg)
Forward and reverse DNS lookup records
Reverse DNS usually managed by ISP
![Page 9: All Things DNS - DNS on Cloud](https://reader036.fdocuments.us/reader036/viewer/2022092623/587604f31a28ab4a508b665b/html5/thumbnails/9.jpg)
DNS and email systems
Let the games begin!!
![Page 10: All Things DNS - DNS on Cloud](https://reader036.fdocuments.us/reader036/viewer/2022092623/587604f31a28ab4a508b665b/html5/thumbnails/10.jpg)
MX records and priorities:
Why spammers use lower priorities?
Good MX records will have both forward and reverse entries
![Page 11: All Things DNS - DNS on Cloud](https://reader036.fdocuments.us/reader036/viewer/2022092623/587604f31a28ab4a508b665b/html5/thumbnails/11.jpg)
DKIM
How do I ensure the validity of email sender?
How do I ensure that my mail is not tampered in transit?
s . _domainkey . d
dig txt 20120113._domainkey.gmail.com
![Page 12: All Things DNS - DNS on Cloud](https://reader036.fdocuments.us/reader036/viewer/2022092623/587604f31a28ab4a508b665b/html5/thumbnails/12.jpg)
SPF records
Am I allowed to send mail from this IP for this domain?
dig txt gmail.com dig txt _spf.google.com dig txt _netblocks.google.com
![Page 13: All Things DNS - DNS on Cloud](https://reader036.fdocuments.us/reader036/viewer/2022092623/587604f31a28ab4a508b665b/html5/thumbnails/13.jpg)
DNSBL
Reverse the IP and concatenate with the WL/BL list supporting domain
Results are hints in the context of list
We can also use this mechanism for our own custom actions
![Page 14: All Things DNS - DNS on Cloud](https://reader036.fdocuments.us/reader036/viewer/2022092623/587604f31a28ab4a508b665b/html5/thumbnails/14.jpg)
Size and perfomance
MTU
IP fragmentation
TCP usages
![Page 15: All Things DNS - DNS on Cloud](https://reader036.fdocuments.us/reader036/viewer/2022092623/587604f31a28ab4a508b665b/html5/thumbnails/15.jpg)
TXT record for custom applications
dig txt profile.theremotelab.co.uk
![Page 16: All Things DNS - DNS on Cloud](https://reader036.fdocuments.us/reader036/viewer/2022092623/587604f31a28ab4a508b665b/html5/thumbnails/16.jpg)
References
DKIM (http://dkim.org/specs/rfc4871-dkimbase.html)
SPF (http://www.openspf.org/SPF_Record_Syntax)
DNSBL (https://www.spamhaus.org/faq/section/DNSBL%20Usage)
![Page 17: All Things DNS - DNS on Cloud](https://reader036.fdocuments.us/reader036/viewer/2022092623/587604f31a28ab4a508b665b/html5/thumbnails/17.jpg)
Questions
![Page 18: All Things DNS - DNS on Cloud](https://reader036.fdocuments.us/reader036/viewer/2022092623/587604f31a28ab4a508b665b/html5/thumbnails/18.jpg)
Thank you
Hemant [email protected] (mailto:[email protected])
@hemant_soni_ (http://twitter.com/hemant_soni_)
Pradeep [email protected] (mailto:[email protected])
@aradhyapradeep (http://twitter.com/aradhyapradeep)
http://theremotelab.com (http://theremotelab.com)
![Page 19: All Things DNS - DNS on Cloud](https://reader036.fdocuments.us/reader036/viewer/2022092623/587604f31a28ab4a508b665b/html5/thumbnails/19.jpg)