Learning DNS in 10 years

Transcript

1. None
2. None
3. None
4. None
5. None
6. None
7. None

8. notice when you're confused read the specification do experiments spy

   on it what's DNS? implement your own terrible version
9. None
10. None
11. None
12. None
13. None

14. notice when you're confused read the specification do experiments spy

    on it what's DNS? implement your own terrible version
15. None
16. None

17. $ dig example.com example.com. 86400 IN A 93.184.216.34

18. $ dig example.com example.com. 86400 IN A 93.184.216.34

19. +noall +answer .digrc

20. None
21. None
22. None
23. None
24. None

25. browser resolver authoritative nameservers DNS query DNS query where's example.com?

    where's example.com? 93.184.216.34! 93.184.216.34!

26. resolver browser what's the IP for example.com? hmm, I'll look

    in my cache...
27. None
28. None
29. None
30. None
31. None
32. None
33. None

34. browser resolver authoritative nameservers DNS query DNS query where's new.jvns.ca?

    where's new.jvns.ca? NXDOMAIN NXDOMAIN
35. None
36. None
37. None

38. “The TTL of this record is set from the minimum

    of the MINIMUM field of the SOA record and the TTL of the SOA itself, and indicates how long a resolver may cache the negative answer.”
39. None

40. $ dig +all new.jvns.ca ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN,

    id: 23308 [redacted] ;; AUTHORITY SECTION: jvns.ca. 10800 IN SOA ns1.gandi.net. hostmaster.gandi.net. 1662903879 10800 3600 604800 10800
41. None
42. None
43. None
44. None
45. None
46. None
47. None
48. None

49. browser resolver authoritative nameservers DNS query DNS query where's example.com?

    where's example.com? 93.184.216.34! 93.184.216.34!
50. None
51. None
52. None
53. None

54. require 'socket' sock = UDPSocket.new sock.bind('0.0.0.0', 0) sock.connect('8.8.8.8', 53)

55. None

56. hex_string = "b9620100000100..." bytes = [hex_string].pack('H*') sock.send(bytes, 0)

57. b96201000001000000000000 076578616d706c6503636f6d0000010001

58. b96201000001000000000000 076578616d706c6503636f6d0000010001

59. b96201000001000000000000

60. def make_question_header(query_id) # id, flags, num questions, num answers, ...

    [query_id, 0x0100, 0x0001, 0x0000, 0x0000, 0x0000] .pack('nnnnnn') end

61. b96201000001000000000000 076578616d706c6503636f6d0000010001

62. 076578616d706c6503636f6d0000010001 7 e x a m p l e 3

    c o m 0 1 1

63. def encode_domain_name(domain) domain.split('.') .map { |x| x.length.chr + x }

    .join + "\0" end example.com 7example3com0

64. def make_dns_query(domain, type) query_id = rand(65535) header = make_question_header(query_id) question

    = encode_domain_name(domain) + [type, 1].pack('nn') header + question end
65. None
66. None
67. None

68. notice when you're confused read the specification do experiments spy

    on it implement your own terrible version
69. None