Saturday, September 30, 2017

How to get DNS information with dig ? How to get the IP of a server ?

How to know the Name servers authoritative on a zone ?


Command :

dig +short +answer NS akamai.com
Output :
a1-66.akam.net.
a8-66.akam.net.
a12-66.akam.net.
a7-66.akam.net.
a5-66.akam.net.
a9-66.akam.net.
a3-66.akam.net.
a16-66.akam.net.
a13-66.akam.net.
a28-66.akam.net.
a20-66.akam.net.
a11-66.akam.net.
a2-66.akam.net.

What happens behind ? :

Your computer asks your recursive name server what are the NS for akamai.com.
Your DNS resolver, will ask the Root Server who is in charge of .com.
The Root Servers will provide the authoritative Name Servers of .com.
Your DNS resolver will ask the list of authoritative NS of .com who is in charge of akamai.com.
One of the authoritative NS of .com will give your resolver the answer of who is in charge of akamai.com.
Your recursive name server will reply to your computer who is in charge of akamai.com and will keep it in memory in case you ask him the same question later on.

How to know the path describe above ?


Command :

dig +trace akamai.com

Output :
; <<>> DiG 9.8.1-P1 <<>> +trace akamai.com
;; global options: +cmd
.                      24196  IN      NS      m.root-servers.net.
.                      24196  IN      NS      g.root-servers.net.
.                      24196  IN      NS      a.root-servers.net.
.                      24196  IN      NS      d.root-servers.net.
.                      24196  IN      NS      h.root-servers.net.
.                      24196  IN      NS      i.root-servers.net.
.                      24196  IN      NS      f.root-servers.net.
.                      24196  IN      NS      l.root-servers.net.
.                      24196  IN      NS      b.root-servers.net.
.                      24196  IN      NS      k.root-servers.net.
.                      24196  IN      NS      e.root-servers.net.
.                      24196  IN      NS      c.root-servers.net.
.                      24196  IN      NS      j.root-servers.net.
;; Received 496 bytes from 127.0.0.1#53(127.0.0.1) in 7 ms


com.                    172800  IN      NS      a.gtld-servers.net.
com.                    172800  IN      NS      b.gtld-servers.net.
com.                    172800  IN      NS      c.gtld-servers.net.
com.                    172800  IN      NS      d.gtld-servers.net.
com.                    172800  IN      NS      e.gtld-servers.net.
com.                    172800  IN      NS      f.gtld-servers.net.
com.                    172800  IN      NS      g.gtld-servers.net.
com.                    172800  IN      NS      h.gtld-servers.net.
com.                    172800  IN      NS      i.gtld-servers.net.
com.                    172800  IN      NS      j.gtld-servers.net.
com.                    172800  IN      NS      k.gtld-servers.net.
com.                    172800  IN      NS      l.gtld-servers.net.
com.                    172800  IN      NS      m.gtld-servers.net.
;; Received 488 bytes from 2001:7fd::1#53(2001:7fd::1) in 85 ms


akamai.com.            172800  IN      NS      a5-66.akam.net.
akamai.com.            172800  IN      NS      a11-66.akam.net.
akamai.com.            172800  IN      NS      a13-66.akam.net.
akamai.com.            172800  IN      NS      a28-66.akam.net.
akamai.com.            172800  IN      NS      a16-66.akam.net.
akamai.com.            172800  IN      NS      a7-66.akam.net.
akamai.com.            172800  IN      NS      a9-66.akam.net.
akamai.com.            172800  IN      NS      a3-66.akam.net.
akamai.com.            172800  IN      NS      a12-66.akam.net.
akamai.com.            172800  IN      NS      a1-66.akam.net.
akamai.com.            172800  IN      NS      a2-66.akam.net.
akamai.com.            172800  IN      NS      a20-66.akam.net.
akamai.com.            172800  IN      NS      a8-66.akam.net.
;; Received 506 bytes from 192.48.79.30#53(192.48.79.30) in 215 ms


akamai.com.            20      IN      A      23.59.205.239
;; Received 44 bytes from 2.22.230.66#53(2.22.230.66) in 41 ms



How to get what is in a recursive name server memory (or cache) ?


You can specify a specific name server using the "@" option, it will request this specific name server. For the example I use the well known Google DNS 8.8.8.8

Command :
dig @8.8.8.8 akamai.com

Output :
; <<>> DiG 9.8.1-P1 <<>> @8.8.8.8 akamai.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- 61926="" b="" id:="" noerror="" opcode:="" query="" status:="">
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0


;; QUESTION SECTION:
;akamai.com.                    IN      A


;; ANSWER SECTION:
akamai.com.            19      IN      A      23.66.134.36


;; Query time: 20 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Feb  8 14:28:42 2016
;; MSG SIZE  rcvd: 44

What is behind ? :

In the answer section, you can see that we have the IP 23.66.134.36 in memory for 19 seconds left. If you go back to the section where we ran the dig +trace on akamai.com, you can see that the TTL is 20 seconds.

akamai.com.            20      IN      A      23.59.205.239
;; Received 44 bytes from 2.22.230.66#53(2.22.230.66) in 41 ms

Which means that every 20 seconds, if the zone is updated, we will have this information updated.

How to check if all the NS of a zone are synchronized ?


Your zone DNS i.e : akamai.com has generally multiple NS records. We saw before that for akamai.com we have 13 different ones.

When a zone is modified, the SOA record must be edited and the SOA serial incremented, one easy and fast way to check the version of zone on a NS is to check this value.

Command : (replace ns with the name of the name server you identified previously)
dig +answer +short @a5-66.akam.net. soa akamai.com
dig +answer +short @a11-66.akam.net. soa akamai.com
[...]

Output
ns1-2.akam.net. hostmaster.akamai.com. 2016020801 7200 3600 1209600 300
ns1-2.akam.net. hostmaster.akamai.com. 2016020801 7200 3600 1209600 300

What is behind ? :

We ask the NS following the "@" sign, what is the value of the SOA record.
In the SOA record, the 3rd field is the SOA serial.
We see that the SOA serial on both NS is the same, meaning the zone should be the same.

Another method :
The use of the +nssearch option : "When this option is set, dig attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone"

Command :
dig akamai.com +nssearch

Output :
SOA ns1-2.akam.net. hostmaster.akamai.com. 2016020801 7200 3600 1209600 300 from server 172.22.186.6 in 0 ms.
SOA ns1-2.akam.net. hostmaster.akamai.com. 2016020801 7200 3600 1209600 300 from server 172.27.2.20 in 40 ms.
SOA ns1-2.akam.net. hostmaster.akamai.com. 2016020801 7200 3600 1209600 300 from server 172.17.0.10 in 78 ms.
[...]

https://community.akamai.com/community/web-performance/blog/2016/02/08/how-to-troubleshoot-dns-issues-with-dig 

Check the SOA Serial Number on NS Servers

If you manage a DNS master, and push zones to several slaves / secondaries, you may have found that over time — as configuration files and firewall rules change — one or more slaves may have lost its ability to update its zone files. Perhaps the slave is no longer being notified, or it may have lost the necessary zone transfer permissions from the master. In a large distributed environment where DNS changes are frequent, checking the SOA serial number for all the NS servers in a zone can be quite helpful — a quick way to eliminate the DNS as a possible source of a problem. Here is a perl script I wrote a few years back to retrieve the SOA serial number for a given domain.

Satellite hacking Intel 1 (BACK@WAR CyberArmy friends let´s start Satellite GPS navigation hack IT WILL HV A PRICE)

  https://stackoverflow.com/questions/63010812/how-to-access-http-port-5001-from-public-internet